Twitter’s former head of security files whistleblower complaint over spam, privacy issues

Twitter Inc

TWTR -7.23%

The former security chief filed a whistleblower complaint against the company just weeks before the social networking site accused it of failing to protect sensitive user data and lying about its security issues. A courtroom fight with

Elon Musk.

Peter Zatko, who was fired as Twitter’s security chief earlier this year, filed a complaint with the Securities and Exchange Commission last month, according to a representative of the organization Whistleblower Aid. His submission states that he “exhibited serious, egregious deficiencies with Twitter in every area of ​​his mandate,” including privacy, digital and physical security, platform integrity and content moderation.

Mr. Jatco claims Twitter executives, including chief executive Barak Agarwal, deliberately downplayed the prevalence of spam on the platform. Those claims, Mr. That will make Twitter’s war with Musk even more complicated The company sued To be implemented in July A $44 billion acquisition deal. Mr. Musk has accused Twitter of misrepresenting his business, particularly in relation to Status of spam or bot accounts– Says Twitter denies.

A A five-day uninterrupted trial It will start in October.

The existence of a whistleblower complaint was reported earlier The Washington Post And CNN.

A Twitter spokesperson, Mr. Zatko said he was fired for “ineffective leadership and poor performance” and that the complaint “contains inconsistencies and inaccuracies and lacks critical context.”

Mr. Musk’s lawyer said: “We have already served a subpoena for Mr. Zatko and we have seen him leave and other key employees.”

Twitter shares fell About 5% in intraday trading on Tuesday.

A former hacker known as “Mudge”, Mr. Zatko has been a computer-security researcher for decades. He was a member of the Boston Cybersecurity Committee, which rose to prominence in 1998 when it provided warnings about the state of national cyber security in testimony to the US Senate. During a Senate hearing, the group told lawmakers it could shut down the Internet in 30 minutes.

He was hired by Twitter in late 2020 after a career that included other corporate roles.

John Dye, founder of Whistleblower Aid, said Mr. Jatko approached the nonprofit in early March through Signal, an encrypted messaging app. Mr. Jatko, Mr. Having never met or spoken to Musk, Mr. Musk’s team, Mr. Mr. Jatko said he had not contacted the nonprofit about the complaint. Ty said.

“He sees this whistle-blowing as a last resort,” said Mr. Tie Mr. Said about Jatko. “He obviously worked hard within the company, used internal channels, and ultimately ended up being a whistleblower.”

Mr. Jatco was brought to Twitter by co-founder Jack Dorsey A teenager’s top hack Ignored the company’s securities regulations. According to the complaint, Mr. Dorsey “specifically hired Mudge for his reputation of speaking truth to power”.

However, Mr. Dorsey was only at the company sporadically, and the new hire—who had hundreds of employees reporting to him—soon became overwhelmed with the task at hand, according to the complaint. At one point, Mr. Agarwal told his team, “Twitter has 10 years of unpaid security bills,” according to the complaint.

Mr. The relationship between Jatko and Twitter’s leadership soured in the months that followed, both sides say. Mr. Zatko helped, which other executives undermined, according to the complaint, which Mr. Jatco was told by a Twitter lawyer that the changes were intended to cover up findings. They leak internally or externally.

The complaint also raises concerns about Twitter’s ties to foreign governments and says the company may have foreign spies on its payroll. Mr. It says Jatco believes. India’s embassy in Washington did not immediately respond to a request for comment.

Earlier this month, a former Twitter employee Found guilty He was indicted by a U.S. jury on espionage for Saudi Arabia from 2013 to 2015 when he worked for the company in exchange for hundreds of thousands of dollars in exchange for sending private user information linked to critics of the kingdom.

However, much of the complaint deals with fake or spam accounts, which Mr. Musk got attention.

such as

Tesla Inc.

CEO, Mr. Jatko alleges that Twitter miscounts such users by focusing only on monetizable daily users, or MDAUs, rather than all daily users. The former category only counts accounts that intend to view the ad.

“Millions of active accounts are not considered ‘mDAU’ either because they are spam bots or because Twitter doesn’t believe they can monetize them,” Mr. Jatko’s complaint states. “These millions of non-mDAU accounts are part of the average user’s experience on the platform.”

Twitter has said it has a system for measuring users and spam that involves multiple human reviews of thousands of accounts at random over time.

Mr. In Jatko’s complaint, he said he tried to formally raise his concerns with Twitter’s board, but Mr.

In a Tuesday memo to employees about the whistleblower complaint, Mr. Aggarwal said: “While Mudge was held responsible for many aspects of this work, he is now misrepresenting himself more than six months after being fired. .” Mr. Aggarwal defended Twitter’s work on privacy and security, while saying that the focus brought on the company by the complaint would make its work difficult. “We will pursue all avenues to protect our integrity as an organization and set the record straight,” he said.

Twitter reached an agreement with the Federal Trade Commission in 2011 to maintain stricter security, including limiting the number of employees with access. Its main security and privacy controls. Mr. Jatco alleges breach of that agreement. The FTC did not respond to a request for comment.

Copies of the complaint have been sent to the Senate Judiciary and Intelligence committees, aides to each committee said.

Democrats and Republicans have raised concerns about how Twitter and other social media companies use and protect customer data in recent years, and have considered legislation that would require the companies to adhere to certain data transparency or security standards. “If these claims are accurate, they could present serious data privacy and security risks to Twitter users around the world,” said Judiciary Committee Chairman Sen. Dick Durbin (D., IL) said in a statement.

Corrections & Amplifications
Barak Agarwal is the CEO of Twitter. An earlier version of this article misspelled his last name as Aggarwal. (Corrected on Aug. 23)

Write to Sarah E. at [email protected] Needleman

Copyright ©2022 Dow Jones & Company, Inc. All rights reserved. 87990cbe856818d5eddac44c7b1cdeb8

Leave a Reply

Your email address will not be published.