August 24, 2022 - 5:27pm
For anyone who has felt the many frustrations of being on Twitter, from the relentless hostility to the adolescent cliques, a new set of leaks from Twitter’s former head of security should offer some consolation: at least you don’t work there. The documents, released by Peiter “Mudge” Zatko and obtained by the Washington Post and CNN, portray a terrifyingly dysfunctional state of affairs at the company largely responsible for administering online public discourse.
Zatko’s documents and testimony allege, among many other charges, that Twitter’s executives repeatedly misled its own board, to say nothing of the public, about the security of its own platform, insisting it was safe when in fact it was compromised to a terrifying degree. He alleges Twitter could not rein in bot traffic and underestimated it, the very charge Elon Musk cited as cause for breaking off his acquisition. Zatko also claimed Twitter gave into pressure from India to hire an agent of the Indian government and give them access to sensitive data, as well as giving information to the Chinese government that could have endangered Twitter users in China.
Twitter fired Zatko in January, and the company has tried to dismiss his account as the griping of an embittered ex-employee. But Zatko’s strong security pedigree and the hundreds of pages of internal documents he has provided give quite a bit of credibility to his account. Even should Zatko’s claims of Twitter being compromised by foreign agents prove inflated, his portrait of Twitter’s internal workings is so troubling that it puts into question whether Twitter in its current incarnation should be trusted with its massive authority over public discourse.
In particular, Zatko leaked a scathing external review (conducted sometime after 2020, according to sources, by the Alethea Group) of Twitter’s Site Integrity team, tasked with combatting platform manipulation and misinformation. The report found that the team lacked authority both to fix problems and find solutions, and worse, that they were focused more on enforcing policy than detecting and mitigating threats. The rest of the report depicts the teams and Twitter more generally as understaffed, disorganised, burnt out, and incapable of learning from their mistakes.
Worse yet, Zatko’s February 2022 document on Twitter security, written after he was fired, does not read like the bitter ravings of a crackpot but as a blunt assessment of technical and operational security by a man with high but not unreasonable standards. According to Zatko, around half of Twitter’s machines (servers and workstations both) run outdated, unpatched software, and Twitter has no organised plan to get them into compliance. Zatko alleges many security incidents, faulty access control over Twitter’s systems, and overall gross negligence. Moreover, he contends that none of these issues were presented honestly to Twitter’s board. He concludes, convincingly, that: “Regulators, when evaluating Twitter, will identify these as systemic issues.”
To put things into perspective: I was a software engineer for over a decade at Google and Microsoft, and saw both the good and bad of what these titans do internally. What I can say is that despite flaws, mistakes, and scandals, neither company ever allowed their operational security to fall anywhere close the level depicted in these documents. Unless Zatko is fabricating information out of thin air, his assessments raise serious questions about Twitter’s basic competence and render all judgments made by the company inherently suspect.
Neither Twitter nor Zatko’s positions should be taken at face value, and the politics of the situation will likely prove to be more complicated than they initially appear. Twitter’s value as a disseminator of information is only matched by its lack of profitability, putting it in a painful position of being set upon by all sides while lacking the resources to do much about it.
If nothing else, however, Zatko’s revelations offer a new explanation for Musk’s attempt to back out of his purchase of the company, as well as the strangely anodyne rationale he gave for the move: that Twitter had lied about its bot traffic. If Musk’s reasons were actually Zatko’s, he couldn’t have stated them. But he, or any sane person, would have had every reason not to want to end up with the hot potato that Twitter now seems to be.
Join the discussion
Join like minded readers that support our journalism by becoming a paid subscriber
To join the discussion in the comments, become a paid subscriber.
Join like minded readers that support our journalism, read unlimited articles and enjoy other subscriber-only benefits.
SubscribeIs there anything redeeming or positive about Twitter, or its fellow travelers in social media? Other than for exacerbating the “sound bite” mentality of what loosely passes for news these days, and providing a lot of folks the chance to throw out vile comments that they probably wouldn’t have the guts to do to their recipient’s face, I can’t see the attraction. But then again, I live in Microsoft’s backyard and think that a lot of their product is dreck!
