Twitter’s privacy and security teams are in turmoil after Elon Musk’s changes to the service bypassed its standard data governance processes. Now, a company lawyer is encouraging employees to seek whistleblower protection “if you feel uncomfortable about anything you’re being asked to do.”
The company’s chief privacy officer Damien Kieran, chief information security officer Lea Kissner, and chief compliance officer Marianne Fogarty have all resigned, according to two employees and an internal message seen by The Verge. Kissner confirmed their departure in a tweet on Thursday.
“Elon has shown that his only priority with Twitter users is how to monetize them.”
In a note posted to Twitter’s Slack and viewable to all staff that was obtained by The Verge, an attorney on the company’s privacy team wrote, “Elon has shown that his only priority with Twitter users is how to monetize them. I do not believe he cares about the human rights activists. the dissidents, our users in un-monetizable regions, and all the other users who have made Twitter the global town square you have all spent so long building, and we all love.”
The FTC reached a settlement with Twitter in May after the company was caught using personal user info to target ads. If Twitter doesn’t comply with that agreement, the FTC can issue fines reaching into the billions of dollars, according to the lawyer’s note to employees.
The note goes on to say that its author, who The Verge knows the identity of but is choosing not to disclose, has “heard Alex Spiro (current head of Legal) say that Elon is willing to take on a huge amount of risk in relation to this company and its users, because ‘Elon puts rockets into space, he’s not afraid of the FTC.’”
Musk’s new legal department is now asking engineers to “self-certify” compliance with FTC rules and other privacy laws, according to the lawyer’s note and another employee familiar with the matter, who requested anonymity to speak without the company’s permission.
The employee said this week’s launch of the revamped Twitter Blue subscription disregarded the company’s normal privacy and security review, with a “red team” reviewing potential risks the night before the launch. “The people normally tasked with this stuff were given little notice, little time, and unreasonable to think it [the privacy review] was comprehensive.” None of the red team’s recommendations were implemented before Twitter Blue’s relaunch, the employee said.
Musk has signaled that one of his first priorities is rebuilding Twitter’s infrastructure. During a Twitter Spaces audio conversation with advertisers on Wednesday, he said that he wanted to redo the company’s software stack so that the same technology is powering the relevance of tweets and ads. “We have to be adventuresome here,” he said.
In a statement shared with The Verge after this story was published, an unnamed FTC spokesperson said the agency was “tracking recent developments at Twitter with deep concern. No CEO or company is above the law, and companies must follow our consent decrees. Our revised consent order gives us new tools to ensure compliance, and we are prepared to use them.”
Former Twitter outside counsel Riana Pfefferkorn noted in a tweet that the company’s FTC consent order requires the company to do privacy reviews before making changes to the product. That same FTC consent order requires Twitter to submit a compliance notice signed by predetermined officers of the company to the FTC 14 days after a change in company control — which means Twitter owes the FTC a compliance notice today, 14 days after Musk took over.
“I anticipate that all of you will be pressured by management into pushing out changes that will likely lead to major incidents,” the Twitter lawyer wrote in the Slack message, which you can read in full at the end of this article.
On Thursday evening, Musk sent an email to employees obtained by The Verge to address concerns about the FTC consent order. “I cannot emphasize enough that Twitter will do whatever it takes to adhere to both the letter and spirit of the FTC consent decree,” he wrote. “Anything you read to the contrary is absolutely false. The same goes for any other government regulatory matters where Twitter operates.”
Here is what the Twitter lawyer wrote in Twitter’s Slack:
Twitter is a remote-first workplace, and has operated as such for years. It is a fundamental change to our employment contracts to require a 40hr a week in-office requirement. I do not, personally, believe that Twitter employees have an obligation to return to office. Certainly not on no notice (if at all).
I also remind all Tweeps (at least in the US) that we have an unlimited PTO policy. All Tweeps are able to take PTO. Perhaps today is a good day to take some rest and recharge.
Everyone here should also know that our CISO, Chief Privacy Officer and Chief Compliance Officer ALL resigned last night. This news will be buried in the return-to-office drama. I believe that is intentional.
Over the last two weeks. Elon has shown that he cares only about recouping the losses he’s incurring as a result of failing to get out of his binding obligation to buy Twitter. He chose to enter into that agreement! All of us are being put through this as a result of the choices he made.
Elon has shown that his only priority with Twitter users is how to monetize them. I do not believe he cares about the human rights activists. the dissidents, our users in un-monetizable regions, and all the other users who have made Twitter the global town square you have all spent so long building, and we all love.
I have heard Alex Spiro (current head of Legal) say that Elon is willing to take on a huge amount of risk in relation to this company and its users, because “Elon puts rockets into space, he’s not afraid of the FTC.” I have heard another leader in the Legal department say that because of the tight SLA’s (of two weeks?!) between product inception > launch, Legal will “have to shift the burden to engineers” to self-certify compliance with FTC requirements and other laws. This will put huge amount of personal, professional and legal risk onto engineers: I anticipate that all of you will be pressured by management into pushing out changes that will likely lead to major incidents.
All of this is extremely dangerous for our users. Also, given that the FTC can (and will!) fine Twitter BILLIONS of dollars pursuant to the FTC Consent Order, extremely detrimental to Twitter’s longevity as a platform. Our users deserve so much better than this.
If you feel uncomfortable about anything you’re being asked to do, you can call Twitter’s Ethics Hotline at (800) 275-4843 or submit a report at ethicshelpline.twitter.com. Please also note the FTC’s number is: 1-877-FTC-HELP. You may also remember that Mudge reached out to httos://whistlebloweraid.org
I wish you all luck. It’s been such an honor to work with all of you. And I’ll be taking a day of PTO today. 💙
The Verge reached out to Musk for comment. Twitter no longer has a communications department.
Makena Kelly contributed reporting for this story.
Update November 10th, 7:25AM ET: Added Thursday evening email from Musk.
Update November 10th, 11:50AM ET: Added the full Slack message from a Twitter lawyer, details about Musk’s comments to advertisers, more about the launch of Twitter Blue, and noted that Musk was contacted for comment.
Update November 10th, 2:28PM ET: Added more information about the FTC consent order Twitter is under and a comment from the agency.