Former Twitter Exec. Comes Forward as Whistleblower Over Security and Integrity Concerns

On Tuesday, news outlets reported that Peiter “Mudge” Zatko, Twitter’s former head of security, filed a whistleblower complaint against Twitter Inc. in July over its handling of spam accounts and user security, among other things. 

The suit, a redacted copy of which was obtained by The Washington Post, accused Twitter of hiding information from or misleading shareholders and Elon Musk, Twitter’s prospective buyer who is now locked in legal loggerheads with the company over his obligation to buy it. It also alleged that the company flouted Securities and Exchange Commission (SEC) and the Federal Trade Commission (FTC) rules.

According to the filing, submitted not only to the court system, but also to members of Congress and several agencies, Zatko was fired for doing the right thing while the company sought to hide flawed aspects of its business, including lax user privacy, mishandling of data, and inexcusable cybersecurity failures.

The complaint pointed to specific instances of misconduct including an alleged anecdote after Zatko’s departure whereby Twitter’s compliance department pressed him about his concern for CEO Parag Agrawal’s presentation of misleading materials to the company’s board. Hours after Zatko’s termination, a compliance officer wrote in an email to his personal account, “[i]f you were referring to matters not already under investigation, please let me know so we can schedule time to talk right away,” in apparent recognition of the potential compliance risks posed by the Agrawal’s conduct.

The complaint also made mention of Twitter’s ongoing dispute with the FTC over user privacy, dating back to a 2011 consent order over the extent to which Twitter maintained and protected the security and privacy of users’ non-public contact information.

Yet in May, the FTC settled allegations with Twitter over its knowing violation of that consent order. It agreed to pay a $150 million fine and make reparations. Dovetailing on the fine, private litigants have sought to hold Twitter accountable for using their emails and phone numbers for marketing purposes, rather than just for security ones.

In a section entitled, “Lying About Bots to Elon Musk,” the whistleblower complaint also said that Twitter misrepresented the number of active computer-controlled or bot accounts, a figure critical to projecting the company’s integrity, growth, and value. Per an article by The Washington Post, the whistleblower revelations could aid Musk in the upcoming five-day trial over whether he can back out of the $44 billion buyout without penalty on grounds that Twitter failed to uphold certain terms of the deal.

For his part, and in response to the whistleblower news, Musk tweeted a meme of Jiminy Cricket from the Disney cartoon “Pinocchio” with the words “Give a Little Whistle.”

Zatko is represented by Whistleblower Aid.