Here's why the Twitter whistleblower's testimony to Congress will be crucial
When Twitter's former security chief testifies before a Senate committee on Tuesday, he will be the second highly-placed tech worker in less than a year to warn federal lawmakers about the struggles inside a social media platform.
The timing highlights both the public scrutiny on social media companies lately and Twitter's own delicate position.
Peiter Zatko's federal whistleblower complaint landed in the middle of a high-stakes legal drama in which Twitter is attempting to compel Tesla CEO Elon Musk to make good on a $44 billion deal to buy the struggling company.
Zatko, who's also known by his hacker name, Mudge, accused Twitter of lax security practices, failing to protect user privacy, misleading regulators in violation of a 2011 settlement, and knowingly employing foreign government agents and giving them access to sensitive systems and data.
Twitter has pushed back on the claims, saying Zatko was fired for poor performance and is "opportunistically seeking to inflict harm."
This push and pull is familiar to Frances Haugen, who publicly called out her former employer, Facebook, at a similar hearing about a year ago.
Zatko is "helping to shine light on the fact that critical pieces of communication infrastructure – Twitter, Facebook, TikTok – are being held together with duct tape and string," she said. "He took a huge personal risk and definitely a large career risk by coming forward with this information."
The Senate Judiciary Committee has scheduled the hearing for 10am Tuesday. Three hours later, Twitter shareholders are scheduled to vote on whether to move forward with the merger agreement that Musk wants to dissolve. The company says it remains committed to closing the deal on the original terms.
Frances Haugen: people should be 'shocked' by weak security systems
Almost a year ago, Frances Haugen testified before Congress about Facebook. Looking back, she said it was a critical moment in her journey from tech executive to whistleblower to activist.
Haugen says the public assumes that Silicon Valley companies have deep pockets to maintain security. But Zatko paints a different picture, claiming that if a data center went down, Twitter might not be able to turn itself back on.
"That is a symptom of a level of underinvestment that the public should be shocked by. We take for granted that private corporations are running critical pieces of communication infrastructure," she said. "We need to have public accountability and transparency on how these systems work, because I guarantee you there are more skeletons in the closet than just what we're seeing at Twitter."
She says social media companies tend to prioritize growth. Stronger security or better protection of users' data doesn't lead to greater audiences.
"Critical parts of public safety are cost centers," she said. "If it's not essential to the bottom line, companies will never adequately invest in it. And unfortunately, that means that comes at the cost of public safety."
Investing in security infrastructure and staff is also costly. Twitter has struggled financially for years, yet the platform is deeply ingrained in public life.
It has an "outsized influence. That's why [Zatko] went to work there," said Margaret O'Mara, who studies the history of technology at the University of Washington. "Its founders never imagined it would have such political and newsmaking significance that it has now."
Facebook whistleblower: Zatko must gain the public's trust
Unlike Haugen a year ago, Zatko is somewhat familiar with Congress and the ways of Washington.
Back in 1998, when most people surfed the internet with Netscape or Mosaic, Zatko told a congressional committee that hackers could be an asset to the feds. He famously bragged that he could break the Internet in 30 minutes.
Zatko's career evolved and matured along with the commercial Internet. He worked for DARPA, the Defense Department's secretive deep-research unit, and founded a consulting firm before being hired by Twitter in November 2020 to shore up its security after young hackers commandeered dozens of high-profile accounts, including that of Elon Musk.
"Of the other senior people I have known who have gone to work at Twitter in security, a huge fraction of them go because they really care about public safety," Haugen said, adding that many other tech companies pay more. "You go there because you see Twitter is a critical piece of global communications infrastructure and you want to give back."
But Zatko says that when he raised concerns about security at Twitter, top executives, including the new CEO, Parag Agrawal, ignored them.
Haugen says she never intended to come forward with her criticism of Facebook. She thought the trove of internal documents she had gathered and leaked to The Wall Street Journal would stand on its own. But when she did testify, "the public got to put a face to my name," Haugen said. "Whether [Zatko's] disclosures have impact will be dependent on the public trusting him."
Unlike Haugen, Zatko has presented far fewer internal documents so far to support his allegations. And given the timing–in the midst of a legal battle between Twitter and Musk–people may be more skeptical of his motives.
Tromble says the public and policymakers have to rely on people like Zatko and Haugen to shine a light on social media companies, which she describes as "black boxes."
"We particularly lack transparency about the overall impact that they have on their users. So right now, we're in a place where we rely heavily on these individual whistle whistleblowers for a peek inside the black box. And that's really problematic."
What to watch for at the hearing and beyond
Nu Wexler, a communications consultant who previously worked for tech companies, including Twitter, and on Capitol Hill, expects senators to ask about the two Indian government agents allegedly hired at Twitter and how Twitter protects sensitive information about U.S. citizens.
But he's doubtful that lawmakers are truly motivated to act.
"We have seen time and time again, no matter who the whistleblower, no matter what the particular controversy, our representatives are up in arms for a while, propose a number of pieces of legislation, and yet not much has yet come of it," he said. "Maybe in this case, we'll see more, because there are foreign intelligence and security questions involved."
Yet he is skeptical that there will be much substance to the hearing.
"The hearing will devolve into a political food fight about bias and censorship, like every other congressional hearing does," Wexler said. Because of free speech issues, "Congress is limited in what they can actually do about online content. And so they sort of stall out, which wouldn't be a bad outcome for Twitter here."
Zatko filed his complaint with the Securities and Exchange Commission, the Federal Trade Commission and the Justice Department. The SEC is already questioning Twitter on how it counts fake or bot accounts on its platform.
The FTC is likely to take action too, said Rebekah Tromble, a George Washington University professor, who studies social media.
"We're seeing, even just in the last few months, really strong signals from the FTC that they are ready, willing and able to step into the void to take a much firmer stance with the social media companies." she said.
The FTC has already fined Twitter $150 million for misusing user email addresses and phone numbers for marketing purposes in violation of its 2011 consent decree.
Tromble says senators and their staff are now better versed on tech policy and industry challenges. She expects sophisticated and nuanced questions from senators.
"I think we can expect more intelligent, thoughtful questions than we've seen in some of the hearings that took place maybe three, four or five years ago when [Facebook CEO] Mark Zuckerberg and [then-Twitter CEO] Jack Dorsey could say just about anything and it was taken at face value," said Tromble, whose research has been funded by Twitter in the past.
Twitter's lawsuit against Elon Musk casts a shadow over the Senate hearing
Meanwhile, the lawsuit that Twitter brought against the world's richest person is speeding toward an October 17th trial date.
Musk seized upon Zatko's allegations to bolster his defense, which had previously focused on how Twitter counts false accounts on the platform. (Many experts in corporate law say that is a flabby argument.)
Last week, Delaware Chancery Judge Kathaleen St. Jude McCormick allowed Musk to amend his countersuit to include Zatko's allegations.
If you're waiting for juicy details about Twitter's inner workings, "the Musk case is far more important than the Senate hearing," Wexler said. "That's the main event." [Copyright 2022 NPR]