• AML
  • Qui Tam
  • SEC
  • CFTC
  • FCPA
  • FAQS
Subscribe
Donate
No Result
View All Result
Whistleblower Network News
The Truth at Any Cost.
Qui Tam, Compliance and Anti-Corruption News.
Whistleblower Network News
No Result
View All Result
Home Corporate

A Company “Driven By Crises” — Twitter Whistleblower Peiter Zatko Testifies Before Senate Committee

Ana PopovichbyAna Popovich
September 17, 2022
in Corporate
Reading Time: 9 mins read
Washington, DC, USA - July 18, 2017: A United States Senate committee hearing room. The United States Senate is the upper chamber of the United States Congress.
Share on TwitterShare on FacebookShare on LinkedInEmail

On September 13, Twitter whistleblower Peiter Zatko testified before the Senate Judiciary Committee about his allegations that the social media platform has “egregious deficiencies” in its cybersecurity defenses. During the hearing, Zatko fielded questions from members of the Committee about foreign agents infiltrating the platform, Twitter employees’ level of access to user data, company culture at the tech giant, and more.

Background

Zatko, also known as “Mudge,” worked as Twitter’s “head of security from November 2020 until January 2022. He filed whistleblower complaints with the U.S. Securities and Exchange Commission (SEC), Federal Trade Commission (FTC), and Department of Justice (DOJ) in July 2022,” according to prior WNN reporting. Zatko alleges that the company misled users and regulators like the Federal Trade Commission (FTC) about privacy and security on the platform. Read more about the allegations here.

Zatko’s disclosures have also been thrust into Elon Musk’s legal battle with Twitter: the Tesla and SpaceX CEO subpoenaed Zatko on August 29 and asked for more information about allegations pertaining to bot accounts on Twitter. “The issue of bot accounts has been contentious in Musk’s initial deal to buy Twitter for $44 billion and then subsequent backing out of the deal,” WNN reported. On September 7, a judge ruled that Musk can use Zatko’s allegations in his legal case against Twitter but cannot push back the date of the trial, which will remain October 17.

Register for National Whistleblower Day

Zatko’s Allegations and the Risks of Whistleblowing

“For 30 years, my mission has been to make the world better by making it more secure,” Zatko said in his opening statement before the Senate Committee. “I’m here today because Twitter leadership is misleading the public, lawmakers, regulators, and even its own Board of Directors. What I discovered when I joined Twitter was that this enormously influential company was over a decade behind industry security standards.”

“The company’s cyber security failures make it vulnerable to exploitation, causing real harm to real people,” Zatko continued. “And when an influential media platform can be compromised by teenagers, thieves, and spies and the company repeatedly creates security problems on their own, this is a big deal for all of us.”

In his opening remarks, Zatko highlighted the risks he took blowing the whistle and the challenges of raising concerns from the inside of the company. “When I brought concrete evidence of these fundamental problems to the executive team and repeatedly sounded the alarm of the real risks associated with them – and these were problems brought to me by the engineers and employees of the company themselves – the executive team chose instead to mislead its board, shareholders, lawmakers, and the public instead of addressing them,” Zatko said.

“Given the real harm to users and national security, I determined it was necessary to take on the personal and professional risk to myself and to my family of becoming a whistleblower,” Zatko told the senators. Speaking with emotion, he said, “I did not make my whistleblower disclosures out of spite or to harm Twitter – far from that. I continue to believe in the mission of the company and root for its success. But that success can only happen if the privacy and security of Twitter’s users and the public are protected.”

What and Where is the Data?

Zatko detailed in his opening statement and throughout the hearing that Twitter does not “know what data they have, where it lives, or where it came from, and so unsurprisingly, they can’t protect it.” Multiple members of the Committee asked about the type of information that Twitter engineers could access, and often Zatko would point to Twitter’s lack of knowledge about what kind of data it has on its users and where the data is stored. “Twitter didn’t even know what it was collecting,” Zatko told Senator Dick Durbin (D-IL). He explained that Twitter engineers were all given access to the “production environment” containing user information and could thus identify data and use it for their own purposes.

Regarding the production environment, Zatko pointed out that Twitter seemed to stand out as only having this production environment, “the running systems, the live data” as opposed to having a testing area or “staging environment.” Zatko remarked that “this is an oddity, this is an exception to the norm.” He also talked about a conversation he had with a senior engineer who told him, “Mudge, you should know that this company doesn’t really have centralized logging. We don’t log the activities of the systems.” This lack of logging at Twitter “is a remnant of being so far behind on their infrastructure and the engineering and the engineers not being given the ability to put things in place to modernize,” Zatko said.

