Zatko had come from a long line of jobs where he had free rein to tear up organizational structures and prioritize security above all else. But at Twitter, current and former colleagues say, he found himself in a different environment: navigating tense internal politics at a corporation bent on boosting revenue, without support from his superiors. Some employees caught up in the tumult perceived Zatko to be a figure hired by then CEO Jack Dorsey for publicity reasons, stepping on the toes of qualified colleagues with more institutional knowledge. Technically brilliant and morally rigid, Zatko was an iconoclast stepping into a corporate bureaucracy.
It’s like asking a doctor who’s been trained to do brain surgery to suddenly become a podiatrist, says a former Twitter colleague.The polarized reactions to Zatko’s disclosures illustrate just how atypical a tech whistle-blower he is. Last year, Frances Haugen, a former Facebook product manager, disclosed tens of thousands of pages of internal company documents that revealed a company prioritizing profits over user safety. But readers didn’t have to take Haugen’s word for it; they could read the words of Facebook’s own safety teams. Zatko is different. As a former senior executive, he had a bird’s-eye view into Twitter’s decision-making, ultimately responsible for hundreds of staff in some of Twitter’s most high-priority work streams. But he didn’t release the same breadth of documentation as Haugen; while Zatko supplied some exhibits to support his claims, including internal emails, his partially redacted disclosures rely largely on his own credibility as one of the most celebrated figures in cybersecurity. He is implicitly asking the public to trust that his version of events is the correct one, and that Twitter is lying.
Billy Perrigo, Andrew R. Chow & Vera Bergengruen
That Twitter has major security holes was pretty evident back in 2017 when an employee deactivated Donald Trump’s personal account on their last day of work; and again in 2020 when teenagers temporarily hacked the accounts of Barack Obama, Joe Biden, Elon Musk, and other celebrities. As troubling as it may be to think that these security flaws remain uncorrected, I have a hard time believing Peiter Zatko’s allegations in the absence of hard evidence. Some of them don’t make much sense; others, such as regarding bots and spam, actually support Twitter’s position and reveal Zatko’s superficial understanding of internal processes.
I suspect the core issue here is, at least to some extent, the Messiah complex that plagues many Silicon Valley figures – including Mudge, who years ago sported a long-haired “hacker Jesus” look. After decades of notoriety, it becomes natural to regard yourself as a singular savior figure, bestowed with absolute truths, regardless of concrete achievements. But when such a figure joins an already established organization, he would find it hard to collaborate with coworkers, dismissing their experience because ‘he knows better’, disregarding the company’s procedures in order to impose his own way of handling issues, possibly sidestepping the current hierarchy because he considers himself special and above such concerns.
I remember when Mudge had us send Twitter kernel and OS reports to a rando buddy of his in Texas.
— Ian Brown (@igb) August 23, 2022
And that’s what probably happened at Twitter; Zatko didn’t pay attention to how the company operated, ignored his direct superior Parag Agrawal reaching out to Jack Dorsey instead, alienating many colleagues in the process; no wonder he couldn’t get anything done. After the became CEO, Agrawal fired him – Mudge was probably getting grossly overpaid for far too little results. Hurt in his massive ego, he decided to retaliate by becoming a whistleblower – only he no longer had access to extensive documentation for his case. He then waited months before filing his whistleblower complaint to first receive a settlement of roughly $7 Million from Twitter over his termination – that tells me that his motivation is mainly to strike back against Twitter’s current management rather than ‘ethics and morality’, as he claims.
Again, I’m confused as to what this is supposed to reveal. Wall Street — mainly Elliott Management, had literally forced Twitter to change its plans to increase its mDAU growth numbers. And that included Elliott Management’s seat on the Board. If the Board is forcing the company to grow its users, then of course the company is going to focus on growing the userbase over issues that seem secondary like “platform health”. We can argue if that was the right decision — and whether it makes sense in the long term — but the fact is that the Board and the company’s largest investors were ordering management to focus on user growth, not things like dealing with spam.
As for the final line of the paragraph, which I read as sarcasm about Twitter’s inability to share its “special sauce”, is a really weird line for a security professional to include in such a filing. As Agrawal made quite clear in his thread, part of the human determination involves looking at private information, including IP addresses and other information that Twitter cannot give out because it would be a huge privacy violation that would certainly violate the consent decree that Mudge claimed was so important elsewhere.
Mike Masnick
The connection to Musk’s attempt to take over the company and upcoming legal battle remains mysterious. Mudge claims he didn’t contact Musk in private, and that he doesn’t want Musk to control Twitter, yet he misleadingly supports Musk’s claims about fake accounts on the platform and agreed to testify in the trial. I feel there’s more going on here that is currently known publicly; hopefully the upcoming trial will reveal more insights.
Post a Comment