WASHINGTON—A whistleblower’s complaint opens up new political and legal challenges for
in Washington, as lawmakers and regulators examine possible responses to the social-media company’s alleged missteps.
The complaint from former Twitter security executive
was filed to the Securities and Exchange Commission, the Federal Trade Commission and the Justice Department, which are expected to investigate.
The complaint was also sent to lawmakers on the Senate Judiciary and Intelligence committees, who pledged to conduct their own investigations.
“If these claims are accurate, they may show dangerous data privacy and security risks for Twitter users around the world,” said Sen. Dick Durbin (D. Ill.), the chairman of the Judiciary Committee. “I will continue investigating this issue and take further steps as needed to get to the bottom of these alarming allegations.”
A Twitter spokeswoman said Mr. Zatko’s complaint, which was earlier reported by the Washington Post and CNN, was rife with “inconsistencies and inaccuracies and lacks important context.”
Twitter declined to comment on possible congressional investigations.
The complaint comes as Twitter wages a legal battle in Delaware with
who sought to buy the social-media company but has accused it of misrepresenting the prevalence of bots and fake accounts on its service.
Mr. Zatko’s complaint echoes some of what Mr. Musk has already alleged or questioned about Twitter’s user base and accuses the company of failing to protect sensitive user data and lying about its security problems.
Any regulatory response from Washington would take time to develop. The SEC in particular takes years to investigate and bring securities-fraud cases, and it isn’t clear whether Mr. Zatko’s claims would rise to that level.
The SEC could investigate Mr. Zatko’s allegations that the company and its executives understated or misrepresented the scope of spam or fake accounts on its platform.
To pursue an enforcement action, the SEC would need to find that any omitted or misleading information was material to shareholders, meaning it could influence a decision to buy or sell.
The SEC tends to probe many whistleblower tips and, if investigators find wrongdoing, can punish public companies that misled shareholders about material risks or financial metrics. Whistleblowers are eligible to receive payments equal to 10% to 30% of the fines collected if their information is original and helpful to an enforcement action.
Mr. Zatko’s decision to publicize his complaint is unusual for SEC whistleblowers, whose identities are kept secret by the SEC. Some whistleblowers choose to go public with their allegations because it can create more political and public support for an investigation.
It couldn’t be learned how much of Mr. Zatko’s information would be new to the SEC. Mr. Musk has waged a monthslong campaign to raise questions about how Twitter estimates and discloses the percentage of its monetized users who are bots or spam accounts.
“This reads like an overreach to make known and logical issues that likely have been the subject of regulatory scrutiny for months to appear as ‘original’ information under the SEC’s whistleblower statute,” said
a former SEC enforcement attorney who is now a defense lawyer at Dickinson Wright LLP.
“The SEC’s investigative process will get to the core of what actually was said to whom and what was not disclosed and why,” he added. “SEC enforcement will separate financially motivated spin from fact.”
An SEC spokesman and a Justice Department spokeswoman declined to comment. The FTC didn’t respond to a request for comment.
In Congress, aides to Sen. Durbin and the committee’s top Republican, Sen.
(R., Iowa), have been working together to plan next steps in their investigation.
The Senate Intelligence Committee also is looking into the complaint, and “is in the process of setting up a meeting to discuss the allegations in further detail,” a Democratic spokeswoman for the committee said. “We take this matter seriously.”
Legislation to create new consumer-privacy protections, meanwhile, has been bottled up after passing a House committee by a lopsided margin last month.
The allegations, if true, “are alarming and reaffirm the need for Congress to pass comprehensive national consumer privacy legislation to protect Americans’ online data,” said a joint statement from House Energy and Commerce Committee Chair Rep. Frank Pallone Jr. (D., N.J.) and Rep. Cathy McMorris Rodgers (R., Wash.), the panel’s ranking Republican.
Some lawmakers urged federal regulators to take tough stands, including against individual Twitter executives.
“These troubling disclosures paint the picture of a company that has consistently and repeatedly prioritized profits over the safety of its users and its responsibility to the public,” said Sen. Richard Blumenthal (D., Conn.) in a letter Tuesday to FTC Chairwoman
He urged the FTC to pursue enforcement actions, “including bringing civil penalties and imposing liability on individual Twitter executives where appropriate.”
The FTC voted earlier this month to begin considering new federal rules to expand online privacy protection.
Twitter has come under FTC scrutiny previously. The agency in 2011 prohibited Twitter from “misrepresenting the extent to which the company maintains and protects the security, privacy, confidentiality, or integrity of any nonpublic consumer information,” according to an FTC summary.
The FTC and Justice Department said in May that Twitter had violated the 2011 order by collecting users’ personal information—ostensibly for security reasons—and using it to sell ads to them over the past decade or so. Twitter agreed to pay a $150 million civil penalty to resolve the claims.
The new complaint could deepen the company’s significant political problems in Washington. Many Republicans already regard Twitter with suspicion, saying it censors conservatives disproportionately, a charge the company has denied. Mr. Musk has given weight to that allegation with his own complaints about censorship.
“Taken together, Zatko’s allegations, the DOJ and FTC complaints, and the repeated security incidents illustrate a company that prioritizes profit over users and has allowed a culture of impunity to reign supreme,” said Sen.
(D., Mass.) in a separate letter to the FTC and Justice Department. “I strongly urge the federal government to investigate Zatko’s claims and, if necessary, take strong and swift action against Twitter to ensure Twitter user data is properly protected.”
Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8