As reported earlier this week, Zatko has accused Twitter executives of deceiving federal regulators, deliberately misleading the company’s board, and lying about the presence of bots and spam on the service.
The details are not definitive in each instance, but based on the overall statements and counter statements about Zatko’s experience at the app, it does seem that the main issues stem from Zatko’s lack of acceptance into the fold at Twitter HQ, and the resulting issues that has caused.
Which reflects internal dysfunction, as noted.
To recap, back in 2020, Twitter suffered the biggest hack in its history, which saw the accounts of major celebrities like Barrack Obama, Joe Biden and Elon Musk all suddenly start posting Bitcoin scam links.
Twitter eventually traced this back to a human exploit – hackers had convinced a Twitter employee to give them access to the platform’s control console, which enabled them to take over any account they wanted. But in the wake of the incident, then Twitter CEO Jack Dorsey reached out to Zatko, who has years of high-profile experience in dealing with cybersecurity, and asked him to come on board as head of security to ‘help the world’ by addressing the platform’s problems.
According to Zatko, and others who worked with him at the app, he then had limited contact with Twitter’s executive team, including Dorsey himself.
As per The Washington Post:
“In 12 months, Zatko could manage only six one-on-one calls, all less than 30 minutes, with his direct boss Dorsey, who also served as CEO of payments company Square, now known as Block, according to the complaint. Zatko allegedly did almost all of the talking, and Dorsey said perhaps 50 words in the entire year to him. “A couple dozen text messages” rounded out their electronic communication, the complaint alleges.”
This is an important note, because the hiring of Zatko, who’s career in the industry goes back some 27 years, now looks, potentially, like more of a PR stunt than anything, with Zatko also noting that, aside from Dorsey, other Twitter executives largely ignored his warnings on potential vulnerabilities within its systems.
Indeed, several former and current Twitter employees have since stated that Zatko wasn’t considered an authority within the company, despite his title, with one going so far as to call Zatko ‘a clown’, regardless of his historical achievements and status (though it is worth noting that, in Zatko’s time at the app, the platform’s backlog of safety cases shrunk from 1 million to 200,000, reflecting his contributions on at least some fronts).
That being the case, it may be that Zatko didn’t have the level of access nor full oversight that he claims, while Zatko has also made extreme statements in the past in regards to perceived security vulnerabilities.
As per Yahoo Finance:
“In 1998, Zatko testified to the Senate alongside his L0pht colleagues about critical internet infrastructure vulnerabilities. He said the group had discovered an exploit that would allow him and his colleagues to take the entire internet offline in 30 minutes.”
Comments like this potentially weaken Zatko’s Twitter complaints, and again, on balance, it increasingly seems like Zatko had been bought into Twitter at least partially for PR purposes, which may also weaken his claims around the widespread dangers in the app.
But overall, what the situation really shows is that Twitter is all over the place.
The fact that Zatko was never fully integrated, and had trouble even getting a meeting with his boss, reflects a company in disarray, which could suggest that virtually anything that Twitter reports publicly isn’t entirely correct, based on miscommunication and conflicting incentives in the app.
Could that mean that more than 5% of Twitter’s active users are fake or spam accounts? Sure, it seems like anything could be true, if the lines of communication are so conflicted and confused internally.
Indeed, according to Zatko’s testimony:
“In early 2021, as a new executive, Mudge (Zatko) asked the head of site integrity what the underling spam bot numbers were. Their response was ‘we don’t really know’. The company could not even provide an upper bound on the total number of spam bots on the platform. The site integrity team gave three reasons for this failure: (1) they did not know how to measure; (2) they were buried under constant firefighting and could not keep up with reacting to bots and other platform abuse; and, most troubling, (3) senior management had no appetite to properly measure the prevalence of bot accounts.”
Conflicting incentives, miscommunication and overall dysfunction are the real underlying revelations of Zatko’s statements, which means that everything he says could be true, and Twitter could be a mess. Or maybe none of it is 100% right.
Because no one really seems to know for sure, and that, in itself, is a concern for the company.
Does that help Elon Musk’s case, in trying to weasel out of his $44 billion Twitter takeover bid?
Probably not. Twitter’s legal team is standing firm on the fact that the amount of bots and spam on the platform is immaterial, given the parameters of the original takeover agreement.
There is a prospect that pending fines that Twitter might face as a result of Zatko’s testimony could constitute Material Adverse Effect, and let Musk off the hook – but legal experts note that this is also unlikely as any investigation won’t be settled before the October trial date (note: Zatko will testify before the Senate Judiciary Committee next month).
But what we do know is that Twitter, internally, has many, many problems, which may well be why Musk wants to get away from the deal as fast as he can.
But he could be stuck, either way – which could put the future of the platform on shaky ground, as Musk eventually seeks to tear it all down in order to re-build it back up based on his own management vision.