The Federal Trade Commission is scrutinizing the company’s security until 2042, and any new mishaps could lead to even heavy penalties.
Elon Musk’s Twitter faces significant fines from US regulators.
Would you take $500 in free gasoline from the President of the United States? That’s the question that Barack Obama’s Twitter followers had to ask themselves in 2009 when his account was one of several that were taken over by an attacker. The attacker got a Twitter employee’s corporate login and used it to access high-profile accounts.
Twitter was hacked in 2011, revealing privacy failures that led to the company being forced into a consent decree with the US Federal Trade Commission (FTC). The decree gave the FTC 20 years of oversight of Twitter’s security practices. Earlier this year, Twitter was fined $150 million for misusing the phone numbers of more than 140 million users. According to US government attorneys, Twitter is a “recidivist who engaged in criminal behaviour even after law enforcement intervention.”
Elon Musk’s recent takeover of Twitter has made him owner of a company that will be under the scrutiny of the US government’s antitrust and consumer protection agency until 2042. His drastic measures of firing employees and contractors, as well as the resignations of high-ranking privacy and compliance executives, have led some security experts to believe that the platform is at a greater risk for severe security breaches. The Federal Trade Commission has expressed deep concern this month over recent developments at Twitter, and seven Democratic members of the Senate have called on the agency to investigate the social media giant. Noncompliance with the consent decree could result in hundreds of millions of dollars in fines or further federal court complaints and consent orders.
David Vladeck, a law professor at Georgetown University who originally filed the charges against Twitter in 2011 that led to the company’s consent decree, believes that Twitter may already be in violation of the order which is set to expire in January of 2022. While serving as director of the FTC’s Bureau of Consumer Protection, Vladeck noted that Musk gutted the company of key personnel who would be responsible for filing an initial assessment in January 2021 detailing how Twitter plans to comply with the order’s requirements.
The FTC has ordered Twitter to submit a report detailing their compliance with the order, as well as identifying employees that can be contacted in relation to future compliance. The report and all other documents submitted to the commission must be accurate under penalty of perjury. Twitter will have to conduct vulnerability testing every four months, privacy and security risk assessments every year, and get an independent security audit every two years for the next ten years.
If the FTC finds that Twitter isn’t complying with its current rules, the company could face severe consequences like heavy fines, Vladeck says. Because Twitter has already been fined in the past for not meeting the standards of its original consent decree, another breach would result in more significant punishments that could include stricter requirements to maintain security measures.
According to Vladeck, if there is any sort of mishap with this order, it will be Musk himself who will be held responsible. “If there’s another consent decree, he could get in serious trouble, and other people high up in the organization may also be held responsible.”
The FTC’s treatment of Facebook is a worrying sign for Musk and Twitter. In 2019, the agency hit the company with a record $5 billion fine following a complaint about violating a 2012 order. CEO Mark Zuckerberg was named personally responsible for compliance and certification of documents, meaning he could face perjury charges if he gets things wrong. This is a major problem for Twitter, as part of Elon Musk’s takeover the company was loaded with debt. This has caused many issues for Twitter, and has led to a lot of financial problems for the company. If the FTC comes after Twitter in the same way, the company could be in serious trouble.
As The Verge reported, the recent relaunch of Twitter’s subscription service skipped traditional privacy and security reviews – something that suggests the company is at risk of missing some of its FTC requirements. According to the report, company lawyers asked employees to self-certify compliance with the FTC orders, which state that no more than five people can make decisions about how personal data like mobile numbers and email addresses are collected and used. Furthermore, the company is required to maintain comprehensive privacy and information security programs.
According to an internal email obtained by The Verge, Tesla CEO Elon Musk has assured Twitter employees that the company will do everything possible to comply with the FTC order. However, a company lawyer has released a statement cautioning that the current head of legal at Twitter, Alex Spiro, said the platform’s new owner plans to take big risks because “Elon puts rockets into space. He’s not afraid of the FTC.”
In an email to employees that was seen by TechCrunch, Spiro told employees that compliance with the consent decree is the responsibility of the company, not individual employees. He went on to share plans to comply with the decree’s mandates. This response followed questions from Twitter employees who were worried that they could be personally liable for violations of the consent order and face prison time.
Even though the FTC has made it mandatory for Twitter to go through internal assessments and external audits, it doesn’t mean that every problem will be caught. A similar order was put in place for Facebook but it didn’t prevent the Cambridge Analytica scandal. In 2016, the Trump presidential campaign worked with a third-party firm to collect data from more than 50 million people without their consent and Documents obtained by Bloomberg Law found that Twitter’s compliance with the 2011 FTC order did not address shortcomings later highlighted by security expert Peiter “Mudge” Zatko in testimony before Congress. Zatko said that the company was lacking in basic security measures, such as systems that would prevent employees from accessing user data.
Musk’s role at Twitter is also being investigated by regulators in Ireland and the European Union who have said they are watching the company closely, to see if it abides by EU data protection law. The EU’s Digital Services Act came into effect last week, which requires that by February 2024, big platforms like Twitter will have to do risk assessments, and give information about their algorithms and automation processes, like content moderation. If they do not follow these rules, they could be fined up to 6 percent of their global revenue.
In recent weeks, Elon Musk has demonstrated to Twitter users, employees, and the rest of the world that he’s willing to ignore the rules sometimes and make sweeping changes to his new company. However, he can’t change Twitter’s history of poor security or the fact that it will be under close scrutiny from the FTC for the next 20 years.
Social media companies can face a variety of risks, including reputational damage, legal liability, and financial penalties. These risks can arise from a variety of factors, such as user-generated content that violates the company’s policies or laws, data privacy breaches, or failure to comply with regulatory requirements.
In the United States, social media companies may be subject to oversight and regulation by a number of federal agencies, depending on the specific issues involved. For example, the Federal Trade Commission (FTC) is responsible for regulating advertising and marketing practices, and the Department of Justice (DOJ) is responsible for enforcing federal antitrust and competition laws. The Federal Communications Commission (FCC) regulates telecommunications and internet service providers, and the Securities and Exchange Commission (SEC) oversees publicly-traded companies and the securities industry.
Yes, social media companies can potentially be fined by US regulators if they are found to be in violation of applicable laws or regulations. For example, the FTC can impose fines on companies that engage in deceptive or unfair business practices, and the DOJ can impose fines for antitrust violations. The amount of the fine can vary depending on the specific circumstances of the case and the severity of the violation.
You may also like