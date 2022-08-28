Peiter Zatko, widely known by his hacker handle Mudge, is seen in this undated photo. Photo: U.S. federal government via Reuters

The story so far: On August 23, CNN and The Washington Post newspaper reported that Peiter ‘Mudge’ Zatko, a former head of security at Twitter, had filed a whistleblower complaint with the U.S. Securities and Exchange Commission, which among other things alleges that the Indian government forced the social media network to hire its agent, who then had access to sensitive user data.

ADVERTISEMENT

What is the report about?

This news report is about a disclosure regarding Twitter’s security problems and vulnerabilities that Mr. Zatko sent last month to U.S. government agencies and congressional committees. The disclosure document, put out by the Post, identifies him as a “security lead” and “a member of the senior executive team,” someone who “uncovered extreme, egregious deficiencies by Twitter in every area of his mandate including… user privacy, digital and physical security, and platform integrity/content moderation.”

Also Read Twitter stonewalls queries on whistleblower’s claims

Mr. Zatko, whose services were terminated by Twitter in January this year, has accused his former employer of making false statements to users and the Federal Trade Commission regarding security, privacy and integrity. He has also accused it of deceiving the board of directors and investors.

Significantly, the whistleblower has said in the disclosure that Elon Musk’s suspicions about the accuracy of Twitter’s claims that less than 5% of its accounts are spam — which eventually led the Tesla founder to pull back from a deal to buy the social media network — “are on target.” That’s because, “Agrawal (Twitter CEO Parag Agrawal) knows very well that Twitter executives are not incentivised to accurately ‘detect’ or report total spam bots on the platform.”

ADVERTISEMENT

On a broader level, in the disclosure, Mr. Zatko has written about Twitter’s lack of real progress on the issues of security and privacy over the years. For instance, he has alleged that it has allowed too many people in the system to access sensitive data. And that it has also been plagued by server vulnerabilities and fundamental architectural issues. He has also written of being aware of “multiple episodes suggesting that Twitter had been penetrated by foreign intelligence agencies and/or was complicit in threats to democratic governance.” It is in this context that he refers to the Indian case. The disclosure comes amid a long-standing battle, now in the courts, between the government and Twitter over the former’s power to get the latter to block handles from time to time.

Also Read U.S. regulator questions Twitter on how it counts fake accounts

What is the reference to the Indian government?

This is what Mr. Zatko’s disclosure said: “The Indian government forced Twitter to hire specific individual(s) who were government agents, who (because of Twitter’s basic architectural flaws) would have access to vast amounts of Twitter sensitive data.” This, according to Mr. Zatko, is a violation of Twitter’s commitments to its users.

What have been the reactions to this?

Twitter has dismissed the allegations. Its response, which was published in The Hindu, has made it a point to mention that Mr. Zatko was fired for “ineffective leadership and poor performance.” Also, it has said: “What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context.” Twitter hasn’t made a specific comment on the Indian angle in the disclosure. The Indian government has also been silent on this.

According to a separate report in The Hindu, Twitter “stonewalled” questions by members of the Standing Committee on Information Technology. The social media network has been given a week’s time to submit replies.

It isn’t clear whether the “agent” mentioned in the disclosure is actually a reference to the grievance officer that significant social media networks were required to recruit under the new IT rules introduced last year. A CNN report said, “A person familiar with the matter, and with Zatko’s tenure at Twitter, told CNN the Indian agents Zatko describes are government-mandated roles the country requires of tech platforms under its local laws.” There has been no official statement, either from Twitter or from the government, regarding this. The Standing Committee on Information Technology has, in fact, asked Twitter about the number of people it employs in India as well as of those who have worked earlier with the government.