Zatko was Twitter’s head of cybersecurity from late 2020 until January of this year, when he was fired for what the company called “ineffective leadership and poor performance." But Zatko has denied claims that he's a disgruntled worker.
“I’m here today because Twitter leadership is misleading the public, lawmakers, regulators and even its own board of directors,” Zatko said in his opening remarks on Tuesday.
“When an influential media platform can be compromised by teenagers, thieves and spies, and the company repeatedly creates security problems on their own, this is a big deal for all of us,” he added.
Zatko’s most serious allegations, first detailed in a CNN/Washington Post report last month, claim thousands of Twitter employees have access to user data and insist some workers have intentionally installed spyware on their computers at the request of external parties. He quoted the late author and activist Upton Sinclair to explain Twitter leadership’s alleged ignorance about the issues: “It is difficult to get a man to understand something when his salary depends on his not understanding it."
Twitter has denied Zatko's allegations, claiming they're “riddled with inconsistencies and inaccuracies.”
In his testimony on Tuesday, Zatko alleged Twitter officials “don’t know what data they have, where it lives, or where it came from, and so, unsurprisingly, they can’t protect it.” He also claimed Twitter may knowingly have foreign agents on its payroll, leaving users’ data susceptible to malicious use by foreign governments.
Sen. Chuck Grassley, the highest-ranking Republican on the Senate Judiciary Committee, shared some details of that allegation during the hearing Tuesday, including Zatko’s claim the FBI notified Twitter of “at least one Chinese agent in the company.” Zatko said Twitter higher-ups seemed “unwilling to put the effort in” to find and block the agent from accessing user data.
Zatko also testified that Twitter may be understating the number of fake accounts, or "bots," on its platform. That’s a significant, albeit unsurprising, allegation for a few reasons. As Morgan Jerkins recently wrote for Mother Jones, inauthentic Twitter accounts — particularly accounts geared toward Black users — have been used by foreign governments as tools of manipulation. The Senate has confirmed this strategy was used most infamously by the Russia-based Internet Research Agency in its effort to aid Donald Trump’s 2016 presidential campaign.
Billionaire tech entrepreneur Elon Musk is also claiming Twitter understated the number of fake accounts as the basis for his lawsuit seeking to renege on his $44 billion deal to take over the company. Twitter shareholders on Tuesday voted to approve the deal even as Musk fights to terminate it.
However you slice it, Tuesday’s hearing is bad for Twitter on a public relations level — at the very least. And if the testimony holds up, the news is even worse for users from a safety perspective.