Shulou(Shulou.com)11/24 Report--

Peiter Zatko, former head of security for social media giant Twitter, filed a complaint with the U.S. Securities and Exchange Commission (SEC), the Federal Trade Commission (FTC) and the U.S. Department of Justice (DOJ) on Tuesday, accusing Twitter of "extremely startling flaws" in terms of privacy, security and content censorship.

▲ data map

The letter was filed on behalf of Zatko by Whistleblower Aid, a non-profit law firm, which also filed it on behalf of Frances Haugen, a Facebook whistleblower. As of the close of US stocks, Twitter closed down 7.32%.

250000 servers running outdated software in the report letter, Zatko described Twitter as a chaotic and directionless company beset by infighting and unable to properly protect the data security of its 238 million daily users. these users include government officials, heads of state and other influential public figures.

Zatko also said that although unpopular content can make the user experience worse, Twitter management still prioritizes user growth over reducing spam. Executives will receive personal bonuses of up to $10 million if they can significantly increase the number of active users, but there are no clear incentives to reduce the amount of spam, he said in his report letter.

In a letter to SEC, Zatko claimed that he had repeatedly witnessed Twitter executives engage in deceptive or misleading communication activities affecting board members, users and shareholders in 2021, during which its chief executive, Parag Agrawal, even asked Zatko to provide false and misleading documents.

In the letter, Zatko claimed that Twitter failed to accurately address four key issues to the board:

1) the software lacks basic security measures.

2) who can access or control the system and data

3) there are big problems in the internal process.

4) the number and frequency of security incidents that affect a large amount of user data are amazing.

Zatko claimed in the letter that more than half of Twitter's 500000 servers run outdated software, and more than 1/4 of employees' computers disable software updates that provide important security patches. Twitter's so-called practice of "allowing extensive access to the platform's production environment" is almost unheard of, and almost all employees have access to systems or data they should not have access to, he said.

7000 employees have free access to internal data if regulators find that Twitter misled consumers about its security agreements, which could be considered a violation of the company's 2011 settlement with FTC. At that time, Twitter was prohibited from misleading consumers about how to protect consumers' safety and private information within 20 years. The agreement also requires Twitter to create and maintain a comprehensive information security plan to be evaluated by independent auditors within 10 years.

A spokesman for the U.S. Senate Intelligence Select Committee said in a statement that the committee had also received complaints and was "holding a meeting to discuss these allegations in further detail. We will take this matter seriously."

Zatko claimed that Twitter CEO Agravar's tweet on May 16 was a "lie" and that Twitter "encourages us to detect and delete as much spam as possible every day". Twitter executives have no incentive to detect fake accounts, he said, and "senior management is not interested in properly measuring the true number of fake accounts" because "if accurate measurement data are made public, it will damage the company's image and valuation."

Zatko further claimed that Twitter did not have proper security controls. About 7000 Twitter employees have extensive access to the company's internal software, which is not closely monitored. As a result, they have the ability to access sensitive data and change the way services work.

Mr Agrawal described Mr Zatko as "a former Twitter executive who was fired in January 2022 for poor leadership and poor performance", according to internal employee memos. Twitter spokeswoman Rebecca Hahn (Rebecca Hahn) argued: "Security and privacy have long been a top priority for all Twitter employees. We are reviewing published and edited Zatko letters, but so far we have seen incorrect descriptions, full of inconsistencies and inaccuracies, and no important background information."

Hahn added that Twitter has extensively strengthened its security since 2020, with security practices in line with industry standards and specific rules on who can access the company's systems. With regard to the allegations about the number of fake accounts, Hahn said Twitter deletes more than 1 million spam accounts a day, adding up to more than 300 million a year. Twitter pointed out in its proxy statement that the growth of daily users is the smallest of the three factors for receiving cash bonuses, while the other two are revenue growth and another financial goal.

Agrawal added: "given the current close scrutiny of Twitter, we can assume that we will continue to see more headlines in the coming days, which will only make our work more difficult. I know all of you are proud of the work we do together and the values that guide us. We will spare no effort to defend our integrity and correct our mistakes."

The letter that helped Mr Musk exit the troubled takeover also referred to Twitter's misrepresentation of Tesla's chief executive, Elon Musk, who was embroiled in a legal battle over his attempt to pull out of the social media company. Musk doubts the accuracy of the number of fake Twitter accounts, arguing that such accounts account for well over 5% of Twitter users.

Zatko's lawyer said the former Twitter executive had no contact with Mr Musk. "We have issued a subpoena to Zatko and we find the departure of him and other key employees very helpful to the truth we have been looking for," said Alex Spiro, Musk's lawyer.

Mr Musk and Twitter will go to court in October, when Delaware Justice Katherine McCormick (Kathaleen McCormick) will decide whether Mr Musk still needs to buy Twitter in accordance with the original agreement.

David C. Vladeck, a former director of the FTC's consumer protection bureau, said Twitter could face huge fines, possibly hundreds of millions of dollars, if Zatko's allegations are confirmed. He added: "if all this is true, I think Twitter is definitely breaking the law. The problems Twitter faced 11 years ago may still exist in the company."

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.