On Tuesday, the internet erupted with news about a man called Mudge. Otherwise known as Peiter Zatko, he’s a hacker and Twitter’s former head of security, who just accused the social media giant of “extreme, egregious deficiencies” in its security enforcement, and privacy and content moderation practices.
In a weighty 200-page disclosure sent last month to Congress and federal agencies, Zatko describes Twitter in detail as a mismanaged and chaotic company that does not take proper precautions to understand or deal with the sensitive personal information it collects from millions of users across the globe.
When speaking with CNN’s Donie O’Sullivan, Zatko compared Twitter to a wild plane ride in which the pilots (or executives) give every passenger (or workers) control of the cockpit (or our personal information).
Zatko also accused the company of an inability to measure the amount of bots on the platform, and of having one or more current employees working for foreign intelligence services. He also said Twitter’s most-senior executives, like CEO Parag Agrawa, have attempted to cover up its vulnerabilities.
Is anyone having flashbacks to last October, when Francis Haugen testified against Meta’s (then-Facebook) disturbing internal knowledge of manipulating and damaging the mental health of underage users with Instagram, among many other charges?
Maybe Mudge is taking Haugen’s spot in the world of popularized whistleblowers, going after another tech giant, not for putting teens at risk, per se, but all of us. Twitter’s mismanagement, Mudge argues, is so grave that it could be devastating to national security and democracy.
Certain vulnerabilities, he says, may open the door to foreign spying or manipulation, hacking and disinformation campaigns.
Because Zatko got the boot from Twitter in January, the timing of his attack could be construed as vicious or vengeful.
A Twitter spokesperson went on the defensive: “What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context,” she said. “Mr. Zatko’s allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders. Security and privacy have long been companywide priorities at Twitter and will continue to be.”
In 2011, Twitter entered a settlement with the Federal Trade Commission after the agency accused Twitter of “serious lapses” in data security that “allowed hackers to obtain unauthorized administrative control of Twitter.”
(Remember “Weinergate,” in which then-Congressman Anthony Weiner began tarnishing his reputation by sending lewd photos? He first claimed that they were actually sent by a Twitter hacker.)
Twitter was barred for 20 years from “misleading consumers about the extent to which it protects the security, privacy and confidentiality of nonpublic consumer information, including the measures it takes to prevent unauthorized access to nonpublic information and honor the privacy choices made by consumers.”
In May, the FTC and Justice Department fined Twitter $150 million for violating the settlement after the company didn’t admit to users that their information was being used to help marketers target ads.
If Mudge––who said Twitter “had never been in compliance” with the consent decree––isn’t fudging the truth, then Twitter could very well be screwed.Especially since it's also in the middle of a contentious lawsuit with billionaire Elon Musk, a case set to go to trial in the Delaware Chancery Court in October.