Twitter whistleblower reveals employees concerned China agent could collect user data

September 14, 2022 - 4:04 PM
Twitter whistleblower
Twitter Inc.'s former security chief Peiter "Mudge" Zatko testifies before a Senate Judiciary Committee hearing to discuss allegations from his whistleblower complaint that the social media company misled regulators, on Capitol Hill in Washington, U.S., September 13, 2022. (Reuters/Evelyn Hockstein)

The FBI informed Twitter Inc of at least one Chinese agent working at the company, U.S. Senator Chuck Grassley said during a Senate hearing on Tuesday where a whistleblower testified, raising new concerns about foreign meddling at the influential social media platform.

Peiter “Mudge” Zatko, a famed hacker who served as Twitter’s head of security until his firing in January, said some Twitter employees were concerned that the Chinese government would be able to collect data on the company’s users.

Twitter has come under fire previously for lax security, most notably in 2020 when teenage hackers seized control of dozens of high-profile accounts, including the verified profile for U.S. President Barack Obama.

On Tuesday, Zatko’s testimony before the Senate Judiciary Committee revealed Twitter’s security issues could be far more serious, alleging for the first time that the company was informed of agents of the Chinese government working at the social media firm.

During his testimony, Zatko referenced a Reuters story on Tuesday that detailed internal clashes between some teams that wanted to maximize the advertising revenue opportunity from Chinese advertisers and others who were concerned about doing business inside China amid rising geopolitical tensions.

“This was a big internal conundrum,” Zatko said, adding the company was reluctant to turn away from China as the fastest- growing overseas market for ad revenue.

“In a nutshell, if we were already in bed, it would be problematic if we lost that revenue stream,” he said.

Zatko said on Tuesday that in the week before he was fired from Twitter, he learned the FBI told the company an agent of China’s Ministry of State Security, or MSS, the country’s main espionage agency, was on the payroll at Twitter.

It was not immediately clear if the alleged Chinese agent was still working at the company.

Twitter did not immediately respond to a request for comment on Zatko’s testimony and the committee hearing.

Zatko also said he recalled a conversation with another Twitter executive about concerns that a foreign agent was inside the company. The executive responded “Well, since we already have one, what does it matter if we have more?”

When asked if he believed something good would come from the hearing, Zatko said “I hope so.”

“I’m basically risking my career and reputation. And if something good comes from this five or 10 years down the road, it will have been worth it.”

Litigating against Musk

Grassley noted that Twitter Chief Executive Parag Agrawal refused to appear at the hearing for fear it could jeopardize the company’s litigation against Elon Musk, who is also the CEO of Tesla Inc. Twitter and Musk head to trial next month over whether the billionaire’s $44 billion takeover deal should be completed.

The senator said in his opening remarks that many of the whistleblower allegations directly implicated Agrawal, and if the claims were true, “I don’t see how Mr. Agrawal can maintain his position at Twitter going forward.”

Later on Tuesday, Twitter will also announce the results of a shareholder vote on Musk’s takeover of the company. Twitter shareholders have approved Musk’s buyout of the company, Twitter said on Tuesday after a virtual special meeting of stockholders.

The San Francisco-based company sued Musk for terminating the agreement, while the Tesla chief executive countersued, accusing Twitter of misrepresenting the number of false and spam accounts on its service.

A Delaware judge ruled last week that Musk may include Zatko’s whistleblower claims in his case against Twitter, but denied his request to delay the trial.

The Senate Judiciary Committee is questioning Zatko over his claims that Twitter misled regulators about its compliance with a 2011 settlement with the Federal Trade Commission over improper handling of user data.

Since then, Twitter has made “little meaningful progress on basic security, integrity and privacy systems,” Zatko’s complaint filed with regulators in July said.

Twitter has said Zatko was fired for “ineffective leadership and poor performance,” and that his allegations appeared designed to harm Twitter.

Zatko’s whistleblower complaint appeared to contain over two pages of links to supporting documents, such as emails between Zatko and CEO Agrawal and an assessment of misinformation and disinformation on Twitter. The number of documents was limited compared with those provided by Facebook whistleblower Frances Haugen, who released thousands of pages of internal material.

Reporting by Sheila Dang in Dallas, Additional reporting by Richard Cowan and David Shepardson in Washington; Editing by Kenneth Li, Lisa Shumaker and Matthew Lewis