The U.S. Department of Justice (DoJ) says Elon Musk may have violated a court order requiring him to implement a privacy and data security program in the wake of his Twitter takeover last year, a court filing issued on Tuesday claimed. The Federal Trade Commission (FTC) updated an Administrative Order last year, requiring the company to provide information to ensure it complies with the FTC’s security requirements.
The DoJ’s filing claimed Musk’s changes to Twitter created “a chaotic environment at the company that raised serious questions about whether and how Musk and other leaders were ensuring [the company’s] compliance.”
The overwhelming number of changes Musk implemented upon taking over the company in October 2022 raised “too many questions” that the company was not following the FTC’s 2022 order, according to the filing. The mass layoffs in November reduced Twitter’s workforce by 50% (with deep cuts to its moderation team) and deposition excerpts with former executives claimed Musk’s cost-cutting measures violated security and privacy practices. The court filing added that “multiple employees testified that Musk gave directives that were at odds with the company’s normal processes and policies.”
In 2022, the FTC raised a complaint against the social media company, claiming that Twitter engaged in multiple violations of an existing Administrative Order put in place in 2011.
The order barred Twitter from “misleading consumers about the extent to which it protects the security, privacy, and confidentiality of nonpublic consumer information, including the measures it takes to prevent unauthorized access to nonpublic information and honor the privacy choices made by consumers,” the FTC stated in a news release at the time. It added that Twitter must implement a comprehensive information security program that it would assess every 10 years.
The FTC found Twitter violated the 2011 Administrative Order in May of last year before Musk acquired the company, and Twitter agreed to pay $150 million in civil penalties. The FTC ordered Twitter to provide “periodic assessments of its privacy and data security program” and updated the 2011 order, which Twitter agreed to, the filing states.
The document included an excerpt from Twitter’s former director of security engineering, Andrew Sayler, who testified that he had “ongoing questions about Elon’s commitment to the overall security and privacy of the organization” because he thought “the manner in which Elon was requesting us to grant access to third parties that had not undergone our regular vetting process … [had] some degree of disregard for the overall sensitivity and security at that level of access.”
Twitter has argued that Musk should not be required to testify at a hearing and has requested the federal court to dismiss the FTC’s order, but the court filing argues Musk’s request should be denied. The court filing claims that Twitter’s arguments stating that the FTC’s actions are “baseless, politically motivated, and made in bad faith” are “meritless,” and it states that there is no evidence to support the claims.
Twitter did not immediately respond to Gizmodo’s request for comment.