Twitter whistleblower Peiter Zatko’s congressional testimony on Tuesday was every bit as damaging for the company’s image as Elon Musk might have hoped.
Yet while Musk could gather ammunition that might drive down the price of his $44 billion takeover bid, Zatko could not deliver the smoking gun Musk needed most.
Instead, the former head of security spent nearly three hours explaining to Congress how the board skewed executive compensation toward overly ambitious profit targets that could only be reached by systematic underinvestment in its infrastructure.
This led to gaping vulnerabilities that could easily be exploited.
“It doesn’t matter who has keys if you don’t have any locks on the doors,” the former head of security at Twitter told the Senate Judiciary Committee. “It’s not far-fetched to say that an employee inside the company could take over the accounts of all of the senators in this room.”
According to Zatko, or “Mudge” as he’s also known, the social media platform with an estimated 215 million monetizable daily active users (mDAU) cannot protect user data, because they don’t really know what exactly they have collected nor where to even look.
Moreover, Twitter could be easily infiltrated by foreign spies that pass on information to hostile governments, and no one would likely be the wiser, since there were no central logs to track what their engineers were doing.
Musk, however, who tweeted a popcorn emoji during the testimony, needed dirt that management was falsifying its mDAU figures, which he has argued eclipse the 5% or fewer that Twitter has repeatedly estimated.
While Zatko’s allegations of incompetence and corporate greed at Twitter were damning, he could provide no direct evidence as his remit was security rather than sales and marketing.
“This is good for Twitter and bad for Musk,” posted Ann Lipton, law professor at Tulane University, in response to yesterday’s testimony.
Can Parag Agrawal hold on?
Zatko, who was fired from Twitter in January, described a company that at a bare minimum was grossly negligent with its customer data, poses a potential threat to American interests, and undertook no action to patch vulnerabilities.
“Twitter leadership is misleading the public, lawmakers, regulators, and even its own board of directors,” he said, adding it was over a decade behind the rest of the industry in terms of privacy protection and data security.
Musk is being sued by Twitter’s board for trying to back out of a signed agreement to offer its stockholders $54.20 per share, and now faces an Oct. 17 trial date should the two sides not reach a settlement first.
It emerged last week that he was having second thoughts on May 8, not over the number of bots he claims had put him off the deal, but the economic risks. Days later he announced he would no longer honor his commitments—owing to a large number of spam accounts.
When his legal team argued last week there was little due diligence that would have revealed fake users given Zatko’s claims that Twitter would bury any damaging information, the Court of Chancery in Delaware indicated Musk’s case rests on thin ice.
“We don’t know what would have happened in diligence, because there wasn’t any,” replied the presiding judge, Kathaleen McCormick.
While Musk may not have got what he most wanted, the testimony proved invaluable for senators looking to beef up the policing of big tech companies.
“The whistleblower’s allegations must lead to bipartisan Senate action geared toward protecting Americans’ sensitive personal information,” wrote the chair of the committee, Illinois Sen. Dick Durbin.
Republican Sen. Lindsey Graham of South Carolina said he was willing to cross the aisle and work with progressive Democrat Elizabeth Warren if it meant more effective legislation.
Yet it was Sen. Chuck Grassley, the ranking Republican on the committee, who went farthest in attacking Twitter and its CEO, Parag Agrawal.
“If these allegations are true, I do not see how Mr. Agrawal can maintain his position at Twitter,” he said.
The company could not be reached for immediate comment.
Agrawal himself declined an invitation to appear before the committee, citing the ongoing litigation with Musk.