It’s been almost a year since Facebook whistleblower Frances Haugen burst into public consciousness with her allegations that Facebook magnified hate and discrimination. Haugen filed her grievances with the U.S. Securities and Exchange Commission (SEC), testified before Congress and then embarked on a whirlwind media tour highlighting the allegations. Last week, Twitter saw a potentially similar fact pattern emerge when a whistleblower filed a complaint with the SEC alleging that Twitter had serious security vulnerabilities. The complaint was soon leaked to the press and the whistleblower is now scheduled to testify before Congress.
Who is the Twitter Whistleblower?
The twitter whistleblower is Peiter “Mudge” Zatko, a famous hacker turned network security expert. While the term ‘hacker’ has negative connotations, there are many hackers who use their skills for good, and Zatko appears to be one of them. Back in 1995, Zatko started out helping the internet community by writing guides on how to stop malicious computer viruses. Even though the guides may be useless today, they offer a window into young Zatko’s personality. One is littered with quips indicative of the moxie of a young hacker; Zatko explains how to write a complex program, and then jokes “. . . if you couldn’t whip up that little prog you shouldprobably throw in the towel here. Maybe become a webmaster or something that requires little to no programming (or brainwave activity period).”
Zatko became a proponent of many internet security initiatives that would help prevent the spread of viruses and malware. In fact, Zatko testified before Congress in 1998 about the vulnerabilities of the internet and what that meant for the U.S. Later, in 2010, Zatko worked for the U.S. military’s advanced research and development agency (DARPA) before being hired by Twitter in 2020.
What did the Twitter Whistleblower report?
Zatko was hired by Twitter in the wake of a security scandal that saw several high-profile Twitter accounts get hacked. Zatko was hired to address security issues, but apparently he found that the Twitter’s problems ran deeper than he initially thought. In his whistleblower complaint, Zatko claims that Twitter lacks “security basics” and that these gaps led to “frequent serious security breaches, exploitation by bad actors, and infiltration by foreign governments.”
The key claims in his whistleblower report, according to Time Magazine, are as follows:
- Twitter purposely undercounts spam bots;
- Twitter is years behind other tech companies when it comes to security;
- Twitter has misled investors by violating certain IP rights;
- Twitter has allowed foreign government agents access to data;
- Twitter hired two people Zatko believes are Indian government agents; and
- Twitter CEO Parag Agrawal allowed misrepresentations to be included in presentations to board committees.
What does Twitter say?
Twitter has stated that it does not have access to the whistleblower complaint that Zatko has filed, but strongly contests the allegations that have been made public as incorrect or lacking in context. In addition, Twitter attempts to cast aspersions on Zatko himself. Twitter states that Zatko had been fired for “poor performance and ineffective leadership,” and, that the publication of the “allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders.”
Will the Whistleblower Speak Publicly About These Matters?
Yes. Zatko is scheduled to speak before Congress on Tuesday September 13th. During this hearing, Zatko will likely explain his allegations and outline why he believes the government should take action against Twitter. In addition, Zatko is likely to be subpoenaed to testify in a legal battle between Twitter and Elon Musk. That testimony is also likely to become public.
Where Can I Watch the Twitter Whistleblower Testify?
If you want to watch Zatko testify, you should be able to catch it live on CNET here at 7:00am PT / 10:00am ET on Tuesday September 13th. If you can’t wait that long, you can always watch Zatko’s previous testimony to Congress in 1998 on YouTube here.
What about his NDA?
It’s true that Zatko is likely subject to a Non-Disclosure Agreement (NDA) that prohibits him from speaking publicly about what he learnedat Twitter. However, no NDA in the U.S. can prohibit a person from reporting crimes to the U.S. government or speaking to Congress. As Zatko believes he has witnessed legal violations at Twitter, he will be able to speak about that to the U.S. government regardless of what his NDA says.
Does Going Public Benefit A Whistleblower?
Going public is a double-edged sword, and whether it will help a whistleblower depends on what the whistleblower hopes to achieve. If the whistleblower’s core objective is simply to bring the conduct to light, then going public will achieve this. However, if the whistleblower is more concerned about the government taking legal action against the company, then going public may complicate those efforts. By going public, the whistleblower might put pressure on agencies like the SEC to take action. However, government agencies that investigate legal violations do their best work when they have time to build a case and gather evidence in secret. Once the allegations become public, the company will have more time to prepare defense and it’s even possible that bad actors within the company could take steps to destroy evidence or coordinate their stories. As a result, going public with whistleblower allegations is something that has to be done with the careful consideration of a whistleblower attorney.
How Is Elon Musk Involved In All Of This?
Elon Musk is currently embroiled in a legal battle over his attempted purchase of Twitter. Musk first attempted to buy Twitter, but backed out of the deal citing the number of spam accounts on the platform. Twitter is suing Musk to force him to go through with the deal, but Musk claims that he and other investors were misled about the number of spam accounts. Zatko’s allegations go to the issue of whether investors were misled and so they are arguably relevant to Musk’s case. As a result, Musk has added some of Zatko’s claims to his lawsuit and intends to call Zatko as a witness.
About the Author
John Joy is the Managing Attorney of FTI Law, a whistleblower law firm in New York specializing in securities laws and whistleblower awards. John has worked for almost a decade on financial crime, corruption and FCPA cases around the globe. He regularly acts as an expert commentator in business and legal media on corporate crime, whistleblowing and other international corruption issues.