Twitter’s former security chief claims the company is hiding the ball when it comes to spam and bots
Updated August 23, 2022 at 9:24 am EDT|Posted August 23, 2022 at 5:59 am EDT Telsa CEO Elon Musk is seeking to end his deal to buy Twitter. (Illustration by Chloe Meister/Washington Post; Jim Watson, Amy Osborne/AFP via Getty; iStock) Comment on this story Comment SAN FRANCISCO — Elon Musk claims Twitter is grossly undercounting the number of spam and bot accounts on its platform. A new whistleblower complaint from a recently fired top brass The Twitter executive could add ammunition to that argument, though he provides little hard evidence to support a basic claim. Former security chief Peter Zatko accuses Twitter of “lying about Bots to Elon Musk” in a whistleblower complaint filed in July with regulators, including the Securities and Exchange Commission. a copy of which was obtained by the Washington Post. Zatko, a well-known figure in the security community, claims that Twitter has no incentive to count the true number of bots and spam accounts on the service, which has 238 million daily users. And it lays out another argument that could give Musk a potential boost in his fight to prove that Twitter breached its contract when it agreed to buy the company for $44 billion: that Twitter misled regulators about its defense against hackers. Importantly, however, Zatko provides limited hard evidence in his complaint about spam and bots, so the potential impact of these claims is hard to gauge at first. Musk’s lawyers scheduled a deposition with Zatko before the whistleblower complaint was released, according to a person familiar with the matter, who spoke on condition of anonymity to discuss an ongoing legal matter. Twitter has repeatedly countered that it doesn’t count or work hard to combat bots and spam. In May, CEO Parag Agrawal said the company removes half a million spam and bot accounts every day, a number the company updated in July to 1 million a day. “Twitter fully supports … our statements about the percentage of spam accounts on our platform and the work we do to combat spam on the platform in general,” Twitter spokeswoman Rebecca Hahn said in response to Zatko’s claims. . But any new allegation that Twitter misled shareholders and regulators could bolster Musk’s case in Delaware District Court in October, according to a half-dozen legal experts who spoke to The Post before the complaint became public, who were not briefed on the complaint. The arguments will depend on the seriousness of the revelations, as well as the data supporting any new claims — and the extent to which Musk relied on those claims to close the deal. “We have already subpoenaed Mr. Zatko and found his departure and other key employees puzzling in light of what we’re finding,” said Alex Spiro, a partner at Quinn Emanuel who is representing Musk in his ongoing work. litigation with Twitter. Musk did not immediately respond to a request for comment. Musk’s countersuit contains aggressive new claims. Twitter contradicts them. Musk, the CEO of Tesla and SpaceX, is trying to back out of his deal to buy the social networking site, arguing that Twitter’s long-standing estimate that bot and spam accounts make up less than 5 percent of its “daily monetizable users’ is untrue. He ended his deal to buy Twitter by claiming that miscounting bots would have a “material adverse effect,” a fundamental change to the business that, for example, sharply reduces its value. And he has since hit back at the company for allegedly misleading his team, accusing Twitter of fraud and breach of contract. Twitter’s deal is temporarily on hold, pending details that support the estimate that spam/fake accounts actually represent less than 5% of usershttps://t.co/Y2t0QMuuyn — Elon Musk (@elonmusk) May 13, 2022 Zatko is a security pioneer who is known in the industry for his history of exposing software flaws – under the handle “Mudge”. His tenure at Twitter, however, was controversial, resulting in repeated clashes with fellow executives and, ultimately, his firing. The complaint alleges that Twitter misled regulators from the Federal Trade Commission and the Securities and Exchange Commission about security issues. Twitter’s Hahn said Zatko’s claims were “riddled with inaccuracies.” The actual number of bots and spam accounts on Twitter is likely to be “substantially higher” than the number claimed by Twitter, according to the complaint. “Twitter executives have little or no personal incentive to ‘detect’ or accurately measure the prevalence of spam bots,” the complaint alleges, adding that “willful ignorance was the norm” among its executive team. A redacted version of the 84-page dossier went to congressional committees. The Post obtained a copy of the disclosure from a senior Democratic adviser on Capitol Hill. Twitter