Twitter Security Chief and whistleblower Peiter ‘Mudge’ Zatko testified before Congress regarding Twitter’s privacy and security risks. This testimony provided Elon Musk with more evidence in his legal battle regarding his Twitter takeover. Elon Musk has been given a deadline by the judge to conclude his Twitter deal and resolve any open issues by 28 October. The US government is threatening a national security review of Musk’s takeover and other Musk ventures.
Lena Krikorian, 27 October 2022
Peiter ‘Mudge’ Zatko, former hacker and Twitter Security Chief (Head of Security) warned that Twitter is filled with security threats. He described the situation as a “ticking bomb of security vulnerabilities.” “This is a big deal for all of us. They don’t know what data they have, where it lives and where it came from and so, unsurprisingly, they can’t protect it. It doesn’t matter who has keys if there are no locks”. After being fired as Head of Security of Twitter early this year, Zatko filed a whistleblower complaint to the United States Congress, as well as the US Justice Department, the Federal Trade Commission (FTC) and the Securities and Exchange Commission (SEC).
On 13 September, former Twitter security chief Peiter “Mudge” Zatko began testifying in front of the US Senate Judiciary Committee. In his congressional testimony, whistleblower Zatko revealed all of Twitter’s security lapses and privacy threats and shared that Twitter suffers from weak cyber defenses and is unable to control millions of fake accounts, all of which cause national security threats.
Of all the evidence Zatko provided, the most serious was an accusation that Twitter violated the terms of a 2011 FTC settlement because it inaccurately claimed that stronger measures were implemented to protect the privacy of its users. Twitter denied the allegations and described Zatko’s recollection of events as “a false narrative… riddled with inconsistencies and inaccuracies.”
According to Bloomberg, Twitter fired Zatko in January 2022 on the grounds of poor performance, claiming that Zatko provided “a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context.”
Zatko stated that he warned CEO Parag Agrawal on countless occasions that the social media platform is filled with security and privacy challenges connected with the company’s violations of settlements with government regulators. Zatko also shared that colleagues at Twitter were unmotivated to dig deeper into the issue of how many bot and spam accounts are included in the over 230 million Twitter users.
Against this backdrop, the world’s richest man, Elon Musk, has tried to purchase the social media outlet since Summer 2022. Musk, a strong believer in freedom of speech, has stated that he is “against censorship that goes far beyond the law … If people want free speech, they will ask government to pass laws to that effect. Therefore, going beyond the law is contrary to the will of the people.”
Musk had backed out of the takeover after discovering that Twitter is filled with security threats. Musk had lawsuit with Twitter over a USD 44 billion collapsed deal to buy the social media platform citing that Twitter misled him about the company’s security threats and fake, bot-controlled accounts.
The lawsuit was put on hold on 6 October to give Musk time to finance his takeover of Twitter. Twitter wants Musk to buy the company at the original price offer. On 3 Octber Musk had announced that he revived his proposal to buy the company at the original USD 54.20 per share.
On the same day that Musk renewed his bid for Twitter, Zatko’s whistleblower filings were released, serving as potential ammunition for Musk and his legal team in its legal battle with Twitter. The filings contained books with notes of Zatko’s meetings with company counterparts while he served as Twitter’s head of security. Zatko testified that Twitter asked him to burn 10 handwritten notebooks and to delete 100 computer files.
In the unsealed filing, Musk’s lawyers stated “Twitter’s attempt to buy Mr. Zatko’s silence failed, but Twitter achieved its secondary aim of ensuring Mr. Zatko’s corroborating evidence would never come to light.” In the 3 October filing, Musk accused Twitter of ordering Zatko to destroy the evidence of the company’s mistakes as part of Zatko’s USD 7.8 million severance package. Twitter has not responded to any of the aforementioned claims, and Musk’s legal team is arguing that Twitter misled him.
Meanwhile, Twitter accused Musk’s top aide, Jared Birchall, of showing up to the 21 September pre-trial unprepared to discuss his correspondence with government regulators and data scientists with the aim of accurately assessing the extent of Zatko’s security and privacy risk assessments.
Twitter and Musk have a deadline of 28 October, set by Judge Kathleen Saint Jude McCormick of the Delaware Chancery, to complete the deal and resolve the case (Twitter v. Musk, 22-0613). Musk’s lawyers accused Twitter’s top two lawyers, Vijaya Gadde and Sean Edgett, as well as Twitter’s CEO Parag Agrawal and Chief Privacy Officer Damien Kieran, of destroying evidence in an effort to cover up the legal settlements’ violations.
Meanwhile, Musk stated he plans to explore a new business model for Twitter and limiting its content moderation. The USG for its part is considering a national security review of Musk’s takeover, citing i.a. its larga foreign stakeholders such as KSA, a major stakeholder in Amazon, Zoom, Alphabet and J.P.Morgan Chase.
Twitterati will be marking 28 October on their calendars.