back to article Twitter whistleblower Zatko disses bird site as dysfunctional data dump

Twitter's former head of security Peiter "Mudge" Zatko on Tuesday told the US Senate Judiciary Committee that the social media company's lax data handling and inability to present problems to its board of directors threaten the privacy, security, and democracy for Americans. Zatko appeared before Senate lawmakers to testify …

  1. Throatwarbler Mangrove Silver badge
    Thumb Up

    "Ginger, get the popcorn!"

    <EOM>

  2. Tree
    Linux

    Glad I never used the little Tweet birdie

    My privacy is very important to ME, but not to those blokes. You cannot trust them.

    1. The Man Who Fell To Earth Silver badge
      FAIL

      Re: Glad I never used the little Tweet birdie

      Twitter is for Twits.

  3. Potemkine! Silver badge

    I don't understand why having potentially foreign agents in Twitter is a matter of National Security. Twitter deals with public informations, which visible are visible by World + Dog. There's a threat against users who may be tracked because of their opinion, but where is the danger for the USofA?

    Code pushed directly in production without going through a test environment? That would be the first time that it happens in a company! /s

    It's good to know that the CNIL, an independent body, is feared because it does a good job. It should be the same in all democratic countries.

    == Bring us Dabbsy back! ==

    1. Khaptain Silver badge

      They could possible decide which informations are published and which are not.. Also they could artificially increase view, thereb creating a buzz on elements that they deem important.

      Then they have access to user accounts, whats to stop them publishing on behalf of someone else.

      There are probably undreds of reasons political reasons that go far beyond oour understanding,

      1. Andy The Hat Silver badge

        Couldn't agree more. This is the new world of social media where influence - whether truth, irrelevance or misinformation - is all that is important and is open to control by whoever is has a hand or even a finger on the puppet strings ...

        1. Charlie Clark Silver badge
          Coat

          Let me introduce to Lord Beaverbrook and William Randolph Hearst… Public opinion has always manipulated.

          Mine's the one with a copy of Rosebud in the pocket.

    2. imanidiot Silver badge

      Ne'er do wells (or more specifically, politically active people that certain countries DEEM to be ne'er do wells) might well be using twitter DMs to exchange "spicy" messages while their public feeds remain clean. It can also do very well to map the social network of certain individuals. Having access to meta-data from tweets probably helps tremendously in keeping track of daily habits/routines of a person, where they are, whom they associate with, what they look at, etc. Most of the data that "social" networks gather and sell is explicitly not the content of their website that Joe/Jane Public engages with. The content is just the feed trough to attract the livestock to the barn.

      1. Yet Another Anonymous coward Silver badge

        That's which we make foreign billionaires become citizens before controlling media empires. So that they are then aligned with the good of the nation and would never broadcast anything harmful

  4. Paul Crawford Silver badge
    Trollface

    Hopefully Musk is made to buy Twitter and can then have a clean sweep to address all of these problems by re-employing Zatko and giving him the authority to act.

    Win-win really, the world gets a better Twitter and Musk gets a good financial spanking.

    1. Anonymous Coward
      Anonymous Coward

      It carries the risk of his mate Trump coming back online, which is NOT going to make the world a better place.

      1. aerogems Silver badge

        They aren't mates. If you put two narcissists, like Trump and Musk, in a room... It's like a nature film where two elk are butting heads trying to establish dominance. They both feel like they must be the center of attention at all times, so narcissists tend not to get along with other narcissists.

    2. Lars Silver badge
      Happy

      Yes, lets hope Musk buys it, kills it, and starts a new better named "Twats".

      1. Anonymous Coward
        Anonymous Coward

        Let's hope Musk buys twitter, kills it, and facebook is somehow also destroyed in the fallout.

        With no replacement for either, preferably. What happens to Musk after that may not matter so much. Destroying 2 of the largest and most toxic social media companies might even put him in the running for some awards.

  5. Filippo Silver badge

    > "We're going to create a system more like Europe, a regulatory environment with teeth,"

    If the only thing that comes out of this Twitter spectacle is this, then it will all have been worth it. Regulator agencies must have true enforcement capabilities. If all they can do is slap on wrists, then the regulator is just an illusion, something concocted to trick voters into thinking there is proper regulation.

    1. Anonymous Coward
      Anonymous Coward

      sorry that made me laugh. From what I see, regulators only take fines/bribes/taxes for criminal activity including negligence. If it gets fixed is not so important (to them). SNAFU.

