The new disclosure may help to strengthen Musk’s case and possibly encourage courts to be more attentive to the bot problem. Moreover, Musk’s legal team could attempt to seize on other claims in the disclosure unrelated to bots — including allegations that Twitter made misrepresentations to regulators such as the Federal Trade Commission and Securities and Exchange Commission about its privacy and security practices — as additional reasons he should be able to walk away from the deal.

“For many years, through many public statements [SEC]”Filings, Twitter made material misrepresentations, and omissions… concerning security, privacy, and integrity,” Zatko’s disclosure says. Given that Twitter’s potential takeover by Elon Musk is at stake, their misrepresentations have particular impact.

Zatko, better known as “Mudge,” is a prominent ethical hacker-turned-cybersecurity executive whose career also included stops at Google and the Department of Defense. Following a massive hack on Twitter in 2020, he was made the security lead at Twitter. However, he was fired in January this year after his attempts to whistle blow about possible security weaknesses and fraud from the senior leadership of the company.

He exposes the company’s security flaws that could threaten users data and platform functionality. This disclosure, he claims, may put US security at risk. Zatko alleges that Twitter’s highest executives have misled customers, regulators, and the company itself about its security. According to the disclosure, Zatko requested that Twitter open an investigation into any legal breaches.

Twitter spokeswoman said that Zatko had been fired because of “ineffective leadership” and poor performance.

The spokesperson stated that “What we have seen is a false narrative regarding Twitter, our privacy and security practices.” The timing and allegations of Mr. Zatko seem to be designed to attract attention and inflict damage on Twitter, its customers, and its shareholders. Twitter’s security and privacy are company priorities since the beginning and they will remain so.

Parag Agrawal, CEO of Twitter, wrote Tuesday an internal memo for employees. It was obtained by SME and promised to contest the disclosures and seek to reassure employees. He called the allegations “frustrating” and “confusing to read.”

Although the information could have a negative impact on Twitter’s relationship with regulators, users, and the board of its directors, it could also have a significant effect on the company’s case against Musk. Twitter sued Musk for using bots to stop the termination of the deal after Musk made an attempt to end the contract last month. Twitter asked for a court’s order to force him to comply with the agreement. The case will be heard in Delaware Chancery Court, October.

After Zatko’s revelation was reported, Alex Spiro, a Musk lawyer, stated that Zatko had been subpoenaed by his legal team in relation to the Twitter dispute. Spiro stated to SME that he and other key employees found their exits “interesting” in light of the information he had uncovered.

Twitter could not have a higher stake in the legal dispute and any effect the disclosures may have on it. It is trying to get a deal done to acquire the company at a much higher price than its market value, or to secure a breakup fee of a billion dollars from Musk. This will ensure that there’s no prolonged uncertainty. Twitter has struggled to grow its audience and advertise its products since before Musk was involved.
SME reported that Zatko’s disclosure was not related to the acquisition. That he also said that Musk isn’t his friend and that he didn’t know him personally. Zatko stated that he first began to document the issues that would be his disclosure, before Musk became involved with Twitter. Zatko claims that he has a limited amount of shares in one company as part his larger stock portfolio. Tesla (TSLA)He also acquired shares over the past 10 year, and a slightly bigger stake in Twitter as his compensation plan included stock. SME asked him not to touch the stock during disclosure.
Zatko started documenting his concern about the misleading statements that were made to Twitter’s security board in December. Musk reported Musk’s large share in Twitter in April, before agreeing later to purchase it.

To properly measure bots, you need to eat.

Twitter declared in February 2019 it would use a new measurement to measure the size of its audience for reporting quarterly financial results. The company, which had been facing a decline in users for several quarters, said it would shift from disclosing monthly active users — a metric commonly used by social media companies — to reporting monetizable daily active users (mDAU), a measure of the number of real users who could be shown an ad on the platform.

Twitter explained that they did not want to publish the maximum daily active user count. The company also stated in a letter it sent to shareholders, that advertisers would benefit from the new metric and get an easier understanding of how much the ads are worth. The metric also meant that the user numbers Twitter reported to shareholders — often a determining factor for a company’s share price — would be less likely to fluctuate if, for example, the company removed a large bot network comprising many accounts.

Twitter reported, since making the switch that spam and fake accounts account for less than 5% of all mDAUs. This figure was repeated by Twitter in its battle with Musk, and has been questioned by the billionaire. Twitter has admitted in SEC filings, that the figure depends on significant judgments that might not accurately reflect reality.

Musk said that in May his deal to purchase Twitter was being held. However, he appeared to question the presence of bots relative to total users. Agrawal replied in a Twitter thread several days later. He reiterated Twitter’s calculations that spam and fake accounts account less than 5% of the mDAU, and defends the company’s measurements. Zatko claimed that Agrawal answered a question different to Musk’s, and added that shareholders and regular Twitter users might not be able to distinguish between bots and total users as percentages of mDAU.
Elon Musk spoke about his offer to purchase Twitter during an on-stage interview at a TED conference in Vancouver, Canada, on April 14.

According to Zatko, Twitter considers bots to belong in a group of “non-monetizable users” that it doesn’t report. Twitter discloses publicly that the 5% bots estimate is a human-reviewed estimation of the bots that are included in the automated company count of monetizable daily users. While Twitter’s estimate of 5% of all mDAU bots may help advertisers identify fake accounts that could see their ads but are unable to respond, it is not representative of the entire range of spam and fake accounts on Twitter.

This disclosure points out another tweet Agrawal posted in May’s thread, in which he said that Twitter was “strongly incentivized” to remove spam every day. Zatko claims that Agrawal was wrong to state that the executives of the company were incentivized to increase mDAU by business pressures, bonus structures, and at times, sacrificed resources and attention for addressing spam issues on the platform.

