December 6, 2022

Volume XII, Number 340

Advertisement

December 06, 2022

Subscribe to Latest Legal News and Analysis

December 05, 2022

Subscribe to Latest Legal News and Analysis

Twitter Cybersecurity Whistleblower Calls Out Company for Allegedly Deceiving Regulators and the Public

Big Tech is having another day of reckoning.  Peiter “Mudge” Zatko, Twitter’s former head of cybersecurity, filed a complaint with the Securities and Exchange Commission (SEC), the Federal Trade Commission (FTC), and the Department of Justice (DOJ), alleging the company’s poor internal security controls leave users’ data potentially unprotected and available to malicious actors.  Zatko also alleged that Twitter deceived regulators by the company claiming to protect users’ data and secure their platform, when instead too many people had access to the platform’s core software.

As part of a settlement with the FTC over decade ago, regarding cybersecurity lapses which allowed hackers to gain unauthorized access to the platform, Twitter was “barred for 20 years from misleading consumers” about its cybersecurity practices and it was supposed to “establish and maintain a comprehensive information security program” with assessment by an independent auditor.  The whistleblower alleged Twitter failed to comply with this settlement as well.  Of interest to Twitter users, Zatko alleged that Twitter “does not reliably delete users’ data after they cancel their accounts” and does not have good systems for tracking what happens to users’ deleted data.

Then-CEO Jack Dorsey hired Zatko in 2020 following some high-profile Twitter account hacks.  Zatko uncovered a variety of cybersecurity concerns regarding access to the production environment, server stability, software updates, and more.  The Washington Post and CNN’s exclusive stories tell a tale of an “ethical hacker” trying to use internal systems to bring to light a variety of issues and being shouted down before being ultimately dismissed from the company.

Zatko is slated to testify to the Senate Judiciary Committee on September 13, 2022.

The DOJ’s Civil Cyber-Fraud Initiative encompasses the type of fraud Zatko is alleging, that of a company claiming to have adequate cybersecurity controls and procedures in place when it actually does not.  The initiative calls on knowledgeable insiders, much like Zatko and Facebook whistleblower Frances Haugen, to report data breaches and companies who falsely certify that they have or are capable of instituting good cybersecurity controls and policies, in order to protect taxpayers and national security.

© 2022 by Tycko & Zavareei LLPNational Law Review, Volume XII, Number 242
Advertisement
Advertisement
Advertisement

About this Author

Eva Gunasekera WHistleblower and Government Fraud  Attorney Tycko & Zavareei LLP Law Firm
Partner

FORMER DOJ SENIOR COUNSEL FOR HEALTH CARE FRAUD, NOW REPRESENTING WHISTLEBLOWERS

(202) 973-0900
Renée Brooker Whistleblower Lawyer Tycko & Zavareei Law Firm
Partner

FORMER PROSECUTOR IN SENIOR LEADERSHIP POSITION AT DOJ, RESPONSIBLE FOR BILLIONS OF DOLLARS IN RECOVERIES UNDER WHISTLEBLOWER LAWS, NOW REPRESENTING WHISTLEBLOWERS

(202) 417-3664‬
Advertisement
Advertisement
Advertisement