      When's the last time any executive of a data breach went to jail? billions in fines/bribes keeps "the system" working, same as it ever was.

    2. gandalfcn Silver badge

      "US regulators are toothless" No shite Sherlock, that's precisely what they were designed to be.

    3. usbac Silver badge

      You know you have really screwed up, when politicians from both parties actually agree on taking action against you.

      I think the comment about how nearly any twitter employee could take over the account of all of these Senators really got their attention focused.

      1. Anonymous Coward
        Anonymous Coward

        it needs to affect the senior stakeholders to get action

        When I was pushing to divert dev resources into Y2K remediation the final button that worked was a meeting with board level execs (all in their 50's) warning them that their pensionable service could be decremented rather than increased if we did not fix the issue. I'd been fighting that battle publishing internal papers etc for 18 months and getting nowhere, the potential impact on their personal finances suddenly opened the door.

        And before anyone starts telling me that y2k was a myth we had to divert 30% of all development resources to mitigate this, this included re-engineering 20 year old bespoke systems to accept 4 digit years with the associated changes to all feeder systems. Of the 600+ applications affected very few didn't require at least a minor upgrade to remediate the issue.

  6. Anonymous Coward
    Anonymous Coward

    Twitter has aslo problems with severance packages....

    ... this guy bagged more than seven millions and went on trashing the company - didn't they ask some kind of NDA for that money?

    I understand that running the company form Polynesia could be quite difficult.... yet this looks to be basic stuff for companies.

    1. imanidiot Silver badge

      Re: Twitter has aslo problems with severance packages....

      NDAs are.... tricky, legally speaking. It might well be that revealing these things is deemed to be "in the public interest" and that this means the NDA cannot be enforced. Similarly if he's called in court and told to speak on these subjects he might have to bite his tongue on anything unless explicitly asked, but if asked he cannot then rely on the NDA to keep quiet, the court overrules the NDA.

      There's plenty of cases that have actually gone to court to show that NDAs are basically unenforceable in all but the most blatant cases, but the problem is few of these cases go all the way through the courts to set a precedent because companies that use NDAs usually have the means to stretch cases out to such an extend that people settle out of court (or basically give up) because they've been financially bled dry.

      1. Anonymous Coward
        Anonymous Coward

        Re: Twitter has aslo problems with severance packages....

        Are NDA enforceable? I don't think so. Most "agreement" out of courts imply some sorts of them, in exchange for the money. Sure, probably a court could overrule them if needed - but he started to talk before any court summoned him.

        I'm not defending Twitter - but I found strange they were ready to pay seven millions without anything in exchange. If they didn't, it really look a company that doesn't know what it's doing. And if asked the money and then started to talk, well, it's not really am ethical behaviour. So after all he was a good fit for Twitter.

        If I'm going to denounce a company, I don't wait to be fired, nor I ask millions to leave. That said, what he's saying about Twitter can be wholly true. But he could find himself in an awkward position, if he looks someone determined to exploit the situation.

        1. Brewster's Angle Grinder Silver badge

          Re: Twitter has aslo problems with severance packages....

          " I found strange they were ready to pay seven millions without anything in exchange."

          My presumption is he's contractually entitled to that amount, and that if they don't pay, he'd sue and get the money. And because he's legally entitled to it, there's no way they can force an NDA on him.

          But, as pointed out, an NDA is just another form of contract. Break it and you get sued for whatever remedies are set out in it. Being compelled to testily would be a valid defence - as would whistleblower statutes.

          1. Anonymous Coward
            Anonymous Coward

            "is he's contractually entitled to that amount"

            And if so it is also strange that the same contract has no provisions about keeping quiet about company businesses when you leave - which are quite common when you are in top spots. If Twitter didn't it, they really look like a bunch of morons.

            Or do you mean contracts are valid only when advantageous to you, but not vice-versa? Of course nobody forces you to sign a contract you deem "unethical". Then if your "ethics" can be bought, it doesn't shine a good light on you when suddenly you feel the need to tell everything - but just after having been fired and bagged the money. You can just become a witness that could not be believed enough. That's the risk.

        2. Charlie Clark Silver badge

          Re: Twitter has aslo problems with severance packages....

          The Whistleblower Act should provide immunity. NDAs are very common in the US and they can be very broad and contain excessive penalty clauses.

