The U.S. Department of Justice is calling Elon Musk’s leadership at X, formerly Twitter, into question…at least as it pertains to upholding the FTC’s consent order on data privacy and security.
According to a new court filing from the DOJ, an investigation into Musk’s Twitter takeover “revealed a chaotic environment at the company that raised serious questions about whether and how Musk and other leaders were ensuring X Corp.’s compliance with the 2022 Administrative Order.”
The order being referred to is one from the Federal Trade Commission (FTC), which stems from an agreement between Twitter and the FTC from 2011, following multiple data breach issues at the company. In May 2022, before Musk’s takeover, Twitter paid a $150 million fine for violating that agreement after the company was found to be using users’ personal information, which Twitter had claimed was for security purposes, to sell advertising. In addition to the penalty, an updated version of the 2011 FTC order also went into effect.
As part of the FTC order, Twitter is required to “implement and maintain a comprehensive privacy and information security program that requires the company, among other things, to examine and address the potential privacy and security risks of new products.” It also prohibits the company from making profit off of “deceptively collected data” and limits Twitter employee access to users’ personal data.
According to the DOJ investigation as detailed in the filing, “several former employees testified about how Musk exercised granular control of X Corp., at times directing employees in a manner that may have jeopardized data privacy and security.”
One example of this in the filing is the Twitter Files, while not explicitly mentioned by that name. In late 2022, in an attempt to falsely paint the previous Twitter regime as against “free speech” and having a bias for the Democratic Party, Musk began leaking internal company documents and communications from before the acquisition to outside parties including writer Matt Taibbi.
According to the DOJ investigation, Musk sought to give a “third-party journalist” complete access to Twitter. “No limits at all,” the filing read. Musk went so far as to assign a company laptop and internal account with “elevated privileges” beyond even what some actual Twitter employees would be granted. Eventually, employees were able to convince Musk not to go ahead with providing this access. Instead, Musk had Twitter employees provide third-party journalists with the information that they were seeking out.
Another example of such an alleged violation also came in late December, when Musk decided to suddenly relocate one of Twitter’s data centers without following the proper protocol and procedures regarding the data that was stored there. The filing redacted information regarding exactly what the relocated servers contained.
In yet another example of a potential violation, Musk apparently knew of the issues regarding user impersonations on X caused by his relaunch of Twitter Blue, which allowed any user to get a blue checkmark via an $8 per month subscription, yet went ahead with the product that November anyway.
The DOJ continues to say that resignations along with Musk firing half of the company’s employees left Twitter without “key executives in privacy, data security, and compliance roles.”
In July of this year, under Musk, the company submitted a filing in U.S. District Court in San Francisco seeking to terminate the FTC’s consent order. Musk also seeks immunity from testifying about the company’s compliance with the FTC’s 2022 order.
According to the DOJ, Musk has “first-hand knowledge about the current state and direction of the company’s data practices and efforts to comply with the 2022 Administrative Order” and has recommended that X’s motion be denied.