Foreign Agents and Threats

Several Committee members brought up the issue of foreign governments or entities placing individuals inside Twitter for several reasons, some of which could be to gain insight on Twitter’s censorship policies and planning or attempting to identify and target dissidents. The lack of logging issue came into play during these lines of questioning, as Zatko explained that Twitter was unable to properly track employees’ activities. He told the Committee that a foreign agent could probably stay at Twitter undetected “for a long period of time.”

“One of the disturbing things that I saw based upon being 10 years behind where I would expect a modern tech company to be was a lack of an ability to internally look for and identify inappropriate access within their own systems,” Zatko said. “When we did know of a person inside acting on behalf of a foreign interest as an unregistered agent, it was extremely difficult to track the people. There was a lack of logging and an ability to see what they were doing, what information was being accessed, or to contain their activities, let alone set steps for remediation and possible reconstitution of any damage. They’ve simply lacked the fundamental abilities to hunt for foreign intelligence agencies and expel them on their own.”

Zatko described another conversion with an executive in which he tried to raise concerns about a foreign agent who had infiltrated Twitter. According to Zatko, the executive’s response was, “Well, since we already have one, what does it matter if we have more, let’s keep growing the office.” Also discussed during the hearing was foreign governments’ roles in placing click-through ads, which “expose a risk that non-click-through ads do not,” Zatko stated. “Twitter would be a gold mine, from my understanding,” for foreign entities placing spies, Zatko told the senators.

Not-So-Scary U.S. Regulators

The senators also asked about the role of regulatory bodies like the FTC and what improvements should be made to crack down on Big Tech’s conduct. Zatko stated that from what he saw, “a lot of the regulators’ examinations were interview questions, so the organization was allowed to grade their own homework.” He said that there “wasn’t a lot of quantified measurements,” and that “a fair amount of the interviews came from companies, auditors, that Twitter themselves were able to hire,” which Zatko pointed to as a potential conflict of interest.

“I think the regulators have tools that do work, but they’re not able to see which tools in their toolbelt are the ones actually working and they’re using the ones – the one-time fines – that the companies aren’t really afraid of,” Zatko said. When Sen. Amy Klobuchar (D-MN) asked about the efficacy of passing privacy legislation, Zatko explicitly mentioned strengthening protections for whistleblowers. “I think one thing that would be very helpful is that the FTC and other regulators don’t have laws or rules that would create whistleblower protection programs for people while they were still in these organizations.”

Zatko also highlighted the weakness of U.S. regulatory bodies, stating that “some of the foreign regulators were much more feared than the FTC,” like France’s regulatory authority. He pointed to the strength of some overseas regulators, including being more “aggressive,” imposing hard deadlines, not accepting “face-value answers,” and “threaten[ing] to preclude monetizing entire markets.”

The Company Culture at Twitter and Profits vs. User Safety

In his testimony, Zatko described Twitter as “a company that was managed by risk and and by crises, instead of one that manages risk and crises.” His claims harken back to those of Facebook whistleblower Frances Haugen, who alleged that Facebook, now Meta, consistently made choices that prioritized profits and growth over the safety of its users. Several times in his testimony, Zatko described resistance from others in the company to make changes and invest in efforts to modernize the infrastructure and fix issues. For example, when Sen. Mike Lee (R-UT) asked why Twitter wouldn’t create a tracking or logging system to more easily identify foreign agents, Zatko replied, “I think they would like to, but they’re simply unwilling to put the effort in at the cost of other efforts such as driving revenue.”

According to Zatko, many Twitter employees wants change. “I learned a lot of information, a lot of people wanted to share the information. When I came on board, they were excited that there was an executive that was listening and that was willing to ruffle feathers, that was willing to fight for some of these things because they had tried to raise them.”

“The engineers and the employees want this change,” he said in another part of the hearing. Twitter has a culture, according to Zatko, “where they don’t prioritize, they’re only able to focus on one crisis at a time. And that crisis isn’t completed, it’s simply replaced by another crisis. So I think they would like to wave a magic wand and have all of these things fixed, but they’re unwilling to bite the bullet and look strategically and say, hey, we’re going to have to devote some time and money to get these basic things in place and to be honest with their investors, the public, their board, themselves, and do the legwork rather than just react to what’s coming in that they hear from a hearing like this or from the news, just until the next crisis comes along.”

Zatko also said that “[t]here was a culture of not reporting bad results up, only reporting good results up, because that was the internal incentive structure. You were rewarded based upon relationships and how you performed in an emergency, not for identifying existing errors and doing the groundwork for keeping the lights on, running the business.” He described being unable to find straight answers about the data kept.

