CARINA JOHANSEN/NTB/AFP via Getty Images
Billionaire Elon Musk’s chances of walking away unscathed from his commitment to buy Twitter just improved, thanks to recent allegations from the company’s former security chief.
Twitter looks like a cybersecurity dumpster fire in a whistleblower complaint submitted to federal regulators by Peiter Zatko. He complains of lax security practices that put users’ personal data at risk and the social media company in danger of violating a settlement agreement with federal regulators. He also alleges that the Indian government forced Twitter to hire two government agents who had access to sensitive data.
Soon after Zatko’s concerns became public, Musk referenced them in new legal claims. The Tesla CEO now argues that Twitter is damaged goods and by hiding such egregious problems, it committed fraud.
Twitter calls Zatko’s complaints inaccurate, inconsistent and opportunistic.
Twitter sued Musk in July after he tried to break off the agreement to buy the company for $44 billion. Musk claimed that the company had understated the prevalence of bots–or spam accounts–on its platform and that was justification for his change of heart.
Given that Musk had waived due diligence when he signed the agreement–not to mention that it was he, and not the company, who had sought the acquisition–many experts believed he had a flimsy legal case.
His legal claims “just always seemed like such an incredibly long shot argument to begin with,” said Ann Lipton, a business and securities law professor at Tulane University. “The other allegations – hair-raising data-security and intellectual-property problems – those at least have a lot more potential.”
The trial is scheduled to begin October 17 in Delaware. Musk has asked the judge for a delay so that his legal team could gather more information about what went on inside Twitter.
Twitter has claimed that any delay hurts its business and shareholders.
Why Musk has a better chance to walk away from the deal
Zatko, who also goes by his hacker handle “Mudge,” worked as Twitter’s head of security from 2020 until January. During that time, he says, company leaders –including CEO Parag Agrawal – ignored his warnings about serious security flaws. In a whistleblower complaint filed with the Securities and Exchange Commission, the Federal Trade Commission and the Department of Justice, Zatko alleges that executives ignored these problems.
Twitter said Zatko’s complaint is a “false narrative” and inaccurate, and that he was fired for poor performance.
The company is under an FTC consent agreement, signed in 2011 after hackers repeatedly seized control and tweeted from a handful of users’ accounts. At the time, the agency said Twitter “failed to take reasonable steps” to safeguard its system. The agreement requires the company to maintain a comprehensive security system and be truthful with users about the extent to which it protects their personal information.
After Zatko’s allegations became public, Musk filed a new letter to terminate the contract to buy Twitter. His lawyers argue that, if the allegations are true, the FTC could fine Twitter millions of dollars for violating the consent agreement.
“Twitter has already paid a fine of $150 million for violating an aspect of that decree, and Facebook recently paid $5 billion for similar user data violations,” the letter notes.
That risk, previously hidden, gives Musk the right to walk away, it says.
Whistleblower complaint also has the attention of Congress
Zatko is scheduled to be deposed by Musk’s lawyers on Sept. 9. The following week, he’s slotted to testify before the Senate Judiciary Committee.
If Zatko’s claims are accurate, “they may show dangerous data privacy and security risks for Twitter users around the world,” the top lawmakers on the committee, Democrat Dick Durbin of Illinois and and Republican Chuck Grassley of Iowa, said in a statement, pledging the committee would “get to the bottom of these alarming allegations.”
Senators have also asked the FTC to investigate Twitter. The agency has declined to comment.