investigates Elon Musk’s social circle in broad legal filings The bot claims “definitely strengthen Musk’s case because you have someone with inside knowledge,” said Anthony Casey, a law and economics professor at the University of Chicago Law School. However, he cautioned that the claims do not appear to be a smoking gun because there does not appear to be any concrete evidence that the company was deliberately lying about the number of bots. “It has to be more than just, ‘You’re being sloppy about it because you didn’t really care,’” Casey said. “That adds to (Musk’s) case, but I still think he has a weak case.” Several departments at Twitter are responsible for fighting spam and bots. As head of security, Zatko was not directly responsible for bot removal, but his role involved some aspects of bot removal. Zatko was fired well before Musk’s initial Twitter investment went public in April, ahead of his acquisition announcement later that month. Four people familiar with the company’s processes for detecting spam, who like others spoke on condition of anonymity to describe sensitive internal matters, told The Post that the company maintains several internal logs of spam and bots — known as “prevalence” – to all service beyond the number provided to Wall Street. The Post also obtained an internal document, which was redacted to hide the numbers, showing that “spam prevalence” was a number shared on the board. The document was delivered to the board at a meeting attended by Zatko, according to two of the people. The four people said the social media company estimates the broader number of spam and bots on the service by using software to sample thousands of tweets each day, as well as 100 accounts that are checked manually. Three of the people said the company’s internal bot prevalence numbers were almost always less than 5 percent. Twitter’s Hahn said the company is transparent about the number of accounts it removes for violating its rules. In addition, there are many bots that follow rules and are allowed to remain. The company isn’t reporting a total number of bots because it would just be a small number of what they’ve caught, he said. Internal prevalence metrics focus on how many people see bots that violate the rules, which the company believes is a more accurate measure of potential harm than an overall metric, since many bots are inactive, Hahn added. Elon Musk says the Twitter deal is on hold, putting the bid on shaky ground Twitter and Musk were embroiled in a legal battle this summer after Musk backed out of his deal to buy the social media company. Twitter filed suit, claiming it had breached its contract while disrupting the site’s operations and leaking its shares. In response, Musk filed a countersuit late last month alleging a number of new issues, including that the majority of the ads are shown to fewer than 16 million users. That’s a tiny fraction of the 238 million daily users that Twitter claims could generate revenue for the company by serving ads. Alexander Manglinong, a lawyer who focuses on business litigation at the firm Stubbs Alderton & Markiles, pointed to Musk’s abdication of due diligence to complete the deal, depriving him of a deeper look into Twitter’s inner workings. “From my perspective — even without knowing what specific information might be out there, it still looks like against Musk, an uphill battle,” he added. Musk’s legal team has already shown its willingness to question high-ranking former executives by subpoenaing former Twitter CEO Jack Dorsey. (Zatko was already one of the executives whose records Musk’s legal team tried to obtain, but a judge denied the request.) Twitter sued Elon Musk, setting the stage for an epic legal battle Musk’s team has sought information from more than 20 company leaders, but the judge has so far allowed them to obtain internal communications from only one Twitter executive, former head of consumer product Kayvon Beykpour. Zatko claims in his complaint that an unnamed senior executive tried to shut down a key tool for stopping bots and spammy accounts. The tool, internally called ROPO, for “read-only phone,” blocks an account from tweeting until a user can prove they’re connected to a real person. That executive was Beykpour, who was fired by Agrawal this year, said two of the people familiar with the company’s spam procedures, as well as a third person with knowledge of the discussions. The complaint states that Beykpour became critical of the tool after he personally “received a small number of unsolicited DMS (text messages). But the people said Beykpour believed ROPO was riddled with much broader mistakes and was not trying to shut down the tool, but suggested an overhaul. Beykpour declined an interview request. Zatko’s lawyer from the nonprofit law firm Whistleblower Aid said before publication…
