Former Twitter Exec: Company Misleads Users and Government

August 23, 2022 by Madeline Hughes
Former Twitter Exec: Company Misleads Users and Government
The Twitter icon is displayed on a mobile phone in Philadelphia, Pa., on April 26, 2017. (AP Photo/Matt Rourke, File)

WASHINGTON — A former Twitter executive made a whistleblower complaint earlier this summer that the company is misleading the government and its users about security on the social media platform.

The allegations stem from a 2011 settlement Twitter made with the Federal Trade Commission that barred the social media company from misleading its users about the “extent to which it protects the security, privacy, and confidentiality of nonpublic consumer information.”

In the decade since the settlement, Twitter has “made little meaningful progress on basic security, integrity and privacy systems” and had never been compliant with the 2011 settlement, according to the complaint filed by the company’s former security lead, Peiter Zatko.

Twitter was still not in compliance with the 2011 settlement at the time when Zatko was fired in January 2022, according to the complaint.


Zatko filed the 84-page complaint in July with the U.S. Securities and Exchange Commission, the Federal Trade Commission and the Department of Justice with the help of the nonprofit Whistleblower Aid, according to a copy obtained by The Washington Post that was released Tuesday.

The Senate Judiciary Committee has also received a copy of the complaint.

There have been calls for investigations from members on both sides of the aisle since the complaint has been revealed.

“Take a tech platform that collects massive amounts of user data, combine it with what appears to be an incredibly weak security infrastructure and infuse it with foreign state actors with an agenda, and you’ve got a recipe for disaster,” said Sen. Chuck Grassley, R-Iowa, ranking member of the Judiciary Committee, in an email statement. “The claims I’ve received from a Twitter whistleblower raise serious national security concerns as well as privacy issues, and they must be investigated further.”

Sen. Ed Markey, D-Mass., also wrote a letter to the Department of Justice and FTC asking them to look into the complaint Tuesday.

“This blithe disregard for user data and FTC settlements cannot stand. I strongly urge the federal government to investigate Zatko’s claims and, if necessary, take strong and swift action against Twitter to ensure Twitter user data is properly protected,” Markey wrote.

Twitter told The Associated Press the complaint is “a false narrative” that is “riddled with inconsistencies and inaccuracies and lacks important context.” It said Zatko’s “allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders.” 

The complaint comes at a difficult time for the company as it prepares to go to trial with Elon Musk, hoping to enforce his purchase agreement to buy the company for $44 billion. Earlier this year Twitter also made another settlement with the FTC for $150 million after being accused of improperly using consumer data to target advertisements.

Social media companies in general are facing more scrutiny over user data privacy, including the FTC looking to make stronger data privacy rules and Congress working on bipartisan bicameral privacy legislation that has passed out of committee.

The Complaint


In the complaint, Zatko tells the story of how Twitter’s CEO Jack Dorsey recruited him after teenagers hacked the accounts of former President Barack Obama, then-presidential candidate President Joe Biden and other influential people soliciting bitcoin, which “triggered a global security incident,” according to the complaint.

One of his main tasks was creating a report looking into the company’s failures.

Zatko turned into a well-regarded cybersecurity professional, working for the U.S. Defense Advanced Research Projects Agency.

The report was highly critical, warning the company could be susceptible to an “Equifax-level” hack.

Security issues lie within the “fundamental architecture” of the platform, according to the complaint. Specifically, too many Twitter staff — about half of the 10,000-plus members — are given too much access to anyone’s account, Zatko said.

That level of access granted to the social media company’s employees created an “anomalously high rate of security incidents — approximately one security incident each week serious enough that Twitter was required to report it to government agencies,” according to the complaint.

When it came time to present his findings, Zatko was met with “defensiveness and denial” from the company’s CEO Parag Agrawal, according to the complaint. Zatko also alleged that Agrawal committed fraud through various statements and failed to take the report seriously.

Zatko’s whistleblower complaint also laid out other security risks about disinformation and attempts by foreign governments to become involved with the company.

Twitter also prioritized growth over spam reduction by offering executives up to $10 million bonuses for increasing the number of daily users, according to the complaint.

The company also misled regulators in Ireland and France, Zatko alleged.

Even after he was fired, Zatko continued working on reporting the security and fraud issues outlined in the complaint with Twitter’s chief compliance officer, according to the complaint. 

Overall, he took the job because he saw Twitter as a “critical public resource” and wanted to help create better change, according to the complaint. 


However, without seeing those changes, “with a heavy heart, … [Zatko] has concluded that these lawful disclosures are his ethical obligation,” the complaint said.

Madeline can be reached at [email protected] and @MadelineHughes

A+
a-

In The News

Health

Voting

Social Media

September 28, 2022
by Dan McCue
Mining Social Media Provides Insight Into Mental Health and Treatment Outcomes

DUBLIN, Ireland — Real-world evidence drawn from social media can provide treatment providers with enhanced insights into how a patient’s... Read More

DUBLIN, Ireland — Real-world evidence drawn from social media can provide treatment providers with enhanced insights into how a patient’s mental health will impact the management of chronic conditions such as gout, a new study says. The research was funded and carried out by the Irish... Read More

September 13, 2022
by Tom Ramstack
Twitter Whistleblower Describes Widespread Data Security Lapses

WASHINGTON — A former Twitter computer security manager revealed broad mishandling of private data at the social media platform during... Read More

WASHINGTON — A former Twitter computer security manager revealed broad mishandling of private data at the social media platform during a Senate hearing Tuesday. He said the lax security endangered the private information of users and potentially of national security. Whistleblower Peiter “Mudge” Zatko filed a... Read More

September 8, 2022
by Madeline Hughes
Court Documents: Facebook Doesn’t Know What Data It Collects

WASHINGTON — Facebook’s user data is scattered throughout its system in such a way no one person could detail exactly... Read More

WASHINGTON — Facebook’s user data is scattered throughout its system in such a way no one person could detail exactly what information the social media company collects on an individual. This is according to recently unsealed court documents from the California-based lawsuit against Facebook for the... Read More

September 7, 2022
by Madeline Hughes
Building the Market Solution: ‘Clean Social Media’

WASHINGTON — Nearly two decades on social media and the issues of misinformation and harassment are glaring, according to Appu... Read More

WASHINGTON — Nearly two decades on social media and the issues of misinformation and harassment are glaring, according to Appu Esthose Suresh, the founder and chief executive of Pixstory. He’s one of the many social media company founders working to fix the issues of misinformation and... Read More

August 25, 2022
by Madeline Hughes
Legislators Demand Answers in Wake of Twitter Whistleblower

WASHINGTON — In the days since a leaked whistleblower complaint alleged Twitter misled its users and government officials for more... Read More

WASHINGTON — In the days since a leaked whistleblower complaint alleged Twitter misled its users and government officials for more than a decade on safety and security features, its CEO Parag Agrawal, is facing questions from Congress. The whistleblower is also set to testify in September.... Read More

August 23, 2022
by Madeline Hughes
Former Twitter Exec: Company Misleads Users and Government

WASHINGTON — A former Twitter executive made a whistleblower complaint earlier this summer that the company is misleading the government... Read More

WASHINGTON — A former Twitter executive made a whistleblower complaint earlier this summer that the company is misleading the government and its users about security on the social media platform. The allegations stem from a 2011 settlement Twitter made with the Federal Trade Commission that barred... Read More

News From The Well
scroll top