Employees prevented Musk from breaking federal Twitter order, FTC finds
After a divisive investigation into the “Twitter Files” that Republicans decried as “harassment,” the Federal Trade Commission has found no evidence that the social network violated the terms of a government order that placed sweeping restrictions on the company’s data security practices.
Since December 2022, the federal watchdog has been probing allegations that chief executive Elon Musk ordered employees to give a group of outside writers “full access to everything,” prompting concerns that the company was out of compliance with a settlement that puts tight controls on users’ data. Musk gave directives that ran afoul of the order, but veteran Twitter employees intervened and prevented the writers from directly accessing the company’s internal systems, according to a letter FTC Chair Lina Khan sent to House Republicans on Wednesday.
“Longtime information security employees at Twitter intervened and implemented safeguards to mitigate the risks,” the letter said. “The FTC’s investigation confirmed that staff was right to be concerned, given that Twitter’s new CEO had directed employees to take actions that would have violated the FTC’s Order.”
The Twitter Files writers did not receive direct access to the company’s systems but instead worked with employees who accessed the systems on their behalf, according to the FTC.
The conclusion is likely to prove unsatisfying to Musk’s critics, who viewed the FTC order as one of the few checks that the federal government had on his leadership of the social network, since renamed X. Former employees have warned since November 2022 that Musk’s workforce reductions and rapid product rollouts could run afoul of the order. Such consent orders have made the FTC the country’s de facto tech privacy regulator in the absence of congressional action on proposals to regulate the industry.
The Twitter order, which was updated in 2022 after the company allegedly broke a 2011 settlement, requires the company to have strict controls for all systems that store consumer information or provide access to users’ accounts. The FTC says it continues to monitor the company’s compliance with the order.
“When we heard credible public reports of potential violations of protections for Twitter users’ data, we moved swiftly to investigate,” FTC spokesman Douglas Farrar said in a statement. “The order remains in place and the FTC continues to deploy the order’s tools to protect Twitter users’ data and ensure the company remains in compliance.”
“X remains steadfast in its commitment to protect the privacy of its users and will continue to work with the FTC to meet the requirements set out in the consent decree,” said Renato Monteiro, X global head of privacy.
House Judiciary Committee Chairman Jim Jordan (R-Ohio) did not immediately respond to a request for comment.
The letter punctuates months of political jousting between Khan and House Republicans, who have aligned themselves with Musk’s freewheeling approach to content moderation and portrayed the FTC’s investigation as a “harassment campaign.” Jordan has characterized Khan’s approach as “intimidation followed by inaction”; a subcommittee he chairs released a report titled “The Weaponization of the Federal Trade Commission: An Agency’s Overreach to Harass Elon Musk’s Twitter.”
The report particularly zeroed in on the FTC’s scrutiny of the Twitter Files, a project that gave a handful of outside writers access to the company’s internal records as Musk accused Twitter’s former leadership of suppressing speech on the platform, especially during the 2020 election. Republicans have cheered on those efforts, and the subcommittee’s report characterized the FTC’s probe of the handling of the matter as “a government inquiry into First Amendment-protected activity.”
Twitter had a history of tangling with the FTC long before Musk bought it in October 2022. The agency opened a probe into the platform’s security practices before Musk’s purchase, after a whistleblower complaint that The Washington Post reported in August 2022.
But tensions between the agency and Musk spilled into public view within weeks of the sale. In November 2022, the FTC took the extraordinary step of publicly stating that it was scrutinizing the developments at the platform with “deep concern” and was prepared to take action to ensure the company was in compliance with the order.
Earlier that day, former chief information security officer Lea Kissner and other members of the company’s data governance committee resigned, amid concerns that Musk’s swift rollout of a new account verification system did not allow enough time for the security reviews required by the FTC order.
In the letter to Jordan, the FTC reports that a former Twitter privacy and security expert testified that the system, Twitter Blue, was deployed so fast that “security and privacy review was not conducted in accordance with the company’s process for software development.” Another expert told the FTC that he was worried about Musk’s “commitment to overall security and privacy of the organization.”
Strain between the company and the regulator erupted again in July, when X asked a federal court to terminate the FTC order and sought to block the agency’s deposition of Musk. A federal judge in California in November rejected the company’s motion and denied its attempt to stop the FTC from deposing Musk.
The FTC does not rule out bringing future lawsuits against X, Farrar said, and it is continuing litigation in California to preserve the consent order and depose Musk.