A former senior Twitter executive has alleged that the Indian government “forced” the social media company to hire one or more individuals who were “government agents” and had access to vast amounts of the platform’s user data, according to a whistleblower disclosure with US regulators.

“The company did not in fact disclose to users that it was believed by the executive team that the Indian government had succeeded in placing agents on the company payroll,” Peiter ‘Mudge’ Zatko, former head of safety at Twitter, said in his complaint filed with the US Securities and Exchange Commission (SEC).

He alleged that the company “knowingly” permitted an “Indian government agent direct unsupervised access to the company’s systems and user data”.

In a statement, a Twitter spokesperson said that Zatko was fired from his role in the company in January for “ineffective leadership and poor performance”. “What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context. Mr. Zatko’s allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders. Security and privacy have long been company-wide priorities at Twitter and will continue to be,” the person said.

In February last year, MeitY notified the Information Technology Rules, 2021. These rules mandated social media companies to hire key personnel — nodal officers — who would solely liaison with law enforcement agencies to assist them in investigations. The companies were also required to hire a compliance officer, who would ensure compliance with the rules, and a grievance officer, who would resolve user complaints.

It is unclear whether there is any link between Zatko’s claims about Twitter staffing a “government agent” and the employees the company was mandated to hire under the IT Rules, 2021. Zatko has told The Washington Post that evidence to support this claim have been shared with US intelligence. Twitter did not respond to a query seeking clarification on the possibility of this link. An email sent to MeitY too was unanswered until press time.

In his complaint, Zatko also said that in countries where Twitter was needed to have a physical presence and full time employees, “the threat of harm to Twitter employees was sufficient to cause (it) to seriously consider complying with foreign government requests that (it) would otherwise fundamentally oppose”. He added that the government of India, along with those of Russia and Nigeria, “sought, with varying success, to force Twitter to hire local FTEs (full time employees) that could be used as leverage”.

The revelations come as Twitter is engaged in two high-profile legal battles — one with the Centre over some of its content blocking orders, and another one with Tesla CEO Elon Musk in the US over his desire to pull out of his $44-billion bid to buy the social media companies.

Last month, the company had moved the Karnataka High Court seeking to overturn 39 links flagged by the MeitY to be blocked, claiming that the blocking orders were beyond the purview of the law.

Twitter also sued Musk for wanting to terminate his deal for buying the platform. Notably, in this legal action, Musk has alleged that the company’s decision to challenge MeitY’s blocking orders was a “departure from the ordinary course” and put its business in India “at risk”. Twitter, in response, has stated that its actions in India are in line with its “global practice” of challenging government requests or laws if it believes that such requests are not “properly scoped under local law, are procedurally deficient, or as necessary to defend its users’ rights, including freedom of expression”.

Hiding major flaws

Twitter misled users and US regulators about "extreme, egregious" gaps in its online protections, the platform's ex-security chief claimed in whistleblower testimony that could impact the court fight over Elon Musk's buyout bid.

Peiter Zatko's complaint, which was published Tuesday by US media, also accused Twitter of significantly underestimating the number of fake and spam accounts -- a crucial point in Musk's argument for trying to cancel his $44 billion deal to own the platform.

Zatko's filing to authorities including market watchdog Securities and Exchange Commission accuses Twitter of "negligence, willful ignorance, and threats to national security and democracy."

The ex-worker, who Twitter says was fired for poor performance, warns of obsolete servers, software vulnerable to computer attacks and executives seeking to hide the number of hacking attempts, both from US authorities and from the company's board of directors.

The hacker-turned-executive, who goes by the nickname "Mudge," also claims that Twitter prioritizes growing its user base over fighting spam and bots, the filing says.

In particular, Zatko accuses the platform and its CEO Parag Agrawal of issuing untrue statements on account numbers because "if accurate measurements ever became public, it would harm the image and valuation of the company."

His filing argues that because Twitter reports a tally of users based on who can be reached by advertising -- not the actual number of accounts -- the true magnitude of spam bots is effectively unknown to the public.

Twitter fired back at its former worker, saying Zatko was fired in January for "ineffective leadership and poor performance."

"What we've seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context," the firm said in a statement.

The "opportunistic timing" of the allegations appears "designed to capture attention and inflict harm on Twitter, its customers and its shareholders," the statement continued.

A redacted version of the filing was dated July 6, nearly a week before Twitter launched its lawsuit to try to force Musk to close the buyout deal and which is set for trial in mid-October.

Zatko's legal team called the characterizations of his work and departure from Twitter as "false", noting he was fired after clashing with the new CEO Agrawal.

- 'Dangerous security risks' -
The issue of fake accounts is at the heart of the legal battle between Twitter and Tesla chief Musk.

The billionaire has repeatedly accused the company of minimizing the number of bot accounts on its platform, and he tweeted Tuesday "spam prevalence *was* shared with the board, but the board chose not disclose that to the public..."

Musk is relying on the bot argument to justify abandoning his buyout deal and avoid paying severance, but Twitter's lawsuit has asserted that it's too late because the parties already have an agreement.

CNN reported that Zatko has not been in contact with Musk, and that he had begun the whistleblower process before there was any sign of the billionaire's involvement in Twitter.

"We have already issued a subpoena for Mr. Zatko, and we found his exit and that of other key employees curious in light of what we have been finding," Musk's lawyer Alex Spiro told AFP.

The markets were not thrilled with Tuesday's news and Twitter shares closed down over seven percent for the day.

Zatko was hired in late 2020 by the founder and former boss of Twitter, Jack Dorsey, after a massive hack that saw the accounts of major users including Joe Biden, Barack Obama, reality star Kim Kardashian and Musk himself compromised.

Before joining Twitter, Zatko held senior positions at Google and payments processing firm Stripe as well as DARPA, the technological research arm of the Pentagon.

US lawmakers immediately raised concerns about the allegations in Zatko's filing and have pledged to look into them.

"If these claims are accurate, they may show dangerous data privacy and security risks for Twitter users around the world," Senator Dick Durbin said in a statement.

With inputs from AFP.