Peiter Zatko, the former Twitter security chief who accused the company of negligence with privacy and security in a whistleblower complaint, will testify before Congress on Tuesday.
Zatko is well-respected in cybersecurity, which gives his complaints extra weight. But so far, he has little documentary support for his claims — unlike the Facebook whistleblower, Frances Haugen, whose complaint last year included troves of internal documents from the company now called Meta.
Zatko’s accusations also play into Tesla CEO Elon Musk’s battle with Twitter to get out of his $44 billion bid to buy the company. The Delaware judge overseeing that case has ruled that Musk can include new evidence related to Zatko’s allegations in the high-stakes trial on 17 October.
Twitter calls Zatko’s description of events “a false narrative.”
Who is Peiter Zatko?
Better known by his hacker handle “Mudge,” Zatko is a highly respected cybersecurity expert who first gained prominence in the 1990s and later worked in senior positions at the Pentagon’s Defence Advanced Research Agency and Google.
He joined Twitter at the urging of then-CEO Jack Dorsey in late 2020, the same year the company suffered an embarrassing security breach in which hackers broke into the Twitter accounts of world leaders, celebrities, and tech moguls — including Musk — in an attempt to scam their followers out of bitcoin. Zatko served as Twitter’s security chief until he was fired early this year.
What are his accusations against Twitter?
According to a whistleblower complaint filed with US officials, Zatko alleges that the company misled regulators about its poor cybersecurity defenses and negligence in attempting to root out fake accounts that spread disinformation.
Zatko’s most serious accusations are that Twitter violated the terms of a 2011 Federal Trade Commission (FTC) settlement by falsely claiming that it had put more robust measures in place to protect the security and privacy of its users. Zatko also accuses the company of deceptions involving its handling of “spam” or fake accounts. This allegation is at the core of Musk’s attempt to back out of the Twitter takeover.
His 84-page complaint alleges that he found “extreme, egregious deficiencies” on the platform, including issues with “user privacy, digital and physical security, and platform integrity/content moderation.”
Why is he going before Congress?
US lawmakers are anxious to hear from Zatko and his allegations that the influential social network misled regulators about its cyber defenses and efforts to control fake accounts. Tuesday’s Senate Judiciary Committee hearing will be the first, but it might not be the last.
The Judiciary Committee’s chairman, Senator Dick Durbin, D-Ill, and its senior Republican, Senator Chuck Grassley, R-Iowa, said in a joint statement last month that if Zatko’s claims are accurate, “they may show dangerous data-privacy and security risks for Twitter users around the world.”
They said the panel “will investigate this issue further with a full committee hearing … and take further steps as needed to get to the bottom of these alarming allegations.”
What’s expected from the hearing?
With the midterm elections looming in early November, many lawmakers may wish to appear before TV cameras expressing concern about online privacy, an issue that resonates with consumers. That means camera lights glaring and outrage thundering from elected representatives as a lone whistleblower stands and takes the oath behind a table with photographers. This scene would mirror former Facebook product manager Frances Haugen’s testimony late last year.
What’s less clear is whether Congress will take concrete steps to address Zatko’s allegations.
While lawmakers have held numerous hearings questioning Big Tech executives over privacy, security, competition, and other matters, efforts to regulate the companies on a federal level have stalled.
The Securities and Exchange Commission is also questioning Twitter about how it counts fake accounts on its platform. In June, the securities regulators asked the company about its methodology for calculating the number of false or spam accounts and “the underlying judgments and assumptions used by management.”
The numbers are essential to Twitter’s business because it uses metrics for actual users to attract advertisers, whose payments make up more than 90 percent of its revenue.
Twitter, with an estimated 238 million daily active users, said last month that it removes one million spam accounts daily.
Senior members of the Senate Intelligence and Commerce committees and the House Energy and Commerce panel have publicly signaled their engagement on the issue. The Senate Intelligence Committee is planning a meeting with Zatko to discuss his allegations, a spokeswoman said, adding, “We take this matter seriously.”
Senator Richard Blumenthal, a Connecticut Democrat, has called on the FTC to investigate.