The former Twitter executive-turned-whistleblower who has become central to Elon Musk’s attempt to back out of buying the social media company is set to discuss his concerns over the platform’s security in a US Senate hearing on Tuesday.
Twitter’s ex-chief security officer Peiter “Mudge” Zatko will appear before the Senate judiciary committee in a session that will thrust the company’s cyber security practices into the spotlight — and could shape the future of Musk’s high-stakes legal battle.
Zatko, who was fired by Twitter earlier this year, filed a complaint to US authorities in early July alleging that Twitter had misled users and regulators about its lax cyber security practices and allowed foreign intelligence infiltration of the platform. The complaint also raised concerns about bots.
In a letter addressed on Monday to Twitter’s Parag Agrawal, senators Richard Durbin and Charles Grassley called on the chief executive to also appear at Tuesday’s hearing and sent a list of more than a dozen questions about its security, with a deadline to respond of September 26.
“If accurate, Mr Zatko’s allegations demonstrate an unacceptable disregard for data security that threatens national security and the privacy of Twitter users,” the letter said.
Twitter declined to comment on the letter and whether Agrawal would attend the hearing.
The accusations have been seized upon by the Tesla co-founder, who is already suing Twitter in relation to his $44bn deal, arguing that it underestimated the number of bots on the platform and misled regulators on that matter.
A Delaware judge agreed last Wednesday to consider Zatko’s allegations as part of the case after Musk’s team asserted that, if true, they would constitute fresh grounds to cancel the deal.
Zatko has also been subpoenaed by Musk’s team to testify at the trial, which is set for early October.
Separately, Musk’s lawyers said in a letter to Twitter on Friday that the company’s $7.75mn severance payment to Zatko in June was made in breach of the merger agreement and therefore constituted “an additional basis to terminate” the deal.
According to Musk’s lawyers, the payment violated a clause in the merger agreement stating that the company should not make severance payments outside of the “ordinary course of business” without consulting Musk first.
Musk was neither notified nor asked for consent, his lawyers said, but only found out about the payment on September 3 through legal filings.
In a letter on Monday, Twitter’s lawyers dismissed the accusations around the severance payment as “invalid and wrongful”, adding that the company “intends to enforce the agreement and close the transaction on the price and terms agreed upon with the Musk parties”.
The October trial could shine a light on the inner workings of Twitter’s security practices. The company has long faced criticism for having poor controls, particularly after crypto scammers hacked the official accounts of hundreds of public figures and companies in July 2020.
Zatko, who has previously worked for the US defence department, was brought in by former chief executive Jack Dorsey in the wake of the hack.
Twitter has accused Musk of getting cold feet over the deal as tech stocks have cooled and repeatedly using “pretexts” to wriggle out of his commitment to buy the company.
It has argued that it is Musk who has breached the merger agreement, including violating the non-disparagement clause by repeatedly goading the company and its executives on Twitter.
Twitter’s lawyers said last week that in early 2022 Zatko had raised concerns with senior executives that the company was misleading its risk committee on cyber security matters. However, the company said that these concerns were investigated internally and “found to be without merit”.
Its lawyers also claimed that Zatko had only later started “parroting” Musk’s concerns over the separate issue of bots and spam, adding that this was not his area of expertise and “raises an eyebrow”.