Twitter whistleblower to testify on Capitol Hill. Here’s what to expect
Twitter whistleblower Peiter “Mudge” Zatko is set to testify before Congress on Tuesday in his first public appearance since his explosive allegations against the social media company were reported last month by CNN and the Washington Post.
Lawmakers on the Senate Judiciary Committee are expected to question Zatko about his claims that Twitter has undisclosed security and privacy vulnerabilities that could threaten users, investors and even U.S. national security.
What Zatko says in Tuesday’s hearing could lay the groundwork for further investigations by Congress, federal regulators and law enforcement officials. His testimony could also further complicate the legal battle over billionaire Elon Musk’s deal to acquire Twitter, and comes the same day Twitter shareholders are due to vote on the deal.
In a whistleblower sent to multiple lawmakers and government agencies in July, Zatko accused Twitter of failing to protect users’ personal information and exposing the most sensitive parts of its operation to too many people, potentially including foreign spies. . Zatko – who was Twitter’s chief security officer from November 2020 until his firing in January – also alleged that company executives, including CEO Parag Agrawal, deliberately misled regulators and its own board. directors of the company on its shortcomings.
Twitter slammed Zatko and broadly defended itself against the allegations, saying the disclosure paints a “false narrative” by the company. A company spokesperson said Zatko was fired for “ineffective leadership and poor performance.” Zatko himself argued in his disclosure that he was fired in retaliation for raising concerns about security vulnerabilities and alleged misrepresentations by Twitter executives to his board.
News of the disclosure quickly prompted lawmakers and regulators in the United States and elsewhere to announce that they would investigate his allegations. Zatko briefed some members of Congress behind closed doors, but his testimony on Tuesday marks the first opportunity for lawmakers to publicly push Zatko to disclose more about what he witnessed at the company.
“Mr. Zatko’s allegations of widespread security breaches and interference by foreign state actors on Twitter raise serious concerns,” said Sens. Dick Durbin and commission chairman and top Republican Chuck Grassley. Senate Judiciary, in a statement last month announcing the hearing.
Lawmakers are likely to focus on Twitter’s alleged missteps in protecting user data, as well as Zatko’s claims that the company is vulnerable to exploitation by foreign governments and could even now having foreign spies on his payroll. Zatko also alleged that Twitter violated its 2011 consent order with the Federal Trade Commission, a claim that, if true, could result in billions of dollars in fines for the company. Senior Twitter executives could also be held liable if it is proven that they were knowingly responsible for any violations.
Musk, who is currently fighting Twitter in court to back out of a $44 billion acquisition deal, is also likely to be watching Zatko’s testimony closely. Musk’s legal team sent a third letter to Twitter on Friday demanding the deal be terminated, saying an alleged $7.75 million payment made to Zatko in June, before it was disclosed to the whistleblower, violated the company’s obligations in the acquisition contract. The letter claimed the payment was revealed in a filing filed by Twitter earlier this month. Twitter retaliated Monday by calling Musk’s letter “invalid and unlawful” and saying it did not violate the agreement.
According to Whistleblower Aid, the organization providing legal representation for Zatko, any legal obligations to which Zatko might be subject do not prevent him from making disclosures to lawmakers and law enforcement.
Whistleblower Aid also represented Frances Haugen, the former Facebook employee who exposed the social media giant last year. His revelations prompted numerous congressional hearings, proposed bills, and changes by society.
On Wednesday, the day after Zatko’s testimony, current and former Twitter officials are expected to appear before another Senate panel to testify to the impact of social media on national security. Zatko’s allegations against Twitter could also feature prominently in this hearing, drawing more Washington’s attention to the beleaguered company.
Zatko is no stranger to Capitol Hill. In 1998, Zatko appeared before the Senate Committee on Governmental Affairs as part of a panel of ethical hackers who urgently told Congress that the technology used to access the Internet was insecure. “If you’re looking for computer security, the internet is not the place to be,” Zatko warned at the time.
Now, nearly a quarter century later, Zatko returns to Capitol Hill to once again warn about alleged insecurities on one of the world’s most influential social media platforms. Zatko, who worked at the US Department of Defense and Google before joining Twitter, is said to have a knack for explaining complex security topics to business executives and other laypeople, according to several former colleagues. This skill could come in handy as he publicly argues against Twitter.
Among Zatko’s most explosive claims are claims that roughly half of Twitter’s employees, including all of its engineers, have extensive access to the company’s active, live product, including real user data. That’s unlike other big tech companies, he says, where coding and testing takes place in special environments separate from the services consumers use. Zatko also alleges that Twitter fails to reliably delete data from users who cancel their accounts, in some cases because Twitter lost track of the information. The alleged failures represent violations of Twitter’s 2011 FTC consent order, Zatko claimed.
Twitter said members of its engineering and product teams are allowed access to Twitter’s platform if they have a specific business justification for doing so, but members of other departments – such as finance, legal, marketing, sales, human resources and support – can’t. Twitter also said it created internal workflows to ensure users know that when they cancel their accounts, the company will deactivate the accounts and initiate a deletion process. But Twitter declined to say whether it generally completes this process.
Zatko’s allegations also raise questions about Twitter’s ability to handle election-related threats ahead of the US midterm elections later this year.
The disclosure — which includes a copy of a third-party consulting firm’s 2021 report on Twitter’s efforts to combat misinformation — accuses the company of having misaligned priorities between product and security teams and a reactive approach to misinformation and manipulation of the platform. For its part, Twitter says it has “a cross-functional team around the world focused on combating the spread of misinformation and fostering an environment conducive to healthy and meaningful conversation.”
Zatko’s testimony – and any action lawmakers and regulators take as a result – could also have implications for the legal battle over Musk’s efforts to walk away from the deal he struck to buy the company.
Zatko alleges that Twitter misled Musk and the public about the number of bots on its platform — an issue that has become central to Musk’s efforts to get out of the deal. The other allegations in his disclosure also introduce new wildcards into the fight.
Last week, a Delaware judge ruled that Musk could add to his allegations in the case based on the whistleblower’s disclosure. Zatko was due to be dropped off by Musk’s team on Friday.
Musk claimed in a second letter attempting to end the acquisition deal last month that the whistleblower’s claims, if true, would constitute further justification that should allow him to exit the deal. In the letter, Musk’s team claimed that investigations by Congress and other foreign agencies could significantly harm the company. Musk first decided to end the deal with Twitter in July.
Twitter pushed back on Musk’s letter, saying it is “based solely on statements made by a third party which, as Twitter has previously stated, are riddled with inconsistencies and inaccuracies and lack significant context.” The company reiterated its intention to close the deal at the agreed price and terms.
Musk and Twitter are set to go on trial for the deal in October, after the judge denied Musk’s request to delay proceedings following Zatko’s disclosure.