Twitter whistleblower likely sparked FTC investigation: experts

Experts say whistleblower Peiter « Mudge » Zatko’s explosive accusations about security issues on Twitter have almost certainly sparked a Federal Trade Commission investigation — and that’s not necessarily good news for Elon Musk.

Former FTC officials told The Post they were confident the agency had opened an investigation into Twitter – but added that any potential fines would come after next month’s court battle with Musk, potentially forcing the tycoon to pay billions of dollars in penalties if forced to take over the business.

Zatko – a notorious hacker who spent nearly two years as Twitter’s security chief until earlier this year – has accused Twitter of condoning troubling security issues, including keeping a Chinese spy on its payroll .

Former FTC officials say the probe likely focuses on whether Zatko’s alleged conduct means Twitter violated a so-called 2011 consent decree that requires the company to « not misrepresent » the the extent to which it protects the security and privacy of users. The investigation could potentially lead to billions in fines and a new, more restrictive executive order that personally names Twitter CEO Parag Agrawal, sources said.

« I would say with 100 percent certainty that they’ve opened an investigation, » said David Vladeck, who led the FTC’s consumer protection division from 2009 to 2012. « I’m confident the FTC is involved. in an investigation. »

He said opening an investigation makes good sense for the FTC.

“If there is reason to believe that a company has violated an existing consent order with the FTC, the FTC is not going to twiddle its thumbs, it will investigate,” Vladeck said.

Eileen Harrington, former executive director of the FTC, also said she was sure the agency was investigating Twitter, but was unsure which part of the agency was in charge.

“I would wonder who is conducting the investigation, because the best thing to do would be to leave it in the hands of the compliance and enforcement people – and ask them for help,” Harrington said. .

Representatives for Twitter and Zatko responded to requests for comment on this story. The FTC declined to comment.

Zatko warned during Senate testimony earlier this month that thousands of Twitter employees — potentially including spies — have access to sensitive user data, including private messages, current locations, addresses. personal information and telephone numbers.

Zatko also said the FTC’s lack of resources meant tech companies like Twitter were allowed to « rate their own homework » instead of being held accountable by regulators.

« I cringed when I read all of this, » Harrington said of Zatko’s testimony. « I thought, ‘This is very bad for the FTC. « »

Harrington, who spent 27 years at the FTC, has been a vocal critic of Biden-appointed chairwoman Lina Khan. She speculated that Khan might be inclined to respond to bad press related to whistleblowers by “pointing the finger” at overworked career FTC employees and taking over the investigation herself.

Over the past few weeks, the FTC has reached out to people asking questions on Twitter as part of its investigation, a source told The Post. Another source close to the agency said the FTC is investigating a violation of the consent decree involving a company that is most likely Twitter.

Twitter, for its part, claimed Zatko’s allegations are « riddled with inconsistencies and inaccuracies » and that it fired him in January 2022 for « poor performance and ineffective leadership. »

The site also sought to subpoena communications to determine whether Zatko coordinated with Elon Musk, who is currently fighting a legal battle to back out of his $44 billion deal to take over the site. Zatko denied filing a lawsuit to help Musk.

Even if the FTC eventually slams Twitter with a massive fine, the blow will almost certainly come long after Elon Musk takes on Twitter in court in Delaware starting Oct. 17. If the court orders Musk to buy Twitter, he would potentially be forced to pony up the penalty himself.

« There’s no way they can fully investigate and have anything announced by October 17, » Harrington said.

During his Senate testimony on Tuesday, Khan paused before confirming an investigation on Twitter, but said the FTC was « extremely disturbed » by Zatko’s allegations.

« There’s absolutely been a problem with companies treating FTC orders as suggestions, » Khan said. « We have an ongoing program to really strengthen that. »

Khan also said the FTC is prepared to personally name tech executives such as Twitter CEO Parag Agrawal in future orders.

« If we have a basis to appoint individuals because we find they meet the legal standard for that, we will not hesitate to do so, » Khan said in response to a question about Agrawal without specifically naming the CEO. from Twitter.

In May, Twitter agreed to pay the FTC a $150 million fine for violating the 2011 consent decree after regulators accused the company of harvesting phone numbers and emails for purposes security, and then accidentally sharing that data with advertisers.

Regardless of Zatko’s allegations, Twitter has also faced allegations in recent weeks that it has failed to adequately prevent minors from viewing and downloading pornography. Vladeck and Harrington said the allegations could attract the attention of the FTC, which has a mandate to protect consumers.