I’m not on social media of any sort but I know of at least one use for twitter. Two of my daughters are self employed. One is in animation and the other works as a freelance data analyst. They use twitter to find work by “Following” companies in their field. Such companies often tweet when they need extra capacity to carry out some work. This system is useful both for the companies involved and people like my daughters.
Does this give any hope the whole thing might go bust?
Would that be a positive thing? I’ve never had a Twitter account so can’t really comment but it feels like it from everything I read about it.
GETTR – The Marketplace of Ideas
GETTR is a brand new social media platform founded on the principles of free speech, independent thought and rejecting political censorship and “cancel culture”. With best in class technology, our goal is to create a marketplace of ideas in order to share freedom and democracy around the world.
, and may help make Steve Bannon’s slogan true:
”Gettr is a ‘Twitter Killer’’
I don’t think any of these types of platform improve the public discourse; no matter what, they will be homes for narcissists and hate-filled people who just want a place to rant. Twitter exacerbates divisions offering nothing in the way of understanding between differing opinions; I hope it does fall and there is no replacement
I saw Michael Levitt saying that twitter had allowed a sharing of ideas that he hadn’t seen since his early years in science. So I guess it has a roll for grown ups. I agree with your assessment in general though.
They, with a couple other Tech monsters, are who elect our leaders. The Nudge theory at a minimum, and the full blown buying of influence and votes like the Zuck-Bucks and unlimited positive and negative propaganda they use is criminal. It is anti-democratic, and soft insurrection maybe?
It would seem this is a National Security issue on a level of stealing Submarine secrets and selling them to the enemies of USA. Maybe Garland should look into it….hahahaaa…right….
Good news for Musk is that since he waived all kinds of due diligence, he’ll now get to buy Twitter and clean house the way he so desperately suggests is necessary. I have no love for Twitter or Musk, but it seems like the two were made for each other.
A lawyer friend is fond of saying “a contract is just a way to get in front of a judge”. I hadn’t heard about Musk “waiveing all kinds of due diligence” but we can be sure that this aquisition is far from a done deal.
I don’t know the validity of the leaks but I would have thought that a head of security who leaked documents from his former employer might have trouble getting another job. Certainly not as a head of security anywhere else.
You may well be correct, but sometimes one’s conscience dictates what one must do, and it does take moral courage to do that probably knowing that you’re not going to work in your chosen field again.
I agree Linda but it must be a special case when someone in charge of security deliberately causes a major breach of security. I wasn’t trying to comment on the rights and wrongs of the leak however I do wonder about his motives. As far as I can tell the leaks show incompetence but nothing really criminal. It’s not like someone whistleblowing on malpractice in a hospital where lives are at risk or say a chemical industry hiding dangerous practices. What I means is that it doesn’t seem serious enough to be worth losing your job and reputation over. And as for Musk surely it’s a case of buyer beware and perhaps he’s the only one to benefit from the leaks.
He’s risked his job and reputation for something which is not very important. So what’s his motive?
It not like Julian Assange or Edward Snowden who are very brave to do what they did over very serious subjects.
This is Twitter we’re talking about Linda. It’s not some vital, national enterprise. It wouldn’t matter if Twitter disappeared tomorrow. Some would say the world might be a better place. You said something like this just above. I don’t think this is a moral crusade by Zatko. It has all the hallmarks of revenge for his sacking but we don’t know. No one benefits from the leaks apart from Musk and possibly Twitter’s investors who now know a bit more about the company. Musk probably already knew.
It might benefit Zatko himself. If he can get his retaliation in first then if Twitter does explode due to a security failure he can say “I told you so” and his reputation might be saved.
As far as twitter users go they’ll just carry on as before.
I just don’t believe the great moral crusade thing. Zatko might be just looking after himself. I’m sure he has been well compensated and can get another job very easily. I won’t shed any tears for him.
It’s interesting to speculate. Some people are more than willing to step off the ladder to success in favor of something that suits them better. Years ago I knew a guy who walked away from a very successful fashion design carreer in order to travel the world reading tarot cards for a living. He was frighteningly good at it.
True Laurence. But Zatko could have changed his career any time he liked without betraying the company he worked for.