August 24, 2022
Twitter’s former head of security has accused the company of “extreme, egregious deficiencies” in its spam- and hacker-fighting practices, according to a whistle-blower complaint, reports The New York Times.
The complaints by Peiter Zatko, the former executive, said that the shortcomings in enforcing security, privacy, and content moderation policies dated to 2011.
Zatko, a well-known hacker who is known in the security community as Mudge, joined Twitter in late 2020 and was terminated by the company in January of this year.
Zatko accuses Twitter, its CEO Parag Agrawal, and other executives and directors of “extensive legal violations,” including making misleading statements to users, misrepresentations to investors and acting with “negligence and even complicity” toward efforts by foreign governments to infiltrate the platform, according to the complaint filed with the SEC, which was obtained by The New York Times.
The allegations come at a perilous time for Twitter, which is locked in a legal battle with Elon Musk over his efforts to walk away from a $44 billion agreement to acquire the social media company. Twitter has sued Musk to force him to close the deal, and the two sides are set to go to trial at the Delaware Chancery Court in October.
The complaints put forward by Zatko and Musk are in some ways similar—focusing on the number of fake users on Twitter’s website. Musk claims that Twitter’s public disclosures about those figures are materially misleading.
Perhaps most damaging, if true, is Zatko’s allegation that Twitter is in violation of its 2011 settlement with the FTC over its safeguarding of user information. The agency had accused Twitter of “serious lapses” in data security that “allowed hackers to obtain unauthorized administrative control of Twitter” including the ability to send out phony tweets.
A spokesperson for Twitter said Zatko was fired for ineffective leadership and poor performance. “What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context,” she said.
“Zatko’s allegations and opportunistic timing,” she said, “appear designed to capture attention and inflict harm on Twitter, its customers, and its shareholders. Security and privacy have long been companywide priorities at Twitter and will continue to be.”
Research contact: @nytimes