Ultimately, Zatko painted a picture of Twitter as leagues behind their Big Tech peers in terms of safety and privacy: according to his testimony, the company simply does not have a good grasp on the data it collects from users or where to find it. His suggestions for moving forward? “Holding accountability and setting quantitative goals and standards that can be measured and audited independently, I believe, is what’s going to be required to change management structures and drive change in companies when it’s needed such as this.”

The hearing record will be open for one week for submission of materials for the record. Watch the entire hearing here. 

Stay updated on breaking whistleblower news with WNN. 

Tags: TechTwitter
Previous Post

House Passes Whistleblower Protection Improvement Act

Next Post

Whistleblower Tip Results in $7.9 Million Settlement with Pharmaceutical Company

Ana Popovich

Ana Popovich

Ana Popovich is a contributing editor with Whistleblower Network News, where she writes about breaking whistleblower news, healthcare fraud whistleblowers, and Covid-19 fraud whistleblowers. Ana has a B.A. in English from Georgetown University. While at Georgetown, she was the marketing chair of an affinity group and wrote content for the McDonough School of Business’ Business for Impact program. In 2018, Popovich was a public interest legal intern at the whistleblower law firm Kohn, Kohn and Colapinto. 

Next Post
Whistleblower Tip Results in $7.9 Million Settlement with Pharmaceutical Company

Whistleblower Tip Results in $7.9 Million Settlement with Pharmaceutical Company

Receive Daily Alerts

Subscribe to receive daily breaking news and legislative developments sent to your inbox.

  • This field is for validation purposes and should be left unchanged.

Most Popular

Advocates Detail Need for SEC Whistleblower Reform

Raytheon Whistleblower Receives $1.5 Million for Alleging Cybersecurity Non-Compliance

Ruling Striking Down Trump Order Targeting Law Firm Seen as Crucial for Whistleblowers

MJH Healthcare Settles Whistleblower Allegations of Postal Rate Fraud for $2 Million

Poll Shows Overwhelming Support for Stronger Whistleblower Laws in Australia, Mirroring Polling in US

Four Whistleblowers Receive $1.3 Million for Alleging Genetic Testing Fraud Scheme

Whistleblower Poll

Whistleblower Poll
Whistleblower Poll

Exclusive Marist Poll: Overwhelming Public Support Among Likely Voters For Increased Whistleblower Protections

byGeoff Schweller
October 6, 2020

ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT

STAY INFORMED.
Subscribe to receive breaking whistleblower updates.

  • This field is for validation purposes and should be left unchanged.

About Us

  • About
  • Contact Us
  • Donate
  • Careers

Subscribe

  • Daily Mail
  • Follow us on Twitter
  • YouTube Channel

Contribute

  • Letter to the Editor
  • Submission Guidelines
  • Reprint Guidelines

Your Experience

  • Accessibility Statement
  • Privacy Policy
  • Terms of Use

Help

  • Rules for Whistleblowers
  • Frequently Asked Questions
  • Advertise
Whistleblower Network News

Whistleblower Network News is an independent online newspaper providing our readers with up-to-date information on whistleblowing. Our goal is to be the best source of information on important qui tam, anti-corruption, compliance, and whistleblower law developments. 

Submit an Article

Copyright © 2025, Whistleblower Network News. All Rights Reserved.

This Newspaper/Web Site is made available by the publisher for educational purposes only as well as to give you general information and a general understanding of the law, not to provide specific legal advice. By using this website, you understand that there is no attorney-client relationship between you and the Newspaper/Web Site publisher. The Newspaper/Web Site should not be used as a substitute for competent legal advice from a licensed professional attorney in your state.

Become a Whistleblower Network News Subscriber

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Subscribe to WNN

Retrieve your password

Please enter your username or email address to reset your password.

Subscribe to WNN
RSVP to National Whistleblower Day 2025! July 30, 2025 on Capitol Hill
RSVP NOW

Add New Playlist

No Result
View All Result
  • Exclusives
  • Government
    • False Claims-Qui Tam
    • Federal Employees
    • Intelligence
  • Corporate
    • CFTC & Commodities
    • Dodd-Frank
    • IRS & Tax
    • SEC & Securities
  • Features
  • Legislation
  • International
    • Foreign Corruption
  • Rewards
  • Whistleblower of the Week
  • Environment & Climate
  • Opinion
  • Editorial
  • Employment
    • Sarbanes-Oxley Whistleblowers
    • Retaliation
    • OSHA
  • Make National Whistleblower Day Permanent
  • Media
    • Podcasts
    • Videos
    • Webinars
    • National Whistleblower Day
  • Whistleblower Poll
  • Whistleblower Resources
    • Frequently Asked Questions
    • Resources for Locating An Attorney
    • The New Whistleblowers Handbook

Copyright © 2024, Whistleblower Network News. All Rights Reserved.

Go to mobile version