The Twitter tipster will testify on Capitol Hill. Here’s what to expect


Twitter whistleblower Peiter “Mudge” Zatko will testify before Congress on Tuesday in his first public appearance since his bombing allegations against the social media company were reported last month by CNN and the Washington Post.

Senate Judicial Commission lawmakers should question Zatko about his claims that Twitter has hidden security and privacy vulnerabilities that could threaten users, investors, and even U.S. national security.

What Zatko said during Tuesday’s hearing could set the stage for more thorough investigations by Congress, federal regulators and law enforcement. His testimony could also further complicate the legal battle over Twitter’s deal to be acquired by billionaire Elon Musk and comes the same day that Twitter shareholders are expected to vote on the deal.

In a whistleblower disclosure sent to multiple lawmakers and government agencies in July, Zatko accused Twitter of failing to safeguard users’ personal information and exposing the most sensitive parts of its operations to too many people, even potentially foreign spies. Zatko – who served as Twitter’s head of security from November 2020 until he was fired in January – also said that company executives, including CEO Parag Agrawal, deliberately misled regulators and the company’s board. about its shortcomings.

Twitter criticized Zatko and defended itself extensively against the allegations, saying the disclosure paints a “false narrative” for the company. A company spokesperson said Zatko was fired for “ineffective leadership and poor performance”. Zatko himself said in his disclosure that he was fired in retaliation for raising concerns about security vulnerabilities and alleged misrepresentation by Twitter executives to his advice.

News of the disclosure quickly prompted lawmakers and regulators in the United States and elsewhere to announce that they would investigate his claims. Zatko briefed some members of Congress behind closed doors, but his testimony on Tuesday marks the first chance for lawmakers to publicly push Zatko to reveal more about what he has witnessed in the company.

“Mr. Zatko’s allegations of widespread security failures and interference by foreign state actors on Twitter raise serious concerns,” Senator Dick Durbin and Chuck Grassley, president and Republican rank of the Senate Judiciary Committee, said last month. a statement announcing the hearing.

Lawmakers are likely to focus on Twitter’s alleged missteps in protecting user data, as well as Zatko’s claims that the company is vulnerable to exploitation by foreign governments and may even now have foreign spies on its payroll. . Zatko also said Twitter is violating its 2011 consent order with the Federal Trade Commission, a claim that, if true, could result in billions of dollars in fines for the company. Twitter’s top executives could also be held accountable if it was proven that they were knowingly responsible for any violations.

Musk, who is currently battling Twitter in court to get out of a $ 44 billion acquisition deal, is also likely to take a close look at Zatko’s testimony. Musk’s legal team sent a third letter to Twitter on Friday seeking to rescind the deal, claiming that an alleged $ 7.75 million payment made to Zatko in June prior to its disclosure by the whistleblower violated the deal. obligations of the company in the acquisition contract. The letter claimed the payment had been revealed in a court statement from Twitter earlier this month. Twitter responded on Monday calling Musk’s letter “invalid and illegal” and saying it did not violate the agreement.

According to Whistleblower Aid, the organization that provides Zatko’s legal representation, any legal obligations that Zatko may be subjected to does not prevent him from disclosing information to lawmakers and law enforcement.

Whistleblower Aid also represented Frances Haugen, the former Facebook employee who denounced that social media giant last year. Her revelations have led to numerous Congressional hearings, bills and changes by the company.

On Wednesday, the day after Zatko’s testimony, current and former Twitter officials are expected to appear before a different Senate panel to testify on the impact of social media on national security. Zatko’s accusations against Twitter could have a prominent place in that hearing as well, further focusing Washington’s attention on the conflicting company.

Zatko is no stranger to Capitol Hill. In 1998, Zatko appeared before the Senate Government Affairs Committee as part of a group of ethical hackers who urgently told Congress that the technology used to access the Internet was not secure. “If you are looking for computer security, the Internet is not the place to be,” Zatko warned lawmakers at the time.

Now, nearly a quarter of a century later, Zatko is returning to the Capitol to once again warn about alleged insecurities in one of the most influential social media platforms in the world. Zatko, who worked at the US Department of Defense and Google before joining Twitter, is said to have a knack for explaining complex security topics to business executives and other lay people, according to several former colleagues. That skill could come in handy as he takes a public lawsuit against Twitter.

Among Zatko’s most explosive claims are allegations that roughly half of Twitter’s employees, including all of its engineers, have extensive access to the company’s active and live product, including actual user data. This is different from other big tech companies, he says, where coding and testing occurs in special, segregated environments, away from the services used by consumers. Zatko also claims that Twitter cannot reliably delete the data of users who delete their accounts, in some cases because Twitter has lost track of the information. The alleged failures represent violations of Twitter’s 2011 FTC consent order, Zatko said.

Twitter said members of its design and product teams are allowed to access the Twitter platform if they have a specific business justification for doing so, but that members of other departments, such as finance, legal, marketing, sales, human resources, and support, can not. Twitter also said it has created internal workflows to ensure users know that when they delete their accounts, the company will deactivate the accounts and initiate a deletion process. But Twitter declined to say whether it typically completes that process.

Zatko’s allegations also raise questions about Twitter’s ability to handle election-related threats ahead of the US mid-term elections at the end of the year.

The disclosure, which includes a copy of a third-party consulting firm’s 2021 report on Twitter’s efforts to tackle disinformation, accuses the company of having misaligned priorities among product and security teams and a reactive approach to disinformation and manipulation of the platform. For its part, Twitter claims it has “a cross-functional team around the world that focuses on curbing the spread of disinformation and fostering an environment conducive to healthy and meaningful conversations.”

Zatko’s testimony – and any consequent action taken by lawmakers and regulators – could also have implications for the legal battle over Musk’s effort to back out of the deal he struck to buy the company.

Zatko claims Twitter misled Musk and the public about the number of bots on his platform, an issue that has become central to Musk’s effort to get out of the deal. The other allegations in revealing him also introduce new wildcards to the fight.

Last week, a Delaware judge ruled that Musk could add to his claims in the case based on the informant’s disclosure. Zatko was to be deposed by Musk’s team on Friday.

Musk said in a second letter in an attempt to rescind the acquisition deal last month that the whistleblower’s claims, if true, would constitute further justification that should allow him to withdraw from the deal. In the letter, Musk’s team said investigations by Congress and other foreign agencies could materially harm the company. Musk first moved to end the Twitter deal in July.

Twitter rejected Musk’s letter, saying it is “based solely on statements made by a third party which, as Twitter previously stated, are full of inconsistencies and inaccuracies and lack important context.” The company reiterated that it intends to close the deal at the agreed price and terms.

Musk and Twitter will be prosecuted for the deal in October after the judge denied Musk’s request to delay the proceedings following Zatko’s disclosure.


Leave a Reply

%d bloggers like this: