Updated September 13, 2022 at 3:53 p.m. EDT|Published September 13, 2022 at 6:15 a.m. EDT
Twitter shareholders voted Tuesday to approve Elon Musk’s $44 billion offer to acquire it, setting the world’s richest man on a collision course with the social media company as the two head to court in October.
The approval — to accept Musk’s offer of $54.20 per share, far higher than the current share price of roughly $42 — was widely expected. Twitter has forged ahead with the deal, despite Musk’s attempts to back out because of what he says are problems with the company’s business.
The vote followed testimony Tuesday morning from a Twitter whistleblower, who alleged the company’s failure to secure sensitive data causes “real harm to real people.”
Peiter “Mudge” Zatko’s Senate testimony — which expanded on an 84-page complaint shared with regulators and The Washington Post this summer — alleged that Twitter executives misled the public, regulators and the company’s own board about the failed state of its data security practices.
He described an executive team that was financially incentivized to ignore root problems, such as employees having far too much access to data. Because the company wasn’t properly tracking data access, he alleged, it was impossible for the company to respond to critical national security risks — including access gained by potential foreign agents on its payroll.
Zatko, the company’s former security lead and a renowned hacker, grounded his at-times highly technical disclosures in examples of risks that lawmakers could connect to, suggesting this unfettered access could result in Twitter engineers sending unauthorized tweets from their accounts.
“It doesn’t matter who has keys if you don’t have any locks on the doors,” he said. “It’s not far-fetched to say an employee inside the company could take over the accounts of all the senators in this room.”
Twitter has previously said Zatko’s allegations appeared to be “riddled with inaccuracies,” and that security and privacy are priorities at the company. Twitter did not respond to requests for comment regarding Zatko’s testimony.
Zatko’s testimony could also factor into Twitter’s ongoing litigation with Musk, who has already incorporated some of the arguments from the whistleblower’s complaint in court.
Zatko on Tuesday expanded on allegations in his redacted complaint regarding Twitter’s employment of suspected foreign government operatives, who may have had access to sensitive data due to the company’s lack of internal controls. He said that at least two agents for the Indian government and one for the Chinese government were on the payroll of the company.
A week before his January firing, Zatko alleged that the FBI had warned security staff that a Chinese agent for the Ministry of State Security was on the payroll. Twitter ads paid for by the Chinese government could have elicited information including locations of users who click on them, he alleged.
Zatko’s testimony is already becoming a headache for Twitter and its chief executive, Parag Agrawal. Multiple senators slammed Agrawal for declining to testify before the Senate Judiciary Committee because of the company’s ongoing litigation with Musk.
Sen. Charles E. Grassley (R-Iowa), the committee’s top Republican, said if Zatko’s allegations are true, Agrawal should be forced to step down as chief executive.
The disclosures Tuesday appeared to prompt some bipartisan soul-searching among lawmakers, many of whom spoke of a combined failure to bring enforcement against tech companies.
Zatko has alleged that Twitter did not follow through on the commitments it made to the Federal Trade Commission to create a data security program.
Sen. Lindsey O. Graham (R-S.C.) said that he was working across party lines with Sen. Elizabeth Warren (D-Mass.) to create a new regulatory system that would imitate one in Europe, where lawmakers have taken aggressive action to penalize American tech companies.
Graham and Warren are on opposite ends of the political spectrum, and Graham’s proposal signals how dramatically some Republicans’ positions on tech regulation have evolved in recent years. The party has historically favored a less stringent regulatory environment for businesses.
Graham suggested a new regulator would address privacy, content moderation and foreign interference, and that it would provide an appeals process for users when companies remove their content.
“Your testimony today has legitimized what most of us feel is a process out of control, that the regulatory environment is insufficient to the task,” Graham said. “It’s time to up our game in this country.”
Sen. Richard Blumenthal (D-Conn.) floated the idea of creating a new tech enforcement agency, which would specifically address data security and national security threats posed by tech companies.
