Peiter Zatko, Twitter’s ex-head of security, alerted US authorities to “egregious deficiencies” in the company’s defences against hackers, according to his complaint. Zatko, fired from Twitter earlier this year, said he raised concerns about the bots in early 2021 and was told by the head of site integrity that Twitter didn’t know how many bots were on the platform. His Twitter colleagues showed no interest in delving into the issue, according to the complaint.
“We have already issued a subpoena for Mr Zatko, and we found his exit and that of other key employees curious in light of what we have been finding,” Alex Spiro, a lawyer for Musk, said in a statement Tuesday.
Twitter sued Musk in July to force him to complete his proposed acquisition. Since then, dozens of people, banks, funds and other firms have been subpoenaed in the Delaware lawsuit, with a trial scheduled to begin October 17. At the centre of Musk’s defence are the company’s disclosures about the quality of its customer base as it is affected by spam and automated accounts.
Zatko claims Twitter executives failed to disclose the true extent of such accounts on the platform. Spiro said he learnt from court filings that Twitter officials didn’t consider Zatko to be knowledgeable about spam accounts on the system and that they declined to search Zatko’s files as part of the exchange of information in the case.
Zatko’s complaint was reported earlier by the Washington Post and CNN.
If Zatko’s assertions are true, “that’s just the kind of smoking gun Musk had to be pinning his hopes on”, said Larry Hamermesh, a University of Pennsylvania law professor who specialises in merger and acquisition disputes.
In the complaint, Zatko said Twitter’s “Integrity Team” was reluctant to dig deeply into how many bot accounts were included in the platform’s customer base. That left the former security executive thinking “the company had no appetite to properly measure the prevalence of bots, in part because if the true number became public, it could harm the company’s value and image”.
Twitter said Zatko was fired for cause.
“Mr Zatko was fired from his senior executive role at Twitter in January 2022 for ineffective leadership and poor performance,” the company said in a statement. “What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context.”
Twitter said Zatko’s allegations and “opportunistic timing” seemed “designed to capture attention and inflict harm on Twitter, its customers and its shareholders”. It added that “security and privacy have long been company-wide priorities at Twitter and will continue to be” and that it “fully stands by its prior statements about the percentage of bot and spam accounts on the service”.
It’s hard to tell whether Zatko’s claims significantly affect the Twitter-Musk case, said Jill Fisch, a University of Pennsylvania professor who tracks Delaware corporate law cases.
“Whistle-blower complaints can raise serious issues or just be a bunch of sour grapes,” Fisch said. “We just don’t know at this point how credible” the complaint is, she said.
Bloomberg Intelligence litigation analyst Matthew Schettenhelm wrote in a note on Tuesday that the complaint “only marginally bolsters Musk’s case with Twitter”.
“The key: the report doesn’t show a direct misleading statement in Twitter’s SEC filings,” Schettenhelm wrote. “To the contrary, Zatko undercuts Musk’s central claim Twitter misled about its mDAU count. Zatko says Twitter’s ‘already doing a decent job excluding spam bots and other worthless accounts from its calculation of mDAU’.”
He was referring to monetisable daily active users, a key industry metric.
Musk has argued that Twitter’s regulatory disclosures putting spam and bot accounts at no more than 5% of its customer base were misleading. The Tesla chief executive officer has made public some of his analysis of the issue, which holds that a full third of Twitter’s more than 230 million users may fall into the bot category.
Charles Elson, a retired University of Delaware professor who ran the school’s Weinberg Center for Corporate Governance, said the complaint, if accurate, would be a bombshell.
“The bottom line question here is whether Twitter was entirely candid with Musk about these bots,” Elson said. “If it turns out they were not, it could be game over.”
Zatko was hired by former Twitter CEO Jack Dorsey. Musk’s legal team subpoenaed Dorsey on Monday, after serving Kayvon Beykpour, ex-head of consumer product at Twitter, and Bruce Falck, who oversaw product revenue. Both were fired.
Hamermesh noted that Zatko’s allegations hadn’t yet been verified and said it’s up to Delaware Chancery Court Judge Kathaleen St J McCormick to decide whether Musk’s abandonment of the deal was proper.
“It’s still a long way from the hole for Mr Musk to sink that putt,” he said.
The case is Twitter v Musk, 22-0613, Delaware Chancery Court (Wilmington).