US government lawyers criticized Elon Musk’s leadership at the company formerly named Twitter yesterday, telling a judge that Musk’s attempt to terminate a privacy settlement and Federal Trade Commission investigation should be rejected.
“After agreeing last year to settle charges that it once again misled consumers about the privacy and security of their information, X Corp. (formerly Twitter, Inc.) now seeks to jettison that agreement and limit further scrutiny of its data practices. X Corp.’s motion is meritless and should be denied,” Department of Justice lawyers representing the US government wrote in the filing in US District Court for the Northern District of California.
In July, Musk’s X Corp. asked the court to terminate or modify a privacy settlement that Twitter and the FTC agreed to in May 2022 before Musk bought the company. X claimed that the FTC’s ongoing investigation into whether it is complying with the settlement “has spiraled out of control and become tainted by bias.” X’s motion also sought “a protective order staying the notice of deposition of Elon Musk.”
The US response yesterday said the investigation is warranted by the dramatic changes that Musk brought to the social media firm. It also said that Musk should be deposed in the FTC investigation because he “has unique, first-hand knowledge about the current state and direction of the company’s data practices and efforts to comply with the 2022 Administrative Order.”
The US said the FTC found troubling information when it used its discovery rights under the settlement to request “records and other information to determine whether X Corp. was properly protecting user data during this transformation,” and when it deposed five former executives and employees who held roles in privacy and security. The FTC depositions so far have targeted “former employees because nearly every employee who has been identified as a point person for privacy or data security either resigned or was terminated before the FTC could talk to them,” the government said.
“The information obtained revealed a chaotic environment at the company that raised serious questions about whether and how Musk and other leaders were ensuring X Corp.’s compliance with the 2022 Administrative Order,” the US wrote in the partially redacted filing.
Musk conducted “at least five rounds of terminations, layoffs, or other reductions” in the weeks after his October 2022 purchase of Twitter, eliminating over half of the workforce, the US noted.
“Within days of the initial layoffs, three key data privacy and security executives all resigned: Chief Privacy Officer Damien Kieran, Chief Information Security Officer Lea Kissner, and Chief Compliance Officer Marianne Fogarty,” the filing said. “These three had been the sole remaining members of the company’s Data Governance Committee, which was tasked with interpreting and modifying data policies and practices to ensure X Corp. complied with the 2022 Administrative Order.”
The US filing said that during a deposition, “Kissner testified that decisions by Musk and others—including layoffs and other ‘cost-cutting pressure and decisions’—impaired X Corp.’s ability to ‘put technical restrictions and controls in place… around the company’s use of contact data to make sure that it was being used… for the purpose that the particular contact data was collected.'”
Kissner further testified that after the mass employee exodus, “about half of the controls in X Corp.’s information security program did not have a designated ‘owner’ responsible for their operation. Similarly, at his deposition, Kieran testified that the firings and layoffs meant no one was responsible for about 37 percent of X Corp.’s privacy program controls,” the US wrote.
The next section of the US government filing is titled “Musk’s Conduct.” After buying the social network and taking over as CEO and sole director, “Musk also personally assumed supervisory authority over X Corp.’s privacy and information security program under the 2022 Administrative Order,” the US said.
“Former X Corp. employees testified about several concerning incidents involving Musk,” the US wrote. “For example, in early December 2022, Musk reportedly directed staff to grant an outside third-party journalist ‘full access to everything at Twitter… No limits at all.’ Consistent with Musk’s direction, the journalist was initially assigned a company laptop and internal account, with the intent that they be given ‘elevated privileges beyond just what a[n] average employee might have.'”
The journalist who received that access was reportedly Bari Weiss. According to the US court filing, longtime security employees at Twitter were “concerned such an arrangement could expose nonpublic user information in potential violation of the 2022 Administrative Order” and thus “intervened and implemented safeguards to mitigate the risks.” Instead of receiving direct access to company systems, the journalist was said to be “working with some other individuals within [the company] who were potentially accessing such services on [their] behalf.”