Agrawal said a “false story” has been created about the company, which “is currently testing our integrity”. He added: “I know that can be frustrating, and I know that it can be challenging.”
Details of the call were shared with CNN by a Twitter employee. A Twitter spokesperson said the meeting was part of regularly scheduled company-wide meetings and was scheduled before news of the disclosure reached Twitter.
Twitter has reversed Zatko’s allegations, first reported by CNN and The Washington Post. The company says the disclosure of Zatko’s whistleblower is “riddled with inconsistencies and inaccuracies and lacks significant context.” It also states that Zatko was fired for ineffective leadership and poor performance. (Zatko says he was fired in retaliation for sounding the alarm internally at Twitter’s security practices.)
Speaking at the meeting Wednesday, Twitter general counsel Sean Edgett said the company reached out to regulators and “various agencies around the world” when the company learned about Zatko’s allegations.
Senator Richard Blumenthal has called on the Federal Trade Commission to investigate Zatko’s allegations. Twitter’s chief regulator in Europe, the Irish Data Protection Commission, said it was seeking information from the company in light of the allegations.
Executives were asked to publicly discuss the many allegations Zatko had made about the company, point by point.
Rebecca Hahn, the company’s head of global communications, said at the meeting that there were a “number of reasons” why the company hadn’t been able to do so yet — in a possible allusion to the ongoing legal battle between Twitter and its potential future. owner Elon Musk.
Hahn, who said she joined the company just over a month ago, said she was inspired by the “level of ethics, passion and care” on Twitter. She assured her colleagues of the company’s public response. “The truth will come out,” she said. “We are always on the right side of history in this regard.”
While Twitter executives declined to address all of Zatko’s claims about the call, Chief Privacy Officer Damien Kieran said some of the allegations were “just not true” and mentioned steps the company has taken to protect laptops and other infrastructure from hacking. .
“The notion that the number of incidents our detection and response team investigate is an indicator of a bad or negative impact on Twitter is simply false,” Kieran told employees.
However, the two sides seemed to use different definitions of what a security incident is. Zatkos’ disclosure defined an incident as something “significant enough to cause work stoppages” and referred staff to determine the extent of the problem. Kieran’s definition seemed broader and relatively lenient, describing a security incident as any suspicious digital activity that Twitter’s security team investigates, including activity that has no impact whatsoever on the company’s computer networks or data.
CNN has asked Twitter to comment on the apparent discrepancy in definitions.
Twitter, Kieran also said, implemented tighter security controls in the wake of the 2020 hack that compromised celebrity accounts, to the point that “the very same attack cannot happen.” Those security measures include requiring more employees to use “two-factor authentication” or another layer of security when logging into computer applications.
“Whether that’s true or not, that doesn’t negate the many other concerns and security concerns raised in the lawful disclosure,” John Tye, founder of Whistleblower Aid and Zatko’s attorney, said in a statement to CNN.