Twitter whistleblower is set to testify on Capitol Hill. This is what you can expect


Twitter whistleblower Peiter “Mudge” Zatko is ready to testify before Congress Tuesday in his first public appearance since his bomb accusations against the social media company were reported last month by CNN and The Washington Post.

Lawmakers from the Senate Judiciary Committee are expected to grill Zatko over his claims that Twitter has undisclosed security and privacy vulnerabilities that could threaten users, investors and even US national security.

What Zatko says during Tuesday’s hearing could set the stage for further investigations by Congress, federal regulators and law enforcement officials. His testimony could also further complicate the legal battle over Twitter’s deal to be acquired by billionaire Elon Musk, and comes on the same day Twitter shareholders are scheduled to vote on the deal.

In a complaint sent to multiple lawmakers and government agencies in July, Zatko accused Twitter of failing to safeguard users’ personal information and exposing the most sensitive parts of its operation to too many people, including potentially foreign spies. Zatko, who was Twitter’s chief security officer from November 2020 until he was fired in January, also alleged that company executives, including CEO Parag Agrawal, deliberately misled regulators and the company’s own board about its shortcomings.

Twitter criticized Zatko and widely defended itself against the accusations, saying the disclosure paints a “false narrative” of the company. A company spokesman said Zatko was fired for “ineffective leadership and poor performance.” Zatko himself claimed in his disclosure that he was fired in retaliation for raising concerns about security vulnerabilities and alleged misrepresentations by Twitter executives to his board.

revelation news quickly goaded lawmakers and regulators in the United States and elsewhere to announce that they would be investigating his claims. Zatko has briefed some members of Congress behind closed doors, but his testimony Tuesday marks the first opportunity lawmakers have to publicly pressure Zatko to reveal more about what he witnessed at the company.

“Mr. Zatko’s allegations of widespread security failures and interference by foreign state actors on Twitter raise serious concerns,” Senators Dick Durbin and Chuck Grassley, chairman and ranking Republican of the Senate Judiciary Committee, said in a statement. statement last month announcing the hearing.

Lawmakers are likely to focus on Twitter’s alleged missteps in protecting user data, as well as Zatko’s claims that the company is vulnerable to exploitation by foreign governments and may even now have foreign spies on their payroll. Zatko has also alleged that Twitter is in violation of its 2011 consent order with the Federal Trade Commission, a claim that, if found to be true, could result in billions of dollars in fines for the company. Senior Twitter executives could also be held accountable if they are shown to have been knowingly responsible for any violations.

Musk, who is currently fighting Twitter in court to get out of a $44 billion takeover deal, is likely following Zatko’s testimony closely. Musk’s legal team sent a third letter to Twitter on Friday seeking to terminate the agreement, alleging that an alleged $7.75 million payment made to Zatko in June, before his complaint, violated the company’s obligations in the acquisition contract. The letter claimed that the payment was revealed in a Twitter court filing earlier this month. Twitter responded Monday by calling Musk’s letter “invalid and incorrect” and saying he has not violated the agreement.

Any legal obligation Zatko may have does not prevent it from making disclosures to legislators and law enforcement agencies, according to Whistleblower Aid, the organization that provides Zatko’s legal representation.

Whistleblower Aid also represented Frances Haugen, the former Facebook employee who sued the social media giant last year. Her revelations sparked numerous congressional hearings, proposed bills and changes by the company.

On Wednesday, the day after Zatko testifies, current and former Twitter officials are expected to appear. before a different panel of the Senate testify about the impact of social media on national security. Zatko’s accusations against Twitter could also figure prominently in that hearing, further focusing Washington’s attention on the embattled company.

Zatko is no stranger to Capitol Hill. In 1998, Zatko appeared before the Senate Governmental Affairs Committee as part of a panel of ethical hackers who told Congress that the technology used to access the Internet was not secure. “If you’re looking for computer security, then the Internet is not the place to be,” Zatko warned lawmakers at the time.

Now, nearly a quarter of a century later, Zatko returns to Capitol Hill to again warn about alleged insecurities on one of the world’s most influential social media platforms. Zatko, who worked at the US Department of Defense and Google before joining Twitter, is said to have a knack for explaining complex security issues to corporate executives and other laypeople, according to multiple former colleagues. That skill could come in handy when you make a public case against Twitter.

Among Zatko’s most explosive claims are allegations that about half of Twitter’s employees, including all of its engineers, have extensive access to the company’s active, live product, including real user data. He says that’s different from other big tech companies, where coding and testing is done in special, segregated environments, far from services used by consumers. Zatko also alleges that Twitter does not reliably delete the data of users who terminate their accounts, in some cases because Twitter has lost track of the information. The alleged flaws represent violations of Twitter’s 2011 FTC consent order, Zatko said.

Twitter has said that members of its engineering and product teams are allowed to access the Twitter platform if they have a specific business justification for doing so, but members of other departments such as finance, legal, marketing, sales, human resources and support, not power. Twitter has also said it has created internal workflows to ensure users know that when they cancel their accounts, the company will deactivate them and start a deletion process. But Twitter has declined to say whether it normally completes that process.

Zatko’s accusations also ask questions about Twitter’s ability to handle election-related threats ahead of the US midterm elections later this year.

The disclosure, which includes a copy of a 2021 report from a third-party consultant on Twitter’s efforts to address misinformation, accuses the company of having misaligned priorities between product and security teams and a reactive approach to misinformation and platform manipulation. For its part, Twitter says it has “a cross-functional team around the world focused on curbing the spread of misinformation and fostering an environment conducive to healthy and meaningful conversations.”

Zatko’s testimony, and any resulting action taken by lawmakers and regulators, could also have implications for the legal battle over Musk’s effort to back out of the deal he struck to buy the company.

Zatko alleges that Twitter misled Musk and the public about the number of bots on its platform, an issue that has become the focus of Musk’s effort to get out of the deal. The other allegations in his disclosure also introduce new wild cards to the fight.

Last week, a Delaware judge ruled that Musk could add to his claims in the case based on the whistleblower’s disclosure. Zatko was to be deposed by Musk’s team on Friday.

Musk claimed in a second letter that he intended to terminate the acquisition deal last month that the whistleblower’s claims, if true, would constitute additional justification that should allow him to exit the deal. In the letter, Musk’s team claimed that investigations by Congress and other foreign agencies could materially harm the company. Musk first moved to terminate the deal with Twitter in July.

Twitter rejected Musk’s letter, saying it “is based solely on statements made by a third party which, as Twitter has previously said, are riddled with inconsistencies and inaccuracies and lack material context.” The company reiterated that it intends to close the deal at the agreed price and terms.

Musk and Twitter will go to trial over the settlement in October, after the judge denied Musk’s request to delay the proceedings following Zatko’s revelation.

Leave a Comment