There is a common misconception among criminals that it isn’t a crime if you don’t get caught. Yet, most law abiding citizens would contend that getting caught is not what makes it a crime, it was a crime before it was committed.
Likewise, many companies may not have considered the seriousness of internal problems until a whistleblower brings them to the world’s attention. That could certainly be the case with Twitter, after the social media company’s former security chief warned lawmakers and regulators last month that the platform apparently had neither the incentive nor the resources to properly measure the full scope of bots on its platform, according to a 200-page whistleblower disclosure.
As previously reported, Peiter “Mudge” Zatko filed the disclosure with the Securities and Exchange Commission (SEC), Federal Trade Commission (FTC), and the Department of Justice (DoJ) in July.
In this case, experts are now saying that this revelation isn’t entirely unexpected or the least bit shocking.
“A complex social media company the size of Twitter is bound to stumble,” explained James Bailey, professor of leadership at the George Washington University School of Business. “It’s a fairly new industry. Internally, policing Twitter is impossible. There are just too many decisions to make with no precedent to make them. Whether it’s data security or content presentation, this is a normal evolutionary process.”
Major Allegations Including Cybersecurity Concerns
Based on what we now know, Zatko’s whistleblower complaint includes two major allegations, including that the service has certainly undercounted spam and bots account. It is garnering the most public attention, largely because of Elon Musk’s purchase offer.
“The claim being made that Twitter is substantially infested with bot accounts and interactions, which skews the actual value offered by the company, is bolstered by these allegations,” said Dr. Christopher Whyte, assistant professor in the homeland security and emergency preparedness program in the Wilder School of Government and Public Affairs at Virginia Commonwealth University.”And the claim that the company just doesn’t care about cutting back on bot access particularly plays in Musk’s favor.
Though the issues of bots is serious, “it’s the second complaint, however, that may prove more important in the long run,” said Mike Chapple, IT professor at the University of Notre Dame’s Mendoza College of Business, and author of Cyberwarfare: Information Operations in a Connected World.
“Zatko, a highly respected cybersecurity professional, alleges that Twitter’s infrastructure runs out-of-date software and contains massive security vulnerabilities,” said Chapple, who is also a former computer scientist at the National Security Agency (NSA). “If true, this is the type of security issue that can easily lead to a major security incident. Unpatched software was the root cause behind the massive Equifax data breach in 2017 and thousands of smaller breaches that occur every year. A single critical vulnerability in the wrong system could provide the foothold that an attacker needs to wage a highly successful attack.”
Bigger Than Cambridge Analytica?
The information shared via the complaint is already being framed in much the same vein as Facebook post-Cambridge Analytica, and could undoubtedly be used by both ends of the political spectrum to structure arguments about unfair informational playing fields.
“These allegations of misconduct, ineptitude and willful acceptance of digital security risks is immensely significant for national security and democratic functionality,” warned Whyte. “It’s especially hard to overstate the significance of both platform management and algorithmic design in driving public reaction to major social events, foreign policy crises and political developments.”
Twitter isn’t quite trusted to the same degree as search engines such as Google, but its role in the spread of information and with it “misinformation” can’t be overstated.
“Research still shows that social media services are both important information retrieval mechanisms and powerful heuristic-setting tools for the average citizen, with parameters laid out in code, developer assumptions and personalization algorithms constituting an individualized resource for interpreting real world events,” Whyte continued. “Simply put, the information users get in using these platforms is variable on a range of factors, the most critical of which are assumptions underlying key platform algorithms (vs. user-determined factors like network or location). Even if only one in four Americans use Twitter, it’s still a primary information source for all manner of other media that expands American usership of the platform in second- and third-hand ways by an order of some magnitudes.”
That could present an opportunity for foreign actors to spread disinformation, which could undermine our elections and with it, even our very democracy.
“All it takes is for a threat actor, like Russia’s Fancy Bear, to align future campaign tactics with exploitable platform features opened by agents embedded at Twitter to produce possible strategic effects that would be difficult to predict,” said Whyte, who suggested we should be looking closely at the information Zatko has now cast in the spotlight.
“Given his past role at Twitter and his career perspective on the criticality of different digital threats to the nation, it should be hard for anyone not to take his report very seriously. It’s a bit like if Buzz Aldrin had come out and said there were serious flaws with the Apollo program,” Whyte continued. “Twitter is undoubtedly on the brink of a level of scrutiny unprecedented for the company even in the years since the 2016 election.”
Much Ado About Something?
However, there is also an argument to be made that perhaps the whistleblower complaint could be entirely overblown.
“Twitter has got its problems, to be sure,” he continued. “But it’s not like the National Security Agency (NSA) cares about for your post about eggplants. Twitter’s problems are natural. And anybody who fashions themselves as a ‘whistleblower’ will gain no traction or legitimacy. Their actions are selfish and their agenda unknown.”
As for Twitter’s actions, Bailey also added that users should have expected social media to act as it has, and that this isn’t that different from much of the business world.
“We all know what Twitter is,” said Bailey. “That they are not squeaky clean by any means, but that means that they’re like every other company.”