Details Of FTC’s Investigation Into Twitter And Elon Musk Emerge… And Of Course People Are Turning It Into A Nonsense Culture War (original) (raw)

from the closing-in dept

Back in the fall we were among the first to highlight that Elon Musk might face a pretty big FTC problem. Twitter, of course, is under a 20 year FTC consent decree over some of its privacy failings. And, less than a year ago (while still under old management), Twitter was hit with a $150 million fine and a revised consent decree. Both of them are specifically regarding how it handles users private data. Musk has made it abundantly clear that he doesn’t care about the FTC, but that seems like a risky move. While I think this FTC has made some serious strategic mistakes in the antitrust world, the FTC tends not to fuck around with privacy consent decrees.

However, now the Wall Street Journal has a big article with some details about the FTC’s ongoing investigation into Elon’s Twitter (based on a now released report from the Republican-led House Judiciary who frames the whole thing as a political battle by the FTC to attack a company Democrats don’t like — despite the evidence included not really showing anything to support that narrative).

The Federal Trade Commission has demanded Twitter Inc. turn over internal communications related to owner Elon Musk, as well as detailed information about layoffs—citing concerns that staff reductions could compromise the company’s ability to protect users, documents viewed by the Wall Street Journal show.

In 12 letters sent to Twitter and its lawyers since Mr. Musk’s Oct. 27 takeover, the FTC also asked the company to “identify all journalists” granted access to company records and to provide information about the launch of the revamped Twitter Blue subscription service, the documents show.

The FTC is also seeking to depose Mr. Musk in connection with the probe.

I will say that some of the demands from the FTC appear to potentially be overbroad, which should be a concern:

The FTC also asked for all internal Twitter communications “related to Elon Musk,” or sent “at the direction of, or received by” Mr. Musk.

I mean… that seems to be asking for way more than is reasonable. I’ve heard some discussion that these requests are an attempt to figure out who Musk is delegating to handle privacy issues at the company (as required in the consent decree), but it seems that such a request can (and should) be more tailored to that point. Otherwise, it appears (and will be spun, as the House Judiciary Committee is doing…) as an overly broad fishing expedition.

Either way, as we predicted in our earlier posts, the FTC seems quite concerned about whether or not Twitter is conducting required privacy reviews before releasing new features.

The FTC also pressed Twitter on whether it was conducting in-depth privacy reviews before implementing product changes such as the new version of Twitter Blue, as required under the 2022 order. The agency sought detailed records on how product changes were communicated to Twitter users.

It asked Twitter to explain how it handled a recently reported leak of Twitter user-profile data, to account for changes made to the way users authenticate their accounts, and to describe how it scrubbed sensitive data from sold office equipment.

Another area that is bound to be controversial (and Matt Taibbi is, in his usual fashion, misleadingly misrepresenting things and whining about it) is that the FTC asked to find out which outside “journalists” had been granted access to Twitter systems:

On Dec. 13, the FTC asked about Twitter’s decision to give journalists access to internal company communications, a project Mr. Musk has dubbed the “Twitter Files” and that he says sheds light on controversial decisions by previous management.

The agency asked Twitter to describe the “nature of access granted each person” and how allowing that access “is consistent with your privacy and information security obligations under the Order.” It asked if Twitter conducted background checks on the journalists, and whether the journalists could access Twitter users’ personal messages.

Given the context, this request actually seems reasonable. The consent decree is pretty explicit about how Twitter needs to place controls on access to private information, and the possibility that Musk gave outside journalists access to private info was a concern that many people raised. Since then, Twitter folks have claimed that it never gave outside journalists full access to internal private information, but rather tasked employees with sharing requested files (this might still raise some questions about private data, but it’s not as free wheeling as some worried initially). If Twitter really did not provide access to internal private data to journalists, then it can respond to that request by showing what kind of access it did provide.

But, Taibbi is living down to his reputation and pretending it’s something different:

Matt Taibbi tweet to WSJ article saying: "which journalists a company or its executives talks to is not remotely the government's business. This is an insane overreach."

At best, Taibbi seems to be conflating two separate requests here. The request for all of Musk’s communications definitely does seem too broad, and it seems like Twitter’s lawyers (assuming any remain, or outside counsel that is still having its bills paid) could easily respond and push back on the extensiveness of the request to narrow it down to communications relevant to the consent decree. That’s… how this process normally works.

As for the claim that which journalists an executive talks to is not the government’s business, that is correct, but lacking context. It becomes the government’s business if part of the conversation with the journalist is to violate the law. And… it’s that point that the FTC is trying to determine. If they didn’t violate the consent decree, then, problem solved.

Thus, the request regarding how much access Musk gave to journalists seems like a legitimate question to determine if the access violated the consent decree. One hopes that Twitter was careful enough in how this was set up that the answer is “no, it did not violate the consent decree, and all access was limited and carefully monitored to protect user data,” but that’s kinda the reason that the investigation is happening in the first place.

Indeed, in the House Judiciary Committee report, in which they try to turn this into a much bigger deal, they do reveal a small snippet of the FTC’s requests to Twitter on this topic that suggest that Taibbi is (yet again) totally misrepresenting things (it’s crazy how often that’s the case with that guy), and their concern is literally to the single point implicated by the consent decree: did Twitter give outside journalists access to internal Twitter systems that might have revealed private data:

I would be concerned if the request actually were (as Taibbi falsely implies) for Musk to reveal every journalist he’s talking to. But the request (as revealed by the Committee) appears to only be about “journalists and other members of the media to whom” Elon has “granted any type of access to the Companies internal communications.” And, given that the entire consent decree is about restricting access to internal systems and others’ communications, that seems directly on point and not, as the Judiciary Committee and Taibbi complain, about an attack on the 1st Amendment.

It remains entirely possible that the FTC finds nothing at all here. Or that if it tries to file claims against Twitter that Twitter wins. Unlike some people, I am not rushing to assume that the FTC is going to bring Twitter to account. But there are some pretty serious questions about whether or not Musk is abiding by the consent decree, and violating a consent decree is just pleading for the FTC to make an expensive example of you.

Filed Under: consent decree, elon musk, ftc, investigation, matt taibbi, privacy, subpoena
Companies: twitter