Elon Musk may have found his way out of buying Twitter.
Mudge, the nom de cyberguerre of the famed ethical hacker Peiter Zatko, has filed one hell of a complaint about Twitter, accusing the company of making “false and misleading statements” to the government and “fraudulent and material misrepresentations” to its own board. It’s a document that has so much insight into the internal workings of the social-media company that it resembles last year’s so-called Facebook Files in documenting the broken and backwards ways that the company apparently operates. For Musk, this couldn’t be more of a gift.
The scope of the accusations here — which Twitter’s CEO described as “a false narrative riddled by inconsistencies” — is well beyond the relatively narrow spam-bot problem that Musk has tried to latch on to in order to get out of buying the company for $44 billion. In some important ways, it also undermines Musk’s direct claims.
The complaint accuses the company of, among other things, lying about the company’s bot problem, filing false or misleading securities filings, withholding critical information from the company’s board, employing spies after getting pressure from governments, and a lot more. (It was first reported by CNN and the Washington Post. I confirmed its authenticity with Whistleblower Aid, the legal group representing Mudge.)
Here are just some of the details:
Mudge goes hard for the current CEO Parag Agrawal. Agrawal is painted as a duplicitous executive whose rise was opposed by board members. He allegedly hid information about bots and security issues from the board because that would have reflected badly on him. (Agrawal’s previous role was chief technology officer, and Mudge lays most of the company’s problems as being in his wheelhouse before he ascended to CEO last November.) In particular, Mudge claims that Agrawal “cherry-picked” data to show that security was improving when it was actually deteriorating, and that the number of breaches was higher than was presented.
The Federal Trade Commission could be a big problem. In 2011, Twitter entered into an agreement with the FTC called a consent decree, in which it promised to beef up its security systems. This didn’t really happen, and the company was never in compliance with the agreement, Mudge claims. In fact, Twitter employees were able to get wide internal access that they shouldn’t have, and user information that was supposed to be for cybersecurity was also shared with marketing, he claims. Mudge claims that he “reasonably feared Twitter could suffer an Equifax-level hack.”
Where did “deleted” information go? From the claim: “In years past, the FTC had asked Twitter whether the data of users who canceled their accounts was properly ‘deleted.’ Twitter had determined that not only had the data not been properly deleted, but that data couldn’t even be accounted for. Instead of answering the question that was asked, Twitter assured the FTC that the accounts were ‘deactivated,’ hoping FTC officials wouldn’t notice the difference. Mudge learned about the historical practice in 2021, and was told that fines could be $3 million each month plus 2 percent of revenue.”
Jack Dorsey was checked out. Dorsey, the co-founder and previous longtime CEO, was the one who hired Mudge, in what was then seen as a sober and serious decision to clean up the company after a massive hack in 2020. (That hack compromised Musk’s account, in addition to Barack Obama’s and a host of other major users.) But after hiring Mudge, Dorsey basically lost interest, he said. Mudge said that he spoke with Dorsey about six times over the course of a year, with each 30-minute call at his own request, and Dorsey speaking “perhaps 50 words” during those calls.
There’s a secret bot report. In May or June of last year, Mudge hired an outside group — the identity is redacted — to compile a report on Twitter’s ability to rein in spam and fight mis- and disinformation on the platform. When other Twitter executives found out, they hired an outside law firm to produce a “clean” version that removed embarrassing information, according to his claim. He also accused the company’s lawyers of wrongly labeling the report as legally privileged to keep it from leaking out.
The bot problem is only getting weirder. The picture Mudge paints is one where fighting against bots was so hard and the team was under so much pressure to be reactive that nobody really had the wherewithal to fix it. “We don’t really know” how many bots there are, the head of site integrity once told Mudge, he claims — and he “learned deliberate ignorance was the norm among the executive leadership team.” Nobody really had ownership of the problem, but even one of the more proactive solutions Mudge preferred was questionably effective. That program, which screened for users that only read tweets on phones, only flagged as few as 12 million bots a month — which is less than the 15 million or so that Agrawal says the company already dispenses with in its current process.
Twitter may have large unpaid bills. Twitter has the potential for a lawsuit because of its unlicensed use of machine learning programs for some of its central functions, like which tweets get shown to users. Further, the company allegedly misled regulators in Ireland and France about its systems.
Multiple absolutely bonkers national security issues. “The Indian government forced Twitter to hire specific individual(s) who were government agents,” according to the complaint. Chinese “entities” paid for data that could have allowed them to track users in the country, and Agrawal allegedly told Mudge that he was considering caving in to Russian demands to allow for greater censorship and surveillance of users there in order to grow the company’s user numbers.
What’s It All Mean?
Again, that’s not even close to all of it. If you’re Elon Musk, there are a couple ways of looking at this. Remember, he’s making a couple of big claims that were basically unsupported up until Mudge came forward. The first is that Twitter is lying about its bot problem and there are so many fake accounts that it dilutes the real value of the company. But Mudge’s arguments are actually mixed for Musk on this argument. He accuses Agrawal of misleading the board and investors by omitting crucial information, which is not great, but whether that’s an issue for the Delaware Chancery Court to care about was kind of a long shot, since Musk waived his chance to do due diligence into that problem before he agreed to buy the company. And Mudge goes out of his way to show that the company’s executives actually are incentivized to sweep out bots from those that are counted in its crucial favored metric, called monetizable daily active users, or mDAU. “If mDAU includes spam bots that do not click through ads to buy products, then advertisers conclude the ads are less effective, and might shift their ad spending away from Twitter to other platforms with higher perceived effectiveness,” according to the complaint. Overall, the mDAU numbers are basically right, he said.
But Musk has another way out, and that’s essentially arguing that the whole company is a much bigger shitshow than it’s let on. This is where Mudge’s suit comes in. If Twitter had made more straightforward claims in its securities filings that said, “We don’t actually have any idea what our bot numbers are” or “We’re not really complying with the FTC and are at risk of paying billions of dollars in fines” or “We quietly employ spies from India” (again, assuming that these allegations are true), then its stock price would probably be a lot lower. Any of these things could individually or collectively add up to what’s called a material adverse event — essentially an omission or a falsity that’s so big that it really does actually change how much the company is worth. But then again, it could still be bad without qualifying as such an event, which is a high but subject bar to reach.
What this really does is raise the odds that Twitter just settles this thing. One of the things that made this case so interesting was that Twitter just seemed so sure that it was going to make Musk do what it wanted, and the drama here was whether the world’s richest — and, in many ways, most powerful — man was going to be laid low by his own impulsive behavior yet again. But now there are cracks. Yes, Musk’s bot argument is still kinda wobbly, at least from the perspective of the Delaware Chancery Court, which is also not impressed by Musk’s response to Twitter’s discovery requests, the court said today. But his other path relies on showing that he relied on information that was withheld from him, or that fraud and deceit are so rampant throughout the company that its true value was overinflated. Dorsey hired Mudge because of his integrity. He’s previously testified before Congress on these very issues. So how can they go around and say that he’s a liar? Twitter’s big incentive now is to just get this all over with.
Mudge said that he first started talking to lawyers in December 2020 and only started to put together this specific whistleblower complaint in March, which was before Musk publicly came out as a prospective buyer for the company. He goes on to say that he hasn’t talked to anyone with a financial stake in the company, but whether he has been in contact with intermediaries for Musk is a fair question.
What happens now? The Post points out that Mudge’s complaint is light on data about bots — Mudge says he was locked out of his accounts before he could get data he needed — but we may yet learn what else he might know: Mudge is already scheduled to be deposed by Musk’s team.