Twitter may have already broken its consent agreement with the Federal Trade Commission after only two weeks under Elon Musk’s control, according to legal experts.
Musk now faces more dangers as he wriggles through a maze of business and content moderation issues, most of which have been self-inflicted. If a violation is established, it may ultimately result in considerable personal liabilities for Musk.
The potential infraction is brought on by a need that Twitter meets any time its organizational structure changes, including through mergers and transactions.
In accordance with the most recent FTC consent decree, which went into effect this year, Twitter is required to provide the regulator with a sworn compliance notice within 14 days of any such modification.
According to David Vladeck, a former senior FTC officer and law professor at Georgetown University, the compliance letter is meant to inform the FTC of significant changes at the corporation as well as a pledge that it will continue to abide by the order.
In light of the company’s massive layoffs and the departure of senior executives, some legal experts questioned whether Twitter had made the required filings after Musk’s Twitter transaction closed on Thursday, Oct. 27.
The company’s chief privacy officer and chief information security officer, who would be responsible for the company’s compliance reporting, were among those who left.
Researcher at the Stanford Internet Observatory Riana Pfefferkorn tweeted, “Godspeed to the poor b***ards coping with that.”
Regarding whether Twitter has filed any compliance letters since Musk took over the firm, the FTC declined to comment. An inquiry for comment was not immediately answered by Twitter, which recently let go of a sizable portion of its PR crew.
We are in continuous communication with the FTC and will work closely with the agency to ensure we are in compliance, said Alex Spiro, Musk’s attorney, to CNN on Thursday.
Other, more significant regulatory requirements have also been called into question. Included among them are demands that Twitter creates formal privacy evaluations of any “product, service, or practice” (or whenever Twitter alters those things) that might have an impact on or put user data at risk.
There are questions about whether Twitter is adhering to the restrictions it agreed to — or even if it can — given the dizzying rate of a product changes the firm has undergone since Musk took control.
Because there were severe flaws that led to the consent decree in the first place, Vladeck said, “the FTC is going to be concerned about the chaos there and wants to make sure they’re doing what they should be doing.”
An employee’s warning to coworkers in a Slack message earlier this week that Musk might try to shift responsibility for Twitter’s certification of FTC compliance onto individual engineers at the company reflected internal concerns about the company’s compliance obligations. The message was seen by CNN.
The employee noted that the increased risks posed by Musk might be “very harmful to Twitter’s longevity as a platform,” adding that “this will place a great amount of personal, professional, and legal risk onto programmers.”
Georgetown University professor Matt Blaze, who teaches computer technology and law, recommended Twitter employees consult an attorney “before signing anything or making any statement to regulators.”
Blaze tweeted, “This is a bus you DO NOT want to be thrown under.”
Any violations of FTC consent orders, if established, could result in severe penalties, including fines, limitations on Twitter’s ability to conduct business, and even potential punishment against specific executives.
Following FTC charges that Twitter had improperly exploited user account security information, such as phone numbers and email addresses, for advertising purposes, the company revealed its most recent consent deal this spring.
A consent agreement Twitter and the FTC struck in 2011 promising the firm to uphold a strong cybersecurity policy was built upon by the consent order that followed.
Peiter “Mudge” Zatko, the former head of security at Twitter, asserted last summer that the company was failing to uphold these duties in an explosive whistleblower revelation that was originally covered by CNN and The Washington Post. Security and privacy have “always been top company-wide concerns,” according to Twitter, which has disputed Zatko’s claims.
According to legal experts, those allegations, which were made before Musk acquired Twitter, may already be responsible for billions of dollars in future FTC fines.
The most recent allegations of Twitter’s infractions now raise the possibility of Musk facing personal culpability in addition to potentially higher financial stakes.
The FTC would have to determine whether to enforce any alleged infractions after they were proven, according to Vladeck. However, he added that given those facts, “I think it’s likely Musk would be identified” in a subsequent consent order. He has demonstrated that he is the only one making important decisions, after all.
The FTC has been indicating more and more that, if found to have been culpable for a corporation’s infractions, it may attempt to hold specific executives personally liable, naming them in subsequent orders and imposing enforceable rules on their future conduct, even after they leave the company.
(Last month, the FTC demonstrated its readiness to act by levying penalties against the CEO of the alcohol delivery company Drizly.)
If the charges made by Zatko are confirmed to be true, FTC Chair Lina Khan warned US lawmakers that Twitter’s former CEO Parag Agrawal may “definitely” be held personally accountable.
The FTC has not said if it is looking into Zatko’s claims, but on Thursday it made an unusual statement indicating the organization is closely monitoring the situation. The agency declared that it was “following recent developments at Twitter with considerable concern” when information about the management departures came to light.
The FTC declared that “no CEO or firm is above the law, and companies must abide by our consent decrees.” We are prepared to employ the new instruments that our updated consent order allows us to ensure compliance.