Before the Elon Musk buyout, Twitter looks like the worst-run tech company ever with new revelations about lax security, no oversight, and a corporate culture geared towards hiding the ugly truth from the company’s own board of directors and the FTC.
Former CEOs Jack Dorsey and Parag Agrawal have some ‘splainin to do.
Almost unnoticed among the more salacious #TwitterFiles reveals from Matt Taibbi, Bari Weiss, and Michael Shellenberger, “the stuff uncovered in the Twitter whistleblower report is much crazier,” according to Twitter user Avid Halaby. Halaby did a deep dive into the newly released insider materials, and his Twitter thread shows a company that was a Rube Goldberg device of bad policies and worse execution.
Whistleblower Peiter “Mudge” Zatko is the company’s former Security Lead and a longtime advocate of better internet security practices. Zatko first went public back in August, with CNN reporting his claim that “Twitter trusted far too many employees with access to sensitive user data, creating a fragile security posture that an outsider could exploit to wreak havoc on the platform,” and that “one or more current Twitter employees may be working for a foreign intelligence service,” and that “Agrawal misled the company’s board of directors by discouraging Zatko from providing a full account of Twitter’s security weaknesses.
Halaby reports that in 2020, “Twitter had security incidents serious enough they had to be reported to the federal government on an almost weekly basis.” At the exact same time, Agarwal “was lying about how secure” the platform was.
According to the legal papers filed by Zatko’s attorneys, more than half of the company’s 11,000 full-time employees “had privileged access to Twitter’s production systems.” That’s a security nightmare, particularly now that it’s come to light that “Twitter didn’t monitor employee computers at all,” and that “it was not uncommon for employees to install spyware on work devices.”
During the overtly political commotion behind the scenes during the January 6 protests, Zatko “wanted to take action to prevent potential sabotage by a rogue employee,” but “he learned it was not possible for Twitter to secure its production environment.”
What was really going on? Not even the company’s own management could say for sure.
Even worse — is that even possible at this point? — is that the platform’s entire existence, its treasure trove of users and user data, sat beneath a digital Sword of Damocles.
Zatko “realized that a data center failure could potentially cause the permanent loss of all of Twitter’s data,” Halaby reports. “He shared this fact with senior leadership, who instructed him not to put it in writing for the Board.”
It almost happened, too:
In or around the spring of 2021, Twitter’s primary data center began to experience problems from a runaway engineering process, requiring the company to move operations to other systems outside of this datacenter. But, the other systems could not handle these rapid changes and also began experiencing problems. Engineers flagged the catastrophic danger that all the data centers might go offline simultaneously. A couple months earlier in February, Mudge had flagged this precise risk to the Board because Twitter data centers were fragile, and Twitter lacked plans and processes to “cold boot.” That meant that if all the centers went offline simultaneously, even briefly, Twitter was unsure if they could bring the service back up. Downtime estimates ranged from weeks of round-the-clock work, to permanent irreparable failure.
Twitter survived — but barely.
Former management could be in legal hot water for lying to the FTC, as well.
The company signed a 2011 Consent Order with the nation’s trade commission, committing them to a “uniform process to develop and test software” called an SDLC.
But as Zatko’s whistleblower report shows:
What this looks exactly like is that Twitter was lying to federal regulators, on Agrawal’s direct order. Agrawal only became CEO in November of 2021.
Was management similarly misleading the FTC and its own board during the previous ten years under Dorsey?
Given that the company’s security and development practices never improved, and that the FTC never raised an eyebrow, it’s almost impossible to conclude anything else.
It’s no wonder the board sued Musk to force him to follow through on his purchase of the company because the old management didn’t want to be the ones caught next to the fan when the you-know-what hit.
I sincerely hope Musk can turn things around, but these revelations show it’s going to be a more difficult job than anyone thought.
Recommended: UKRAINE WAR: Putin Is Ready for a Long War, But Is Russia?
Join the conversation as a VIP Member