“Mr. Zatko’s allegations of widespread security failures and foreign state actor interference at Twitter raise serious concerns,” said Sens. Dick Durbin and Chuck Grassley, the committee’s chair and ranking Republican, respectively. “If these claims are accurate, they may show dangerous data privacy and security risks for Twitter users around the world.”
Twitter has pushed back on the allegations in the disclosure and said Zatko was fired in January for “ineffective leadership and poor performance.” (Zatko maintains he was fired in retaliation for concerns he was raising regarding security vulnerabilities.)
“What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context,” a Twitter spokesperson said in a statement Tuesday in response to the disclosure. “Mr. Zatko’s allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders. Security and privacy have long been company-wide priorities at Twitter and will continue to be.”
The disclosure — which totals around 200 pages, including supporting exhibits — was sent last month to a number of US government agencies and congressional committees, including the Securities and Exchange Commission, the Federal Trade Commission and the Department of Justice. CNN obtained a copy of the disclosure from a senior Democratic aide on Capitol Hill. The SEC, DOJ and FTC declined to comment.
The Senate Intelligence Committee, which received a copy of the report, is taking the disclosure seriously and is setting a meeting to discuss the allegations, according to Rachel Cohen, a committee spokesperson. Sen. Richard Bumenthal, who chairs the Senate subcommittee on consumer protection, wrote a letter to the FTC Tuesday calling on the agency to investigate the claims, and impose fines and individual liability on specific Twitter executives if a probe finds they were responsible for security lapses. Sen. Ron Wyden on Wednesday renewed calls for Twitter to protect its users’ direct messages from prying eyes with secure, end-to-end encryption.
The dispute between Twitter and Musk is set to go to trial in October, but Twitter has nonetheless moved ahead with the other steps needed to complete the deal, including the September 13 shareholder vote. Twitter’s board has unanimously recommended that shareholders vote in favor of the deal. If shareholders approve the acquisition, it could give Twitter some additional leverage in its legal fight against Musk.
But the whistleblower disclosure could become the latest wrinkle in the legal fight over the deal. Zatko alleges that Twitter has misled Musk and the public about the number of bots on Twitter, and Musk’s lawyers could also attempt to use other, unrelated allegations in the disclosure as additional reasons the Tesla CEO should be able to walk away from the deal. Musk’s lawyers subpoenaed Zatko prior to Tuesday’s reporting on his disclosure, and in a court hearing Wednesday regarding discovery materials, they referred to his claims about bots in the disclosure.