Zatko claims that he started asking questions about bot accounts on Twitter early in 2021. He was then told by Twitter’s chief of site integrity how many bots were on the platform. SME Zatko was not provided with the context necessary by Twitter.

Zatko claims that he also came away with conversations with integrity teams with the understanding that company had “no appetite to properly assess the prevalence of bots,” partly because it might harm company’s image if that number is made public.

Twitter’s system to remove and measure bots is also made up of simple scripts that are mostly out-of-date, not monitored, and overworked.

Experts who study online inauthenticity say it’s difficult to identify bots. There is no universal definition, humans may sometimes create fake accounts or spam accounts, as well as bad actors continually changing their strategies. Many bots are good, including automated accounts that update users with weather and news. Users can also opt in to label such accounts so they can be identified. Zatko said that he believes it is still worthwhile in trying to measure spam and other malicious automated accounts.

In an interview with SME earlier in the month, he stated that the executive team, board, shareholders, and users deserve honest answers about what they’re consuming on the platform. The internet is a huge part of your perceptions about the world. This is scary because you won’t know the difference between what’s true and what’s fake.

Twitter states that they allow bots to use its platform. However, its guidelines prohibit any type of spamming or manipulation. However, like all other social media platforms, it is difficult to enforce these rules.

Elon Musk cited this tool in his bot dispute with Twitter. Its creator has thoughts

It claims it routinely challenges, suspends or removes accounts that are involved in spam and platform manipulation. Typically, the company has removed more than 1 million spam accounts every day. Twitter has confirmed that spam accounts are a fraction of the total spam and fake accounts. The company stated that the total number is not useful as it may include accounts Twitter already took action against. It also said it doesn’t believe Twitter could capture all of these accounts so the count would be minimal.

Zatko claims that it is difficult to understand Twitter’s figures about taking down fake accounts and spam without additional context. It is unclear whether that number, which Twitter claims to have collected from spam and fake accounts on its platform of over 900 million users per day, “is too large or small” for such an enormous site like Twitter. Because there’s no context, nobody knows.

Twitter refused to disclose the total number or average of accounts created daily to support the removal of the bot.

It’s possible that bots are not the only problem

Much of the dispute between Twitter and Musk has focused on bots — an issue that legal experts have said may not be material to the deal even if Twitter was found to have misstated the numbers. However, Musk’s legal team may also decide to address some other serious allegations against Zatko after the disclosure.

For example, Zatko’s disclosure alleges that Twitter has lax security practices and a lack of emergency plans, which could threaten to take down the servers that keep the platform running, potentially permanently — a so-called “Black Swan” event that he claims nearly occurred in the spring of 2021.

The disclosure states that Twitter “has consistently misrepresented” in SEC filings the company’s ability to recover from an outage of a few computers. This disclosure refers to risk factors that the company has listed in its annual report. It states it has a disaster recovery plan in the event of data center damage. Zatko asserts that the company’s recovery program might not be functional enough to avoid a Black Swan Event.

Twitter has pushed back, saying the disclosure is "riddled with inconsistencies and inaccuracies and lacks important context."

Twitter declined to answer specific questions regarding the possibility of data center failures, however it stated that the company continues to invest in technology and its people to protect the platform. SME also heard from a source familiar with the issue that there were systems in place for privacy, security and other health concerns long before Zatko arrived. They have continued to do so since Zatko’s departure.

In addition, the disclosure alleges that Twitter violated a consent order issued in 2011 by the Federal Trade Commission. This consent order was made after the company pledged to improve its security measures and protect user privacy. Zatko claims that Twitter’s executives know that they have “never been compliant” with the order, despite their assertions to the contrary.

Twitter claimed it is compliant with applicable privacy rules. It also stated it was transparent with regulators concerning its attempts to correct any deficiencies in its systems.

According to the disclosure, Zatko’s shortcomings in leading security at the company could lead to issues that could constitute “material adverse effects,” which is a term that refers to a change that significantly affects a company’s value. This could be a risk that might give Musk more leverage when trying out the deal.

Elon Musk subpoenas former Twitter CEO Jack Dorsey as legal battle heats up

This disclosure refers to the section of Twitter’s merger agreement with Musk in which Twitter stated that it doesn’t “infringe or misappropriate any Intellectual Property Rights of other persons” in any way that could be considered a material adverse. However, the disclosure alleges that Twitter has failed to obtain the appropriate licenses for the data it uses to train its artificial intelligence — which is used in key Twitter features such as the algorithm it relies on to rank what tweets users see.

The disclosure stated that “Twitter senior management have known for years, that the company never had the correct licenses to the data and/or the software needed to build some key Machine Learning model used to run this service.”

An acquisition agreement describes a material adverse impact as any change or event that causes or will cause material harm to the “business, financial condition, or results of operations” of Twitter. There are several exceptions, including economic and political conditions as well as “acts by God”, such as cyberattacks, terrorism, or data breaches. A court could decide which topics would be included in this classification. However, the claims by Twitter that any litigation against the owner of intellectual property that was used in training Twitter’s AI could lead to “massive financial damages” for Twitter. It also alleges that an injunction could prevent Twitter from operating key products. This could be a material adverse result.

The disclosure claims that Twitter will continue to operate many basic products unless circumstances change since Mudge’s firing in January.

Twitter didn’t respond to queries about its intellectual property rights to the data it used for training its AI.

SME Paid Under

By Adam

Adam is an owner at Nanohydr8. He really loves comedy and satire, and the written word in general.