“I think the mounting evidence shows that the current regulatory structure is failing,” Blumenthal told The Post.
Zatko emphasized throughout the hearing that any new regulations need to be enforced with independent audits and metrics, to ensure that well-resourced companies are unable to game the system.
He also called on lawmakers to consider legislation that would expand whistleblower protections to other government agencies, so that more employees would be able to disclose critical information to the government. Zatko and Frances Haugen, a prominent Facebook whistleblower, filed their complaints with the Securities and Exchange Commission, which has a dedicated program that offers rewards and protections for such complaints. The FTC, the industry’s main tech regulator, does not have such a program.
Early in the hearing, Zatko spoke about the personal and professional toll submitting his complaint had taken on him and his family. He said that he did not make his disclosures “out of spite or to harm Twitter.”
“What you did today will not be in vain,” Graham said.
Zatko testimony echoes his security warnings to the Hill in 1998
Zatko has testified before Congress since 1998. A previous version of this item incorrectly said he hadn’t testified since then. This item has been updated.
Peiter Zatko’s testimony before the Senate Judiciary Committee echoes his appearance in 1998, when he led a crew of seven hackers from the pioneering Boston group L0pht as they warned that the internet was unsafe at any speed. The others who testified under their online handles that day included Chris “Weld Pond” Wysopal, who went on to co-found the billion-dollar security firm Veracode, and Joe “Kingpin” Grand, an early hardware enthusiast who recently won acclaim for breaking into cryptocurrency wallets for owners who lost their passwords. (Wysopal made a return trip in 2003 to tell a House committee about rapid evolution in computer viruses.)
Advertisement
Twitter shareholder vote seen as a strategic move ahead of trial
Elon Musk’s takeover offer for Twitter heads to trial on Oct. 17.
Some investors, and governance and legal experts, have pointed to the shareholder vote as a key date on the calendar, signaling Twitter’s eagerness to bring the matter to a close and place pressure on Musk as the deal heads to court. Some of those experts have also cited the shareholder vote as a potential impetus for settlement talks, as the matter gets closer to trial.
Twitter has argued for an expedited trial, in an effort to limit damage to the company, an argument the judge found compelling enough to compress the trial to a week.
Advertisement
Elon Musk tweeted popcorn emoji during whistleblower hearing
The billionaire, who plans to incorporate some of Zatko’s claims at his upcoming trial against Twitter, also changed his Twitter display name to “Naughtius Maximus.”
Advertisement
Twitter shareholder vote brings matter one step closer to trial
Twitter shareholders’ approval of Elon Musk’s $44 billion offer to buy the company takes the matter one step closer to a heated battle in court.
Shareholders gave their assent to the deal Tuesday, according to a preliminary count of a vote, the company said. The vote took place during a short virtual meeting after brief remarks by Twitter CEO Parag Agrawal.
The result came as little surprise to those closely following the matter. Musk’s offer of $54.20 per share was substantially higher than Twitter’s current trading price, below $42.
Twitter shareholders are holding a vote Tuesday to formally consider Musk’s offer to buy the website for $44 billion, another step toward closing the deal as the disputed takeover heads to Delaware Chancery Court.
Shareholders are expected to greenlight the deal for $54.20 per share — Musk’s offer from April — a substantial premium over Monday’s trading price of around $41. Twitter’s board urged shareholders to vote yes ahead of the meeting, which will take place virtually at 1 p.m. EST.
Shareholders were also expected consider a measure to approve payouts tied to the merger for Twitter executives, though an affirmative vote is not required to complete the deal.
Advertisement
Senators noncommittal on issuing subpoena for Twitter CEO
Top Senate lawmakers repeatedly vented at Tuesday’s hearing that Twitter CEO Parag Agrawal would not appear before the panel but declined to say after the session whether they planned to issue a subpoena to compel him to appear.
Sens. Richard J. Durbin (D-Ill.) and Charles E. Grassley (R-Iowa), the chair and ranking member of the Senate Judiciary Committee, each told reporters they needed to consult with each other on the matter.
