Twitter’s former head of security railed against the platform on Tuesday in testimony before the Senate Judiciary Committee, alleging that it has prioritized revenue growth at the expense of content moderation and corporate responsibility.
Peiter Zatko, who filed a whistleblower complaint with multiple government agencies over the summer, also claimed that Twitter failed to take seriously foreign spies that may have infiltrated its ranks.
He recalled a conversation with an unnamed executive about a possible “foreign agent” on staff, after similar concerns about at least one other employee had already been raised. According to Zatko’s testimony, the executive replied, “Well, since we already have one, what does it matter if we have more? Let's keep growing the office.”
The former security chief was fired by Twitter earlier this year, though he signed a roughly $7 million settlement agreement in June. According to The Wall Street Journal, the deal included non-disclosure and non-disparagement provisions; crucially, though, it didn’t preclude him from filing the whistleblower complaint or testifying before Congress.
In Tuesday’s hearing, Zatko alleged that Twitter lacked “basic, fundamental tools and access control,” making it challenging to determine when sensitive data may have been compromised—and by whom. He added that engineers could theoretically try to sell access to users’ accounts on the black market, and that the company might have trouble rooting out the culprit.
Zatko—who once worked as a hacker and helped companies find security vulnerabilities—pegged much of the problems to a culture of disorganization and misplaced priorities. “They’re simply unwilling to put the effort in at the cost of other efforts such as driving revenue,” he said, noting that Twitter frequently lacks employees with the necessary language skills to address foreign content moderation issues. “They’re only able to focus on one crisis at a time,” he said. “And that crisis isn’t completed, it’s simply replaced by another crisis.”
Senators expressed serious concerns about other issues Zatko raised, including that CEO Parag Agrawal contemplated bowing to Russian demands prior to the war in Ukraine, which would have risked letting the government “censor and surveil Russian users.” Agrawal was chief technology officer at the time, and Twitter did not ultimately accede to the demands.
In a statement, a Twitter spokesperson said, “Today’s hearing only confirms that Mr. Zatko’s allegations are riddled with inconsistencies and inaccuracies.” The company previously sought to challenge his credibility, saying that he was fired “for ineffective leadership and poor performance.”
Twitter also maintains that its hiring process is not influenced by foreign actors and that it safeguards data through measures including background checks, access controls, and breach detection systems.
Zatko’s highly public campaign against Twitter comes at a fraught moment for the business. The company signed a $44 billion buyout agreement with Elon Musk in the spring, but the billionaire has since gotten cold feet, declaring that Twitter hadn’t been transparent about the amount of spam and fake accounts on its platform.
In an effort to enforce the deal, Twitter brought the dispute to Delaware Chancery Court, and some experts initially said that Musk’s arguments for backing out looked quite thin. It remains to be seen what impact Zatko’s claims will have on the proceedings.
For the moment, Musk is clearly enjoying the drama. On Tuesday, he tweeted an emoji of a bucket of popcorn. He also changed his display name to “Naughtius Maximus,” a phrase he previously employed while linking to a Monty Python sketch about a fictional Roman named “Biggus Dickus.”
At the time—and as an illustration of how he uses the platform—Musk followed up with a shower thought of his own: “What if ur name is Johnson & u just happen to work at Johnson & Johnson?”