Why A Whistleblower Says Twitter Is A Threat To Personal And National Security

Twitter has been in the news a great deal lately; Elon Musk made a big show of planning to buy it, said he would reinstate former President Trump's banned account, and then ruffled legal feathers when trying to back out of the $44 billion deal (via New York Times). But now, Twitter is in the headlines for an even more shocking reason; an insider and whistleblower has reported to the United States government that the social media network is not only a threat to users' personal privacy and security, but also to the national security of the United States (via CNN). 

In documents obtained by The Washington Post and CNN, Peiter "Mudge" Zatko, who has agreed to be identified by the press and who was previously employed as Twitter's head of security, claims that the social media giant has greatly downplayed its own security vulnerability and has intentionally misled both its own board and government agencies.

Zatko claims that the lax security at Twitter could open a door for foreign powers to use the platform for spying purposes or manipulation tactics, and says the platform is also vulnerable to disinformation campaigns and to hackers (via CNN). The reason, he claims, is that Twitter doesn't actually know or understand how many bots have accounts on the platform, and that the executives in power are not interested in developing the resources necessary for discovering this information and taking action against it. 

Further, Zatko says that the company doesn't actually delete the data of users who cancel their accounts as it promises to do. He says this is partly because the company doesn't keep careful track of this information in order to delete it, and in some cases he claims the company has intentionally misled federal regulators about this fact, assuring them that all data is indeed deleted when an account is cancelled. 

Interestingly, one of the main reasons Elon Musk is giving for trying to back out of his massive Twitter purchase is because of the rampant presence of bots on the platform, though Twitter has categorically denied the truth of those claims. 

In January of 2022, Twitter fired Zatko for what it called poor performance, but Zatko says that after flagging these security issues internally to Twitter's board during his time at the company, he tried to help fix the vulnerabilities and what he calls years of non-compliance with a privacy agreement that Twitter had previously made with the Federal Trade Commission (via CNN). As for claims that Zatko is somehow in league with Elon Musk, Zatko's lawyer assures the public that he has never been in contact with Musk and that his whistleblowing campaign against Twitter's failures to secure data long pre-date Musk ever getting involved with Twitter. 

That said, Musk's lawyer Alex Spiro told CNN that "We have already issued a subpoena for Mr. Zatko, and we found his exit and that of other key employees curious in light of what we have been finding." In other words, while Zatko is not intentionally teaming up with Musk to call out Twitter's security risks to help Musk get out of his deal, Musk's legal team does recognize that there is overlap in what they are finding and what Zatko found while working with the social media giant.