Former Twitter Security Chief Accuses the Company is Misleading Behavior Around Bots, Data Security and More
Twitter’s nightmare 2022 continues to get worse, with former security advisor Peter Zatko, also known as ‘Mudge’, leveling a range of allegations against his former employerincluding the suggestion that Twitter executives deceived federal regulators, deliberately mislead the company’s own board, and in a more immediately pressing element, lied about the presence of bots and spam on the service.
Which, of course, is the core of Elon Musk’s complaint against Twitter, and why he’s now seeking to exit his $44 billion Twitter takeover deal. Will Mudge’s testimony on this element sway the balance more in Musk’s favor in this respect?
This is just one of the key considerations of Mudge’s complaint, which has been filed with the SEC, the Department of Justice, and the FTC for further action.
Mudge, a well-respected web security expert, who was employed by Twitter between late 2020 and early this year, was initially brought into the company by former CEO Jack Dorsey, in the wake of the platform’s biggest ever hack, which saw the accounts of Barrack Obama, Joe Biden, and more taken over by a group of teenage fraudsters.
Dorsey, who respected Mudge’s history and experience, reached out to him, and asked him to ‘help the world’ by fixing Twitter’s security, and improving the public conversation.
But Mudge says that his work was constantly hampered by Twitter’s executives, who were more driven by public perception than actually serving the platform and its users.
Among Mudge’s accusations:
- Twitter failed to prioritize the protection of sensitive user data, leaving many public figures, as well as dissidents, at personal risk, even after the 2020 hack
- The company prioritized user growth over reducing spam, with executives incentivized by significant individual bonuses if the mDAU count kept going up
- Mudge says that he warned colleagues that the company’s servers were running out-of-date and vulnerable software, but nothing was done to address this
- Twitter executives withheld data about the number of breaches and lack of protection for user data, ‘instead presenting directors with rosy charts measuring unimportant changes’.
- Mudge believes that the Indian government had forced Twitter to put one of its agents on the payroll, providing them with direct access to user data at a time of intense protests in the country
- Twitter’s repeatedly failed to erase data on users who’ve explicitly requested such, due to flawed processes which meant that no central database could control such
- Mudge says that around half of Twitter’s 7,000 full-time employees had wide access to the company’s internal software and that access was not closely monitored
In response, Twitter has said that Mudge’s testimony is ‘riddled with inaccuracies’, while accusing Mudge of ‘seeking to inflict harm on Twitter, its customers, and its shareholders’ due to his being fired from the company, which, Twitter says, related to poor performance and leadership.
But it’ll be impossible for Twitter to dismiss the accusations completely, and again, with Elon Musk looking to exit his Twitter deal based on the company’s misleading statements on bots and spam, this can only help to support his case.
Musk tweeted this in response to the whistleblower release:
The FTC, meanwhile, says that it’s now reviewing the new allegations, while the Senate Intelligence Committee is seeking to meet with Mudge further discuss his accusations.
It continues a horror run for Twitter CEO Parag Agrawal, who, since taking over the top job from Dorsey, has had to deal with one high-profile controversy after another, while also trying to re-shape the company into the one that he wants to lead.
Thus far, Agrawal has not exactly received glowing reviews from former staff, and it’ll be interesting to see if Dorsey and former product chief Kayvon Beykpour, who was also dismissed my Agrawal earlier this year, are questioned about Agrawal’s leadership as part of the upcoming Musk/Twitter court trial.
That could end up forming a key part of Musk’s case against the app. If Musk and Co. can establish that Twitter has a culture of secrecy, and is willing to mislead everyone, including its own board, about the extent of its problems, then it could well be viable that Twitter has indeed deliberately misled the market about the presence of bots on the platform.
As a reminder, Twitter says that bot accounts make up only 5% of its active 238 million ‘monetizable daily active users’, which is a custom metric that Twitter introduced in 2019 to more accurately represent its actual ad reach.
As explained by Twitter at the time:
“Monetizable DAUs are Twitter users who log in and access Twitter on any given day through twitter.com or our Twitter applications that are able to show ads.”
The intent of mDAU is to represent potential ad reach, not just users in general, which then gives the market a more accurate perspective on the company’s potential financial performance.
But Twitter’s method for measuring bots only sees the company sample 100 active accounts per day, amounting to 9k accounts examined every quarter. That’s the equivalent of 0.0038% of Twitter’s mDAU figure.
Which seems like a fractional amount, and if Musk and Co. can embed the idea that Twitter has only used this measure as a means to platate the market, and indeed its own board, in alignment with these broader disclosure trends, that could be a significant blow in Twitter’s defense.
Or worse, Twitter could also face penalties ‘in the hundreds of millions of dollars‘ if these accusations are proven accurate. That may well constitute Material Adverse Effect, which is the very clause that Musk’s team is seeking to use to exit the deal.
Which then raises the question – was Mudge prompted by Musk’s team to release his statements at this time?
Mudge has stated that he has had no contact with Musk or his team, but Musk had since requested a briefing from Mudge on his experience.
Either way, it’s a major blow for Twitter, in general terms, given the potential penalties that could follow, but also with respect to the Musk deal, and the billions of dollars on the line for the app.
If nothing else, it paints a clear picture of dysfunction at the app, which is another element of Musk’s concerns with the company.
Again, 2022 has not been great for Twitter, and it looks set to get much worse yet.