Whistleblower Peiter “Mudge” Zatko’s explosive accusations about security concerns at Twitter are almost certain to have sparked a Federal Trade Commission investigation, according to experts — and that’s not necessarily good news for Elon Musk.
Former FTC officials told The Post they are confident the agency has opened an investigation into Twitter — but added that any potential fine would come after next month’s courtroom battle with Musk, potentially requiring the mogul to pony up billions of dollars in penalties if he’s forced to take over the company.
Zatko — a famed hacker who did a nearly two-year stint as Twitter’s head of security until earlier this year — has accused Twitter of tolerating disturbing security problems, including allegedly keeping a Chinese spy on its payroll.
The ex-FTC officials say the probe likely centers around whether the conduct alleged by Zatko means Twitter breached a so-called consent decree from 2011 that requires the company to “not misrepresent” the extent to which it protects the security and privacy of users. The investigation could potentially lead to billions in fines and a new, more restrictive decree that personally names Twitter CEO Parag Agrawal, sources said.
“I would say with 100% certainty that they have opened an investigation,” said David Vladeck, who led the FTC’s consumer protection division from 2009 to 2012. “I am confident that the FTC is involved in an investigation.”
He said opening an investigation is common sense for the FTC.
“If there is reason to believe that a company violated an existing consent order with the FTC, the FTC isn’t going to twiddle its thumbs, it will investigate,” Vladeck said.
Eileen Harrington, a former FTC executive director, also said she’s certain that the agency is investigating Twitter but that she’s not sure which part of the agency is in charge.
“I would wonder who’s doing the investigation because the best thing to do would be to leave it in the hands of the people who do order compliance and enforcement — and to get them some help,” Harrington said.
Representatives for Twitter and Zatko did respond to requests for comment for this story. The FTC declined to comment.
Zatko warned in Senate testimony earlier this month that thousands of Twitter employees — potentially including spies — have access to sensitive user data including private messages, current locations, home addresses and phone numbers.
Zatko also said that the FTC’s lack of resources meant that tech companies like Twitter have been allowed to “grade their own homework” instead of being held accountable by regulators.
“I cringed when I read all this,” Harrington said of Zatko’s testimony. “I thought, ‘This is very bad for the FTC.’”
Harrington, who spent 27 years at the FTC, has been an outspoken critic of Biden-appointed chair Lina Khan. She speculated that Khan could be inclined to respond to the whistleblower-related bad press by “finger-pointing” at overworked career FTC employees and taking over the probe herself.
In recent weeks, the FTC has contacted people to ask questions about Twitter as part of its investigation, one source told The Post. Another source close to the agency said that the FTC is investigating a consent decree violation involving a company that is most likely Twitter.
Twitter, for its part, has claimed that Zatko’s allegations are “riddled with inconsistencies and inaccuracies” and that it fired him in January 2022 for “poor performance and ineffective leadership.”
The site has also sought to subpoena communications to determine whether Zatko has coordinated with Musk, who is fighting a legal battle to get out of his $44 billion deal to take over the site. Zatko has denied that he filed the complaint to help Musk.
Even if the FTC eventually slams Twitter with a massive fine, the hit would almost certainly come well after Musk faces Twitter in Delaware court starting on Oct. 17. If the court orders Musk to buy Twitter, he would potentially be forced to pony up the penalty himself.
“There’s no way that they can do a thorough investigation and have something announced by Oct. 17,” Harrington said.
During Senate testimony on Tuesday, Khan stopped short of confirming an investigation into Twitter but said the FTC was “extremely disturbed” by Zatko’s allegations.
“There has absolutely been a problem with companies treating FTC orders as suggestions,” Khan said. “We have a program underway to really toughen that up.”
Khan also said the FTC is prepared to personally name tech executives such as Agrawal in future orders.
“If we have a basis for naming individuals because we find that they meet the legal standard for that, we won’t hesitate to do it,” Khan said in response to a question about Agrawal without specifically naming the Twitter CEO.
In May, Twitter agreed to pay the FTC a $150 million fine for breaking the 2011 consent decree after regulators accused the company of collecting phone numbers and emails for security purposes and then accidentally sharing that data with advertisers.
Separately from Zatko’s allegations, Twitter has also faced claims in recent weeks that it has failed to adequately stop minors from viewing and uploading porn. Both Vladeck and Harrington said those allegations could attract attention from the FTC, which has a mandate to protect consumers.