In a fight between rich tech guys who like to move fast and break things, there isn’t always a “good” side. This was underscored on Tuesday when Twitter’s former security head Peiter “Mudge” Zatko accused the company of hiding a wealth of risky behavior — and, in the process, put himself in the middle of Twitter’s legal battle with Elon Musk. The report isn’t great for Twitter, but you’re probably already asking the obvious question: is it bad for Twitter in the courtroom?
The best answer I’ve found is: probably, yes. But on Twitter’s fancy leaked threat matrix scale, the company’s odds are more “impaired” than “physically destroyed”… with a healthy dose of “known unknown we really should know.”
We (and others) have described Musk’s case as very weak but with the caveat that Musk could have some kind of unrevealed, damning evidence. Now, he’s got a more clearly dangerous weapon. Zatko isn’t some crank — he’s a widely respected white hat hacker. And while Twitter called the report “a false narrative that is riddled with inconsistencies and inaccuracies,” most of Mudge’s claims seem entirely plausible.
Zatko filed a report in July with the Securities and Exchange Commission, the Federal Trade Commission, and the Department of Justice. Congress was given a redacted version, which then leaked to The Washington Post and CNN. My colleague James Vincent lays out what we know here, but the gist is that Twitter is a security nightmare (a credible claim for a platform whose defenses were demolished by teens in 2020), and former CEO Jack Dorsey’s leadership was a mess (which we could guess, because, well… I’ll let Liz Lopatto explain). You can read the redacted report online, including some of those pithy not-for-public-consumption quotes that Twitter executives are known for; CEO Parag Agrawal’s alleged note that “Twitter has 10 years of unpaid security bills” isn’t quite as concise as Dick Costolo’s “we suck at dealing with abuse” memo, but it’s pretty good.
There could be miscellaneous legal fallout for Twitter. Lawmakers confirmed They’re investigating Zatko’s claims, and the report claims Twitter violated a consent decree it struck in a 2010 FTC settlement, so maybe it could face fines or more complaints from the commission. But unless something bizarre happens, the FTC fines are likely to be more of a mild inconvenience than an existential threat. The worst Congress will probably do is initiate Agrawal into the time-honored tradition of Politicians Yelling At Twitter Executives In Hearings.
The Twitter v. Musk trial, which will kick off in October, is another matter. And Zatko leads with a claim that’s particularly pertinent for Musk. He says Twitter’s leadership directly lied about how many Twitter accounts were bots and that this was part of a pattern of false or misleading statements to regulators, the public, and Musk himself. “Agrawal knows very well that Twitter executives are not incentivized to accurately ‘detect’ or report total spam bots on the platform,” he says in the report, contrary to the CEO’s tweets to Musk. “Deliberate ignorance was the norm amongst the executive leadership team.”
Zatko has denied releasing details to “anyone with a financial interest in Twitter,” and while I’ve seen vague speculation that he’s colluding with Musk, that seems unnecessarily complicated. If an unhappy former employee has a problem with Twitter, something like Musk’s trial is just an extraordinary opportunity to publicize it. That said, The Washington Post says that Musk had already lined up a deposition with Zatko before the report was made public. It feels likely Musk knew something beforehand, maybe through a Silicon Valley contact or, hypothetically, (though it’s a stretch) via Congress — after all, Musk’s had a recent interest in politicians and vice versa.
But however the different points came together, Zatko’s claims are probably the strongest evidence Musk now has.
The terms of the Twitter deal set a high bar for backing out simply based on newly discovered information about things like bots. But Zatko’s report does outline a number of risks and blunders that weren’t publicly known. Musk could say Twitter failed to disclose serious operational problems in reports like its SEC filings — and that he was relying on those reports when he agreed to the acquisition. That would bolster his case that Twitter hid damning info that should sink the deal.
Would it bolster it enough to actually win? Some observers think there’s at least a chance.
“My first reaction was, well, Musk signed this contract that made due diligence irrelevant,” says Chester Spatt, a professor of finance at Carnegie Mellon University’s Tepper School of Business and former chief economist at the SEC. “But I think there’s much more to the story than that. Because I think he can argue, probably quite reasonably, that he was relying on the company’s disclosures. And the whistleblower is calling into question not only directly some of his interactions with the senior executives, but at least indirectly, he’s calling into question the company’s disclosures.”
This view is echoed by Ann Lipton, a law professor at Tulane University. (Lipton’s full Twitter thread on the report is well worth reading.) Lipton is unconvinced by Zatko’s specific claims about bots since even Zatko isn’t quite calling them bald-faced lies. He’s more asserting that Twitter is calculating its user numbers in a self-serving, disingenuous way. But she agrees the disclosure issue is a potential problem, even though it largely involves complaints, Musk never actually made — but will probably now add to the case.
“I think his claims about bots strengthen Twitter’s side — he admits the [monetizable daily active user] figures are accurate, he simply thinks Twitter should use alternate metrics,” Lipton tells The Verge. “But his other allegations about various internal problems could present a problem for Twitter.” If they’re bad enough to seriously threaten the company’s long-term financial health, there’s a chance they’d constitute a “material adverse effect” that violates the contract’s terms and lets Musk walk away.
Unfortunately for Musk, it remains difficult by design to break these deals. As Spatt noted, Musk made the bar higher by waiving the due diligence that might have uncovered operational issues at Twitter. In recent years, courts have forced through mergers even when serious financial problems were discovered, as in a 2001 case that ended with Tyson Foods being forced to acquire its rival IBP.
“The claims seem significant and moderately improve Musk’s case,” says Yair Listokin, a professor at Yale Law School. But he sees a strong analogy to the IBP case. “The contract is written to make it hard for this type of argument to succeed.” Spatt also agrees that the case is far from a slam dunk, even if Musk’s chances are better now.
It’s also worth noting that, so far, we’ve mostly heard Zatko’s side of the story. As I said before, I find many of the report’s claims plausible, but a whole lot of specifics remain redacted. Even in its bombshell report, the Post noted that “Zatko provides limited hard documentary evidence in his complaint regarding spam and bots.” And Agrawal responded to the release with an assertion that Twitter will “pursue all paths to defend our integrity as a company and set the record straight” — which strongly suggests the possibility of legal action against Zatko.
All of this still gives Musk more leverage before the trial. If his goal is negotiating Twitter’s price downward, for instance, he’s in a better position to do that. But in the long term, experts mostly seem to be upgrading the billionaire’s case from “shamelessly bad” to simple”dicey.”