Ex-security chief appears to echo claims by Elon Musk over the number of fake accounts on its site.
Image source, Getty ImagesTwitter does not know how many fake or spam automated accounts – or bots – it has, according to allegations by its former head of security.
Peiter Zatko’s revelations, revealed by CNN and the Washington Post, have been seized upon by lawyers for Elon Musk.
Mr Musk is trying to end his bid to buy Twitter, disputing its information on the number of fake accounts it has.
Twitter says Mr Zatko’s allegations contain many inaccuracies and inconsistencies.
It says he was sacked in January for ineffective leadership and poor performance.
Continuing dispute
Mr Musk is currently in conflict with Twitter, after trying to pull out of a deal to purchase the company for $44bn (£37bn).
A court case is due in October in Delaware, when a judge will rule on whether Mr Musk will have to buy it.
In July, Mr Musk said he no longer wished to purchase the company, as he could not verify how many humans were on the platform.
Mr Musk estimates that a minimum of 10% of daily active users are bots. However, bot researchers have questioned his claims.
Twitter says it estimates that fewer than 5% of its daily active users are bot accounts.
‘Little hard evidence’
In a whistleblower complaint filed in July with US regulators, former head of security Mr Zatko accuses Twitter bosses of having little incentive to accurately identify or report total spam bots on the platform.
In a redacted copy of the complaint shared with the BBC by CBS news, Mr Zatko criticises Twitter’s methodology for calculating the number of spam-bots.
He claims he was unable to obtain from Twitter an “upper bound” for the number of bots, accusing senior management of having “no appetite to properly measure the prevalence of bots”.
However, in the view of the Washington Post, the complaint “provides little hard evidence” to back up his assertions about bots and spam.
A little whistle
Nevertheless, the allegations may be of use to Mr Musk in the Delaware court case – the Tesla founder has already tweeted an image carrying the phrase “give a little whistle”.
CNN said that according to Mr Zatko’s lawyer, he started the whistleblowing process before Mr Musk’s attempts to buy the platform became public, and had not made contact with Mr Musk.
None the less, Mr Musk’s legal team is evidently interested in what Mr Zatko has to say.
Alex Spiro, an attorney for Mr Musk, told CNN it had issued a subpoena for Mr Zatko to be a potential witness.
‘False narrative’
Mr Zatko is a well-known figure in computer security circles.
Known as “Mudge” he was a member of computer security think-tank the L0pht, in which capacity he took part in congressional hearings on cyber-security in 1998.
He has also held senior positions with the Defense Advanced Research Projects Agency and Google.
In addition to his claims about bots, reports say Mr Zatko raised a number of criticisms of Twitter’s security and the way in which it handled sensitive information.
A Twitter spokesperson said: “What we’ve seen so far is a false narrative about Twitter and our privacy and data-security practices that is riddled with inconsistencies and inaccuracies and lacks important context.
“Mr. Zatko’s allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders.
“Security and privacy have long been company-wide priorities at Twitter and will continue to be.”
However, John Tye, of Whistleblower Aid, which is assisting Mr Zatko, described him as a “hero” and called on agencies to investigate the allegations quickly.