Twitter’s former security chief claims company is hiding the ball when it comes to spam and bots
Former chief of security Peiter Zatko accuses Twitter of “lying about bots to Elon Musk” in a whistleblower complaint filed in July with regulators, including the Securities and Exchange Commission, a copy of which was obtained by The Washington Post.
Zatko, a well-known figure in the security community, claims that Twitter is not incentivized to count the actual number of bots and spam accounts on the service, which has 238 million daily users. And he makes another argument that Musk could potentially boost his fight to prove that Twitter broke his contract when he agreed to buy the company for $44 billion: that Twitter cheated regulators regarding its defense against hacker.
Importantly, however, Zatko provides limited hard evidence in its spam and bot complaint, so the potential impact of those allegations is difficult to estimate at first.
Twitter has repeatedly resisted the argument that it is inaccurate or working intensively to fight bots and spam. In May, CEO Parag Agrawal said the company is deleting half a million spam and bot accounts every day, a number the company updated to one million a day in July.
“Twitter fully supports… our statements about the percentage of spam accounts on our platform and the work we are doing to fight spam on the platform in general,” Twitter spokeswoman Rebecca Hahn said in response to Zatko’s allegations.
But new allegations that Twitter misled shareholders and regulators could bolster Musk’s case in the Delaware Chancery Court in October, according to half a dozen legal experts who spoke to The Post before the complaint went public, who were unaware of the lawsuit. the complaint. The arguments would depend on the seriousness of the disclosures, as well as data supporting new claims — and the extent to which Musk relied on such claims in completing the deal.
Musk and his lawyers did not immediately respond to a request for comment.
Musk’s counter-charge contains aggressive new claims. Twitter refutes them.
Musk, the CEO of Tesla and SpaceX, has fished to end his deal to buy the social media site, claiming that Twitter’s old estimate that bot and spam accounts make up less than 5 percent of its “daily revenue” is not. where is. He ended his agreement to buy Twitter because he claimed that miscounting bots would have a “material adverse effect”, a fundamental change in the company that, for example, sharply decreases in value. And he has since sued the company for allegedly deceiving his team, accusing Twitter of fraud and breach of contract.
Twitter deal temporarily suspended pending details to support calculation that spam/fake accounts indeed represent less than 5% of usershttps://t.co/Y2t0QMuuyn
— Elon Musk (@elonmusk) May 13, 2022
Zatko is a security pioneer known in the industry for his history of exposing software flaws – under the moniker of ‘Mudge’. However, his tenure at Twitter was controversial, resulting in repeated clashes with fellow executives and ultimately his resignation.
The complaint alleges that Twitter misled Federal Trade Commission and Securities and Exchange Commission regulators about security issues. Twitter’s Hahn said Zatko’s allegations were “riddled with inaccuracies”.
The actual number of bots and spam accounts on Twitter will likely be “meaningly higher” than the number claimed by Twitter, the complaint alleges.
“Twitter executives have little or no personal incentive to accurately ‘detect’ or measure the prevalence of spam bots,” the complaint claims, adding that “deliberate ignorance was the norm” among the executive team.
An edited version of the 84-page submission went to congressional committees. The Post got a copy of the unveiling from a senior Democratic aide on Capitol Hill.
Twitter is investigating Elon Musk’s social circle in wide-ranging legal requests
Multiple departments at Twitter are responsible for fighting spam and bots. As chief of security, Zatko was not directly responsible for bot extermination, but his role touched upon some aspects of bot removal. Zatko was fired long before Musk’s initial Twitter investment went public in April, leading up to his acquisition announcement later that month.
Four people familiar with the company’s spam detection processes, who like others spoke on condition of anonymity to describe sensitive internal matters, told The Post that the company keeps several internal counts of spam and bots – known as “prevalence” – in the entire service above the amount delivered to Wall Street. The Post was also given an internal document, redacted to hide the numbers, which revealed that “spam prevalence” was a number shared with
the board. According to two people, the document was handed over to the board during a meeting that Zatko attended.
The four people said the social media company estimates the increased amount of spam and bots on the service that uses software to sample thousands of tweets every day, as well as 100 accounts that are manually sampled. Three of the people said the company’s internal bone prevalence rates were almost always less than 5 percent.
Twitter’s Hahn said the company is transparent about the number of accounts it is removing for violating the rules. In addition, there are many rule-following bots that are allowed to stay. The company does not report a total number of bots because it would only be a minimum number of those they caught, she said. The internal prevalence metrics focus on how many people see the rule-breaking bots, which the company says is the more accurate measure of potential harm than an overall count, given that many bots are inactive, Hahn added.
Elon Musk says Twitter deal is on hold, putting bid on shaky ground
Twitter and Musk became embroiled in a legal battle this summer after Musk pulled out of his deal to buy the social media company. Twitter filed a lawsuit alleging that he breached his contract while disrupting the site’s operations and dragging its stock down.
In response, Musk filed a lawsuit late last month over a spate of new issues, including a majority of ads being shown to fewer than 16 million users. That’s a fraction of the 238 million daily users that Twitter claims the company could monetize by watching ads.
Alexander Manglinong, a corporate litigation attorney at Stubbs Alderton & Markiles, pointed out that Musk is waiving due diligence in honoring the agreement, depriving him of a deeper look at Twitter’s inner workings.
“From my perspective — even without knowing what specific information might be out there, it still seems to be an uphill battle against Musk,” he added.
Musk’s legal team has already shown its willingness to question high-ranking former executives by issuing a subpoena to former Twitter CEO Jack Dorsey. (Zatko, according to one of those familiar with the company, was already one of the executives whose records Musk’s legal team tried to obtain, but a judge rejected the request.)
Twitter sues Elon Musk and creates epic legal battle
Musk’s team has asked more than 20 company leaders for information, but the judge has so far only allowed them to obtain internal communications from a single Twitter executive, former head of consumer product Kayvon Beykpour.
Zatko alleges in his complaint that an unnamed senior executive tried to shut down a key tool to stop bot and spam accounts. The tool, internally called ROPO, for “read-only phone,” blocks an account from tweeting until a user can prove it’s linked to a real person.
That executive was Beykpour, who was fired by Agrawal this year, said two of the people familiar with the company’s spam processes, as well as a third person familiar with the discussions. The complaint says Beykpour was criticized for the tool after personally receiving “a small number of unsolicited DMS (text messages)”. But people said Beykpour thought ROPO was full of much broader flaws, and wasn’t trying to shut down the tool, but suggested an overhaul.
Beykpour has declined an interview request.
Zatko’s attorney at the nonprofit law firm Whistleblower Aid said there had been no interaction with Musk’s team, but he would respond to subpoenas.
As Musk abandons deal, Twitter faces ‘worst case scenario’
Zatko also alleges in the complaint that Twitter’s security systems had massive flaws, leaving the company vulnerable to repeated hacks and even the real possibility of a sitewide shutdown. He says that during his years with the company, many servers and laptops in the workplace were running outdated and vulnerable software, and far too many employees had access to internal systems that contained sensitive user data and software.
Twitter’s Hahn says its security practices meet industry standards.