Twitter executives discuss the whistleblower situation over a meeting

Image source: CBC

News emerged on Tuesday that a former Twitter executive had spoken out against the company, prompting a meeting with employees on Wednesday.

Twitter CEO Parag Agrawal opened the company-wide meeting, dismissing claims by former security chief Peiter “Mudge” Zatko.

The whistleblower

The whistleblower exhibit alleges that the company’s security practices are so poor that they pose a threat to national security and democracy.

Zatko also claims that the company’s management teams attempted to cover up security practices.

Agrawal said a “false story” created via Twitter is “currently challenging our integrity.”

“I know that can be frustrating,” said Agrawal. “I know it can be challenging.”

The claims

Peiter Zatko said the company underestimated the number of fake and spam accounts active on the platform.

Allegations of him could delay the legal battle between Twitter and Elon Musk, who are currently looking to cancel their $ 44 billion deal to buy the company.

Zatko also criticized Twitter’s handling of sensitive information, saying it failed to properly report some of the issues to US regulators.

The call

A Twitter spokesperson revealed that the meeting was part of regular company-wide meetings – it was scheduled before the news was leaked on Twitter.

The company denied Zatko’s allegations. Twitter said Zatko’s whistleblower disclosure was “riddled with inconsistencies and inaccuracies and lacked important context.”

They also revealed that Zatko was removed from his position due to his ineffective leadership and poor performance.

Meanwhile, Zatko claims he was fired for raising internal alarms about Twitter’s security practices.

Sean Edgett, Twitter’s general counsel, told the meeting that the company contacted regulators and various authorities around the world after learning of Zatko’s allegations.

Investigations

Senator Richard Blumenthal has asked the Federal Trade Commission to investigate Zatko’s allegations.

The Irish Data Protection Commission, the company’s main regulator in Europe, said it was seeking information from Twitter about the allegations.

Rebecca Hahn, Twitter’s head of global communications, said there were many reasons the company was unable to respond to the allegations, possibly citing the ongoing legal battle between Twitter and Elon Musk.

Hahn joined the company over a month ago and said she was inspired by the “level of ethics, passion and care” on Twitter.

Hahn reassured his colleagues about the company’s public reaction.

“The truth will get out there,” said Hahn. “We’re always on the right side of history on this.”

Not all of Zatko’s claims were addressed on the call, and Privacy Officer Damien Kieran said the claims were false, listing the steps Twitter was taking to protect laptops and other infrastructure from piracy.

“The idea that the number of incidents that our detection and response team investigates is some indicator of bad or negative impact at Twitter is just false,” Kieran reassured employees.

Definitions

Twitter and Peiter Zatko have different definitions of what a security incident is.

Zatko’s disclosure defines an incident as something “significant enough to cause a work stoppage” and prevents employees from determining the extent of the problem.

Meanwhile, Kieran’s definition is broader and friendlier, and he describes security incidents as any suspicious digital activity investigated by Twitter’s security team.

According to Keiran, after the 2020 hack that compromised celebrity accounts, Twitter implemented tighter security controls to ensure the same attack never happened again.

Security measures include requiring employees to use “two-factor authentication” or adding an extra layer of security when accessing IT applications.

References:

Twitter whistleblower raises security concerns