Asked whether he planned to hold an additional hearing on the whistleblower claims, Durbin replied, “It’s possible. I’ll talk that over with Senator Grassley.”
Advertisement
Twitter culture rewarded rosy reports, hid bad facts, Zatko alleged
Asked why as head of security he was unable to get Twitter to meet basic security standards, Peiter Zatko said his attempts were frustrated by a culture that dissuaded employees from reporting negative information.
Zatko alleged in his whistleblower complaint that executives touted internally and to the board that more than 90 percent of the company’s laptops had security software installed, while omitting the fact that the software showed that 30 percent of the machines had settings that prevented software updates from being installed automatically.
Zatko alleged that due to Twitter’s lack of internal controls, company engineers had wide system access that would allow them to tweet as other users — including U.S. senators.
Zatko said he was not specifically aware of this occurring, but the example underscored how he was grounding his claims in anecdotal examples that senators could find relatable. In responding to lawmakers, Zatko has sought to ground his highly technical allegations by illustrating the real-world risks and harms of the company’s alleged lack of security controls.
Graham says U.S. needs to create a regulatory system more like Europe
Sen. Lindsey O. Graham (R-S.C.) says he is working with Sen. Elizabeth Warren (D-Mass.) to create a tech regulatory regime “with teeth” that would be similar to the system in Europe, where policymakers have sought to aggressively regulate American tech giants.
“Your testimony today has legitimized what most of us feel is a process out of control, that the regulatory environment is insufficient to the task,” Graham said. “It’s time to up our game in this country.”
Graham and Warren are odd bedfellows on opposite ends of the political spectrum, underscoring how there is increasing bipartisan momentum behind efforts to regulate the tech industry. Graham’s call for the U.S. to be more like Europe show how drastically the Republicans’ position on tech regulation has evolved in recent years, as the party historically favored a less stringent regulatory environment for businesses.
Peiter Zatko’s allegations to lawmakers in the hearing’s first 90 minutes painted a portrait of a company that has placed financial gains over establishing basic security protections that would allow it to track vast troves of sensitive data and who is accessing it.
Zatko’s answers to lawmakers have gone beyond what he disclosed in his 84-page complaint to the SEC and other regulators, revealing new details about his allegations of foreign influence from China and India on the platform. He’s also sought to ground his highly technical claims in terms and risks that lawmakers can easily understand, such as suggesting it would be possible for a Twitter employee to access the account data of all the senators on the committee.
Cotton veers off topic into allegations of censorship
Sen. Tom Cotton (R-Ark.) veered away from Zatko’s allegations of security failures and national security risks, opening his questioning with accusations about alleged censorship on the platform.
The line of questioning reflected the persistent political divisions within Congress over regulating social media companies. Lawmakers have presented a largely united front during Zatko’s hearing, focusing questions on foreign influence operations and data security practices. Republican lawmakers have made accusations about Twitter and other large tech companies silencing conservative viewpoints central to their midterm political messaging.
Senators highlight national security risks from Twitter’s practices
Senators questioning Peiter Zatko said that the company was allowing risks to U.S. national security to fester by employing suspected spies and being unwilling to invest in methods for effectively tracking what data they accessed within the company.
The senators shared additional allegations that had been withheld or redacted from the original whistleblower complaint, including that Twitter ads said to be paid for by the Chinese government could have elicited information including users’ locations on users who click on them.
Republicans raise Twitter’s reported adult entertainment plans
Republican lawmakers on Tuesday peppered the whistleblower with questions about a news report that Twitter scrapped plans for a subscription service for adult content creators, detouring from the hearing’s stated focus on data security.
According to the Verge, the company considered monetizing the content in early 2022 by launching a competitor to the OnlyFans service, but opted against after discovering that the platform was not “effectively policing harmful sexual content on the platform.”
Sens. John Neely Kennedy (R-La.) and Marsha Blackburn (R-Tenn.) both broached the topic, with Kennedy saying that “Twitter for a while was going to go into the porn business.”