The US government says the former Twitter’s request to end oversight of its data privacy and security practices is “meritless” and owner Elon Musk should not be immune to testifying about the company since he has “first-hand knowledge” of the conduct being investigated.
This includes decisions he made since acquiring the company — including mass layoffs, hasty product launches and an overall “chaotic environment” — that could be in violation of a government order limiting its privacy and security practices.
The company now called X Corp. had filed a motion in July for a protective order that would prevent Musk from having to testify about the company — and for relief from its 2022 consent order with the Federal Trade Commission (FTC).
In a Monday filing on behalf of the FTC, the US Department of Justice said that in seeking to end the FTC’s order, X merely “complains the FTC asked too many questions after Elon Musk acquired the company”.
(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)
But the FTC was asking questions, according to the filing, because of “sudden, radical changes at the company” after Musk took over. Within weeks, half of Twitter’s employees were terminated or resigned, “including key executives in privacy, data security, and compliance roles”.
There were also “alarming site outages, product malfunctions, and issues with data access controls,” the filing says — so the FTC had “every reason to seek information” about whether the company was still complying with the order.
The FTC has been watching the company for years since Twitter agreed to a 2011 consent order alleging serious data security lapses. But the agency’s concerns spiked with the tumult that followed Elon Musk’s October 27 takeover of the company.
In March it was disclosed that the FTC was investigating Musk’s mass layoffs at Twitter and trying to obtain his internal communications as part of ongoing oversight of the social media company’s privacy and cybersecurity practices, according to documents described in a congressional report.
Twitter paid a USD 150 million penalty in May 2022, about five months before Musk’s takeover, for violating the 2011 consent order. An updated version established new procedures requiring the company to implement an enhanced privacy-protection program as well as beef up information security. The company’s July filing seeks relief from the consent order, saying that the FTC’s investigation has “spiralled out of control”.
But the government’s filing on Monday said the FTC was requesting information because it wanted to see if the company was properly protecting user data during its transformation from Twitter into X under Musk’s rule. The FTC heard from five former X employees during its investigation, who “revealed a chaotic environment at the company that raised serious questions about whether and how Musk and other leaders were ensuring X Corp.’s compliance” with the consent order.
For instance, Twitter’s former director of security engineering, Andrew Sayler, testified that he had “ongoing questions about Elon’s commitment to the overall security and privacy of the organisation” because “the manner in which Elon was requesting us to grant access to third parties that had not undergone our regular vetting process struck” Sayler as “having some degree of disregard for the overall sensitivity and security at that level of access”, according to the filing.
In another example from the filing, Musk “insisted on launching the new Twitter Blue user verification service on an accelerated basis, despite staffing limitations”.
The Tesla CEO, according to another former employee’s testimony, “insisted” that the service had to launch “right now” even though Twitter’s staffing was reduced so drastically that remaining employees were “struggling to keep the service up”.
Representatives for X did not immediately respond to a message for comment on Tuesday.