Twitter mobile app on smartphone showing FTC investigation into privacy practices

FTC Investigation Into Twitter Privacy Practices Ramps up With Request to Interview Elon Musk

An FTC investigation into Twitter’s ability to financially keep up with its privacy obligations is now seeking an interview with Elon Musk, who has cut its workforce by more than half since he took over the company in late 2022. Twitter has special obligations in terms of privacy practices due to a 2011 settlement of a prior FTC case.

FTC investigation expands focus to Musk’s tenure

Much of the FTC investigation is rooted in incidents that took place prior to Musk stepping into the role of Twitter CEO in October 2022. The company is subject to regular reviews of its privacy practices due to a string of security lapses over a decade ago, but recent scrutiny intensified when its former head of cybersecurity came forward as a whistleblower and testified to a Congressional committee in September 2022.

The FTC investigation’s specific concern with the Musk era is that the company is retaining adequate resources to fund and staff the privacy practices it remains obligated to. Musk famously began his reign by slashing company jobs, ultimately laying off over 5,500 people and operating fewer than 2,000. The company has since been quiet about its financial situation, with Musk only recently revealing that the company was recovering from a sharp drop in ad revenue and that it may have positive revenue in the second quarter after cutting $3 billion in total operating expenses.

As often happens in Washington, the FTC investigation also appears to be breaking down into a partisan political matter as the newly Republican-controlled House Judiciary Committee has accused the agency of using it as a means to harass Musk in retaliation for the “Twitter Files” disclosures. The agency has issued over 350 requests for information since Musk took over, including every internal communication that mentions his name and verification that equipment the company has since sold was wiped of user data, something that has rankled Republicans in Congress.

It is still not entirely clear what the FTC investigation is focusing in on in terms of Musk’s actions, but anonymous sources from within the company have told the press that one aspect is Twitter’s use of compliance software. Twitter reportedly used a piece of software called Collibra to track its data governance program, and sources say that this subscription was eliminated as part of the cost-cutting measures. It is not clear how its privacy practices are currently documented.

Another piece of information from these sources indicates that Musk has pulled in lawyers from his other companies as Twitter’s own lawyers were laid off, which has caused some chaos in the company. The sources say that junior employees were also promoted to positions that they were not qualified for, though it is not clear if this directly involved privacy practices.

Musk draws partisan attention, but Twitter’s prior issues have not been forgotten

While anything involving Musk will naturally grab headlines, the FTC investigation is still exploring elements that took place well before he took over the company. Chief among these is the testimony of former head of security Peiter “Mudge” Zaiko, who told Congress that the company’s prior executive team had knowingly misled both regulators and investors about its privacy practices and its efforts to rein in bots and spam. FTC Chairwoman Lina Khan has said that she found Mudge’s claims “disturbing” and that there have been ongoing problems with companies “treating FTC orders as suggestions.”

Violations of the FTC consent decree could come back to haunt executives who have been exited from the company; Khan has also said that they could be held personally accountable if the investigation ultimately concludes that they facilitated these incidents. Put in place in 2011, the consent decree settled a prior FTC investigation involving poor security and privacy practices at Twitter and multiple break-ins by hackers that had taken place starting in 2009. The agreement is in place until 2031 and requires Twitter to refrain from misleading the public about privacy practices, and to maintain a comprehensive IT security program that is inspected by an auditor once every two years.

Twitter faces regulatory issues on multiple fronts, as the European Union is also asking it for more disclosures about its internal efforts to curb misinformation and disinformation. In February, European officials said a prior report that Twitter had filed on the subject was found wanting and that it could face regulatory action if it does not employ more content moderators. The US Securities and Exchange Commission is also currently investigating whether Musk’s acquisition of Twitter stock was disclosed according to the rules.

In addition to potential fines and criminal charges for executives, Twitter might be fined again as a result of the FTC investigation if its privacy practices are found to be out of compliance with its consent decree. Twitter was fined $150 million in May 2022 for a prior violation of the order.