Twitter Security Staff Kept Firm In Compliance By Disobeying Musk

Twitter employees prevented Elon Musk from violating the company’s privacy settlement with the US government, according to the Federal Trade Commission Chair Lina Khan, ArsTechnica reported.

After Musk bought Twitter in late 2022, he gave Bari Weiss and other journalists access to company documents in the so-called “Twitter Files” incident. The access given to outside individuals raised concerns that Twitter (which is currently named X) violated a 2022 settlement with the FTC, which has requirements designed to prevent repeats of previous security failures.

However, based on a concern that such an arrangement would risk exposing nonpublic user information in potential violation of the FTC’s order, longtime information security employees at Twitter intervened and implemented safeguards to mitigate the risks. Ultimately, the third-party individuals did not receive direct access to Twitter’s systems, but instead worked with other company employees who accessed the systems on the individual’s behalf.”

Here are some key parts of the letter the FTC sent to Chairman Jim Jordan:

“I am writing in further response to your April 12, 2023, letter requesting documents and information related to Twitter, in an additional effort to be responsive to your request. This letter addresses your questions regarding the Federal Trade Commission’s investigation of potential third-party access to the information of Twitter users. It also addresses your inquiry regarding the FTC’s review of Twitter’s numerous employee terminations and resignations…

…In early December 2022, media reports indicated Twitter had granted certain third-party individuals broad access to the company’s systems, communications, and other information. For example, one individual tweeted on December 8, 2022, “Our team was given extensive, unfiltered access to Twitter’s internal communications and systems.” Around the same time, another individual tweeted that “the authors have broad and expanding access to Twitter’s files.” Moreover, that same individual was reportedly given access to Twitter’s employee systems, to its Slack channel(s), and given a company laptop…

…You also queried why the FTC was looking into personnel decisions made at Twitter. According to X Corporation (Twitter), in the fall of 2022, the company undertook a rapid series of terminations, layoffs, or other reductions in its workforce. Numerous employees resigned during this time. These workforce reductions significantly impacted the Twitter teams charged with protecting user data. Key data privacy and security executives were gone, including the Chief Privacy Officer, the Chief Information Officer, and the Chief Compliance Officer. Simply put, there was no one left at the company responsible for interpreting and modifying data policies and practices to ensure Twitter was complying with the FTC’s Order to safeguard Americans’ personal data…”

Engadget reported that The Federal Trade Commission (FTC) concluded Elon Musk ordered Twitter (now X) employees to take actions that would have violated an FTC consent decree regarding consumers’ data and privacy and security.

The FTC says it will continue to monitor X’s adherence to the order. “The order remains in place and the FTC continues to deploy the order’s tools to protect Twitter users’s data and ensures the company remains in compliance.”

In my opinion, it was an incredibly smart move for the Twitter employees to limit access for the journalists that Elon Musk selected for the “Twitter Files”. Imagine how bad Twitter would have become if those brave employees hadn’t stepped in!