August 24, 2022
Photo: Matt McClain/The Washington Post via Getty Images
Hello and welcome to Protocol Policy! Today, we’re talking about former Twitter head of security Peiter “Mudge” Zatko’s bombshell whistleblower complaint. Plus, the FTC gives Zuck a break and tech for school tests loses in an Ohio court.
Jack Dorsey hired acclaimed hacker Peiter “Mudge” Zatko in 2020 to clean up after the massive hack that left Joe Biden’s account — and just about every other VIP account on Twitter — flinging bitcoin scams for a brief, bizarre moment in time.
Two years later, Zatko just handed Twitter an even bigger mess in the form of an 84-page SEC complaint that accuses Twitter of egregious security flaws, breaking promises to regulators, lying to Elon Musk about bots and letting agents of foreign governments spy on users.
Each allegation is more damning than the next. And while Twitter accused Zatko, who was fired in January, of “opportunistically seeking to inflict harm on Twitter,” the complaint is already drawing interest from lawmakers and regulators.
So what will they find most interesting? Let’s start with the SEC. Twitter is neck-deep in a legal fight with Musk over the number of bots on the platform. Musk launched his bid to buy the company by promising to “defeat the bots.” But he now disputes Twitter’s claims that only 5% of monetized accounts are bots and tried to nuke the acquisition deal over it. Zatko seems to be handing Musk ammo.
But it’s not just the bots the SEC might need to look into. Zatko also alleges that Twitter executives knowingly misled their own board members, in violation of securities law.
The DOJ and Congress might also want a piece of this. Among the most alarming allegations is Zatko’s claim that Twitter was pressured into hiring two agents of the Indian government and giving them access to sensitive data.
Then there are the FTC concerns. Twitter has already been fined $150 million for misusing user emails and phone numbers for marketing purposes in violation of its 2011 consent decree with the FTC. But there may be more where that came from.
Twitter employees have already been through the ringer over the last year: The CEO switch. The on-again, off-again takeover bid by the platform’s biggest, richest troll. Executive firings. The mass staff exodus.
But Zatko’s complaint paints a picture of a company that’s struggling to meet basic standards of technological competence, with investors and regulators expecting far better. As Twitter tries to account for all these accusations, the worst may be yet to come.— Issie Lapowsky (email | twitter)
A bipartisan group of top lawmakers focused on competition unveiled a new version of the bill to give news publishers antitrust exemption, allowing them to bargain together with digital platforms.
The FTC wants to know if kids can tell the difference between a digital ad and everyday content. The agency also announced an October event on “Protecting Kids from Stealth Advertising in Digital Media.”
How can economically depressed states train and retain their brightest minds? That’s a problem Brad D. Smith, the former CEO of Intuit, is tackling in his new role as president of Marshall University. In an interview with Protocol, Smith took us through his decision to leave Silicon Valley and return to his home state of West Virginia.
McKinsey has recommendations for state and local governments if they can’t just “dig once” to put in new broadband capability while road repair is going on. Although “dig once” is considered a best practice, budget cycles, red tape and turf wars often mean localities can’t put together two different types of projects. In a report noting the billions in infrastructure funding that’s going out the door, the consultancy recommended using planning forums where bureaucrats can at least try to talk, or a coordinator who can take charge of applications and timelines.
Yelp added warnings for customers viewing crisis pregnancy centers, which don’t provide abortion services even though their names are often similar. The move is intended to help customers differentiate abortion clinics from the crisis centers.
How cybercrime is going small time: Cybercrime is often thought of on a relatively large scale. Massive breaches lead to painful financial losses, bankrupting companies and causing untold embarrassment, splashed across the front pages of news websites worldwide.
The FTC has dropped Mark Zuckerberg from the agency’s suit to block Meta’s purchase of the VR fitness app Supernatural. The move comes after Zuck agreed not to purchase the app’s maker, Within, in his personal capacity or through another entity. FTC boosters have cast the naming of executives in lawsuits as a much-needed step to hold leadership of companies accountable.
A federal judge in Ohio ruled that scans of student rooms before tests violate constitutional protections against unreasonable searches. A Cleveland State University student sued over the practice, which became a common way to try to detect cheating during the pandemic.
Elon Musk’s team subpoenaed Jack Dorsey in the lawsuit over whether Twitter can force Musk to go through with his acquisition of the company.Ohio Attorney General Dave Yost won the first battle in a larger war against Google. Yost convinced an Ohio state judge to split his lawsuit against Google into two parts: one that will determine whether the company acts as a common carrier and, if successful, a second that determines what to do about it. If Yost wins the first case, it could limit Google’s ability to self-preference.
$1,000: That’s the entry contribution cost to attend Sen. Kyrsten Sinema’s campaign fundraising reception on Sept. 7. Sinema became a power player in Washington this term, forcing Democrats to make critical concessions to get bills through a split Senate. Sinema now has plenty of support in the private sector, since she played a key role in saving the carried-interest loophole that saves private equity billions of dollars in taxes a year.
Amazon has made a big push into sports streaming recently, which NFL fans may notice this coming season. The company won exclusive rights to Thursday Night Football games for the next 11 seasons and even created a new theme song. But not all efforts have gone so well — Amazon lost the rights to Champions League soccer, as it apparently wasn’t willing to go above Paramount’s $1.5 billion, six-year bid.
How cybercrime is going small time: People have been swindled since before man created monetary systems. These aren’t new crimes; just new ways to commit them. But as cybercrime increasingly goes small-time, those on the front lines will need new and more effective ways to fight it.
Thanks for reading! See you Friday!