whistleblower ‘maintains all information’, lawyer says

the washington post and CNN revealed on Tuesday, August 23, the content of a document sent by the former head of Twitter security, Peiter Zatko – nicknamed “Mudge” in the computer security community – to several regulators and American parliamentary committees. These 200 pages affirm in particular that the company suffers from serious security problems, which management has downplayed with its board of directors, and reveal several particularly problematic cases if they were confirmed, including the hiring of a Indian Intelligence via Twitter. Mr Zatko had been fired by Twitter in early 2022 for “poor performance”.

Read also: Whistleblower accuses Twitter of ‘extreme and shocking’ security failures

John Tye, Mr Zatko’s lawyer and the founder of whistleblower aid organization Whistleblower Aid, answered questions from the World.

For the past two days, Twitter has been defending itself by presenting Mr. Zatko’s revelations as exaggerations published by a disgruntled former employee. Is this your opinion?

Absolutely not. This is the classic defense of organizations that seek to attack the author of the disclosures, his person or his credibility, rather than responding to the content of the disclosures. This is ridiculous: Peiter Zatko did a great job at Twitter, and he was actually recruited by Jack Dorsey [fondateur et ancien PDG] because he had the credibility to pull Twitter out of the security problems the company had created itself over the past decade.

His CV is impeccable: thirty years ago, he was one of those who created the community of ethical hacking. He pushed Microsoft to respond ethically and legally to security issues, and he testified before the US Congress as early as 1998 on these matters. He also enjoys very strong credibility, not only in the cybersecurity community, but also in the intelligence community. Before Twitter, he worked for Darpa [l’Agence de recherche de l’armée américaine] on projects that are at the forefront of the United States’ offensive and defensive capabilities. He has always had the reputation of an ethical and honest man; if that’s the best defense Twitter could come up with, then they don’t have much.

Read his profile: “Mudge”, famous hacker and new head of security for Twitter

However, he is reputed to have been close to Jack Dorsey, who left the company at the end of 2021, but to have had a more difficult relationship with his successor, Parag Agrawal.

When Mr. Agrawal was appointed CEO, Mr. Zatko had an interview with him. He told him very clearly that if he wanted him to leave so he could choose his own security chief, he would leave. Mr Agrawal said: “No, I want you to stay. » But Mr Zatko was fired less than two months later, after raising his concerns with the board. In any case, it maintains all the information that appears in the documents sent to the regulators.

You told the American press that Mr. Zatko had had no contact with Elon Musk, whose trial against Twitter is due to begin in October. One of the issues in this trial will be the issue of automated accounts, which are an important aspect of the revelations made by Mr. Zatko. Does he fear that these revelations will be instrumentalized in the procedure?

This is not one of his concerns. He had started sounding the alarm internally in December 2021. When he was fired in January, he immediately began working on how he could legally alert law enforcement and regulators. This all happened months before Elon Musk was interested in a Twitter takeover. These revelations may have an impact on the proceedings, but that was in no way his motivation.

Read also: Elon Musk summons ex-Twitter boss to provide him with documents

It is rare for people so highly placed in the hierarchy of a company or an administration to denounce breaches in this way…

Mr. Zatko is a particularly courageous person, who worked for decades to become someone who would be in a position to make a difference. Looking back, for the past ten years, most whistleblowers were single, no kids, no credit… Once you have a family and a career, it’s very hard to stand up. against power structures. This remains frightening for Mr. Zatko: he has two young children and he is of course worried about his career, his financial security…

But I am convinced that our model of disclosures through legal channels works and makes it easier for people who witness serious violations of the law to act. Mr. Zatko has forwarded all relevant documents in his possession to regulators and law enforcement. From now on, we just hope that they will do their job and investigate these revelations.

Leave a Comment