Ex-Twitter security chief files whistleblower complaints
Newslooks- WASHINGTON (AP)
A former head of security at Twitter has filed whistleblower complaints with U.S. officials, alleging that the company misled regulators about its cybersecurity defenses and its problems with fake accounts, according to reports by The Washington Post and CNN.
Peiter Zatko, Twitter’s security chief until he was fired early this year, filed the complaints last month with the U.S. Securities and Exchange Commission, the Federal Trade Commission and the Department of Justice. Zatko said that
Twitter has major security problems that pose a threat to its own users’ personal information, to company shareholders, to national security, and to democracy, according to an explosive whistleblower disclosure obtained exclusively by CNN and The Washington Post.
The disclosure, sent last month to Congress and federal agencies, paints a picture of a chaotic and reckless environment at a mismanaged company that allows too many of its staff access to the platform’s central controls and most sensitive information without adequate oversight. It also alleges that some of the company’s senior-most executives have been trying to cover up Twitter’s serious vulnerabilities, and that one or more current employees may be working for a foreign intelligence service.
The whistleblower, who has agreed to be publicly identified, is Peiter “Mudge” Zatko, who was previously the company’s head of security, reporting directly to the CEO. Zatko further alleges that Twitter’s leadership has misled its own board and government regulators about its security vulnerabilities, including some that could allegedly open the door to foreign spying or manipulation, hacking and disinformation campaigns. The whistleblower also alleges Twitter does not reliably delete users’ data after they cancel their accounts, in some cases because the company has lost track of the information, and that it has misled regulators about whether it deletes the data as it is required to do. The whistleblower also says Twitter executives don’t have the resources to fully understand the true number of bots on the platform, and were not motivated to. Bots have recently become central to Elon Musk’s attempts to back out of a $44 billion deal to buy the company (although Twitter denies Musk’s claims).
The Post, which obtained the complaint, reported that among the most serious accusations is that Twitter violated the terms of a 2010 FTC settlement by falsely claiming that it had a strong security plan.
Zatko didn’t immediately respond to a request for comment Tuesday but told the Post he “felt ethically bound” to come forward.
Twitter said in a prepared statement Tuesday that Zatko was fired for “ineffective leadership and poor performance” and that the “allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders.”
“What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context,” the company said.
A spokesperson for the U.S. Senate’s intelligence committee, Rachel Cohen, said the committee has received the complaint and “is in the process of setting up a meeting to discuss the allegations in further detail. We take this matter seriously.”