        3. imanidiot Silver badge

          Re: Twitter has aslo problems with severance packages....

          NDAs are usually enforced by the simple threat of being taken to court if you breach them. Even if no penalties will ever come of it payable to the company, them suing you in court is going to cost you more than a pretty penny (especially in the US) and they'll just keep it going until they have the shirt of your back. The threat of this happening, justified or not, is what companies use to get people to hold their tongue.

  7. wolfetone Silver badge
    Holmes

    I'd be interested to know if Zatko has received any sort of money from Musk or associates. As this sort of talk would be very incredibly handy to use in a court case where it would get you off the hook from buying Twitter.

    1. Tom 38

      Any revelations Zatko has, whether true or false, have very little bearing on whether Musk will be forced to buy Twitter. IANAL, but these guys are - https://lawprofessors.typepad.com/business_law/2022/08/i-guess-im-writing-about-twitter-again.html is a good summary.

      Musk is contractually barred from claiming fraud due to statements outside the merger agreement. He can’t claim fraud based on blog posts, Twitter executives’ tweets, statements to market analysts, or any materials of that nature. He can, however, claim fraud due to statements in the merger agreement itself.

      The merger agreement gives him almost no wiggle room to get out of this deal.

    2. Charlie Clark Silver badge

      Musk is just using Zatko for publicity because it's convenient.

  8. Howard Sway Silver badge

    Zatko, hired several months after the 2020 Twitter account takeovers

    Funny how he never knew that the site was insecure and full of garbage before he accepted a job there, when the entire rest of the world knew, but happily collected a lot of money from them in salary and payoff, only to raise his not very new "concerns" once his bank account was well stuffed and he was out of the door.

    Any basic regulatory audit would have caught the things he's "revealed", but the politicians he's blabbed to have been obsessed with deregulation and letting companies do whatever the hell they want. The fact that other governments have exploited this with foul consequences has now finally penetrated the skulls of the well lobbied politicians, whose job it always was in the first place to protect democracy and national security. But they were happily using it to skew their own democracy so they didn't pay enough attention to the fact that other governments could easily play the game too. Maybe they should stop outsourcing responsibility for serious matters to amoral tech bros and do more than accepting big donations from these companies lobbyists.

    1. Brewster's Angle Grinder Silver badge

      Re: Zatko, hired several months after the 2020 Twitter account takeovers

      "...but happily collected a lot of money from them in salary and payoff, only to raise his not very new "concerns" once his bank account was well stuffed..."

      I imagine he could have earnt equivalent sums elsewhere.

      And I imagine he thought the executives wanted to fix the problems, and wanted his expertise to help with that. Whereas, in the end, it turned out he was hired as a fig-leaf.

    2. ChoHag Silver badge

      Re: Zatko, hired several months after the 2020 Twitter account takeovers

      Catch up. He was hired to fix all that and is blowing the whistle because they wouldn't let him.

      It was in the news.

  9. aerogems Silver badge
    WTF?

    More Political Theater

    Republicans get to claim they were holding "big tech" to account, and especially getting to rake Twitter over the coals a bit after banning their demagogue. Democrats get to claim that they support whistleblowers and it helps distract from inflation in the upcoming election season.

    Meanwhile, now that the cameras are off and people's attention has been directed elsewhere, there will be no follow up of any kind on any of these issues. Unless we count Elon Musk's increasingly pathetic and desperate attempts to get out of buying the company when he signed an "as-is, no warranty express or implied" agreement.

    1. Anonymous Coward
      Anonymous Coward

      Re: More Political Theater

      I pretty much agree, but I see twitter as nothing more than a liability, a sinking ship waiting for a new caption to go down with it.

      As is, is one thing, criminal neglect that was intentionally hidden is another.

      Reminds me of bad used car sales, selling cars with steel wool in the muffler to prevent them from smoking, while the engine was really trash. As Is, shouldn't allow criminal dishonestly a pass.

  10. Kevin McMurtrie Silver badge

    Bright future

    This enormous list of problems makes it sound like a mega-billions hocky-stick-growth startup company. The world needs more people just to keep up its potential.

    Carry on, Musk.

  11. Anonymous Coward
    Anonymous Coward

    Musk so deserves to buy Twitter

    It’s chaotic

    It’s buggy

    It’s badly managed

    So very Muskian.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like