Twitter Whistleblower Says Twitter Is Lying to Elon Musk About Bots

The former head of cybersecurity at Twitter filed a whistleblower complaint about his former employer last month, alleging, among several claims, that Twitter is not doing enough to fight spam on the platform, and that Twitter lied to Elon Musk about the social media’s bot problem during the attempted acquisition process.

In the complaint, the lawyers for Peiter Zatko, widely known as “Mudge,” referred to a claim by Twitter CEO Parag Agrawal, who said in a Twitter thread that less than 5 percent of users are spam or fake. The claim was made in response to a tweet by Musk, who at the time was in negotiations to acquire the social media platform. The whistleblower complaint was obtained and first reported on by the Washington Post and CNN. 

“Agrawal’s tweet was a lie. In fact, Agrawal knows very well that Twitter executives are not incentivized to accurately ‘detect’ or report total spam bots on the platform,” Zatko’s lawyers wrote in the complaint.

Zatko’s whistleblower complaint comes at a critical time for Twitter, which is currently heading to court after Musk backpedaled on his bid to buy the company for $44 billion. Musk argued that Twitter’s refusal to be transparent about its bot problem was one of the main reasons he could not go through with the deal. 

The complaint then listed a series of reasons why Twitter is disincentivized to report the real amount of spam and fake accounts on its platform: 

• The company stopped reporting monthly users, because that metric “was subject to negative swings” due to the banning of “large numbers of inappropriate accounts and botnets.” Instead, Twitter made up a new proprietary metric called mDAU (monetizable daily active Twitter users) that would allow the company to “report numbers that would reassure shareholders and advertisers,” and which helped executives get bonuses, which can exceed $10 million.
• Executives are incentivized to not count spam bots for the new proprietary metric because it is reported to advertisers. “If mDAU includes spam bots that do not click through ads to buy products, then advertisers conclude the ads are less effective,” the lawyers wrote. 
• “There are many millions of active accounts that are not considered ‘mDAU,’ either because they are spam bots, or because Twitter does not believe it can monetize them,” the complaint read. “Musk is correct: Twitter executives have little or no personal incentive to accurately ‘detect’ or measure the prevalence of spam bots.”
• Zatko’s lawyers then claimed that “Mudge learned deliberate ignorance was the norm amongst the executive leadership team” when he asked Twitter’s Head of Site Integrity how many accounts are spam. The response was “we don’t really know,” because they didn’t know how to measure, they “were buried under constant firefighting and could not keep up with reacting to bots and other platform abuse,” and “senior management had no appetite to properly measure the prevalence of bot accounts” because “they were concerned that if accurate measurements ever became public, it would harm the image and valuation of the company.”
• According to the complaint, Zatko saw a Twitter executive say the company “intentionally and knowingly deprioritized” the health of the platform to focus on the mDAU metric. 
• A Twitter executive proposed disabling a mechanism that flags potentially spam accounts, puts them in a mode where they can only read Twitter, and sends them an SMS to the associated phone number to verify that they are controlled by a human. 
• “Musk’s suspicions are on target: senior executives earn bonuses not for cutting spam, but for growing mDAU. In fact, Twitter created the mDAU metric precisely to avoid having to honestly answer the very questions Mr. Musk raised.”

The lawyers then wrote that Agrawal’s other claims in the thread responding to Musk “aren't out-and-out lies but they rely on wordplay to distract and mislead.” That’s because Agrawal did not respond to Musk’s question about “what percent of accounts encountered by the medianuserare actually bots?” but instead responded to a different question. 

“A more meaningful and honest answer to Mr. Musk’s question would be trivial for Twitter to calculate, given that Twitter is already doing a decent job excluding spam bots and other worthless accounts from its calculation of mDAU. But this number is likely to be meaningfully higher than 5%,” the lawyers wrote, adding that executives would routinely report raw numbers of spam accounts during board meetings, without providing any context “to understand the overall prevalence of fake accounts.”

A Twitter spokesperson sent Motherboard a statement: “Mr. Zatko was fired from his senior executive role at Twitter in January 2022 for ineffective leadership and poor performance. What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context. Mr. Zatko's allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders. Security and privacy have long been company-wide priorities at Twitter and will continue to be.”

Subscribe to our podcast, CYBER. Subscribe to our new Twitch channel.