Home Business Twitter’s top security staff have resigned

Twitter’s top security staff have resigned


SAN FRANCISCO — Several top privacy and security executives resigned from Twitter on Thursday, citing fears about the risks of Elon Musk’s leadership, prompting federal regulators to warn they could intervene.

Chief Information Security Officer Leah Kissner he tweeted On Thursday morning, according to screenshots of an internal Slack message from an employee shared with The Washington Post, they said they had made a “difficult decision” to resign, and the company’s chief privacy officer and chief compliance officer also resigned.

One current Twitter employee said several other members of the site’s privacy and security department also resigned, while another said they were trying to stem the tide of abuse at Twitter Blue, the company’s expanded paid service.

The Federal Trade Commission, which reached its final settlement with Twitter in May, said it was “following developments at Twitter with deep concern.”

“No CEO or company is above the law, and companies must comply with our consent decrees,” said Douglas Farrar, director of public affairs for the FTC. “Our revised consent order gives us new tools to ensure compliance, and we’re ready to use them.”

Privacy officials said they were most concerned about the rapid rollout of new features without the full security reviews required by the FTC’s consent decree. They also protested in an email Wednesday night Musk’s first order to staff since taking control of the company, ordering all employees to start working 40 hours a week in the office starting Thursday.

Musk’s email did not address Twitter’s longstanding tradition of flexible and remote working. Instead, Twitter pointed to a dire need to monetize Blue. “Without significant subscription revenue, there’s a good chance Twitter won’t survive the coming economic downturn,” Musk warned. “We need about half of our revenue to subscribe.”

Former FTC officials have warned that the departure of key privacy and security officials, as well as some of Musk’s proposed changes to Twitter products, put the company at serious regulatory risk.

David C. Vladeck, who was director of the FTC’s Bureau of Consumer Protection when Twitter first settled with the agency, said the departures and chaos raise questions about “whether compliance requirements will slip through the cracks.”

Vladeck said the penalties could be exponentially higher if Twitter is alleged to have violated its agreement with the FTC a second time. “The final fine will be a very substantial one,” he said, referring to the May penalty that imposed a $150 million fine. “You need to add a decimal point to it.”

Twitter has signed a consent decree with the FTC following allegations that it fraudulently used email and phone numbers it said it collected for security purposes to target users with ads. The FTC claimed it violated a 2011 consent decree it reached with the company.

The new order required Twitter to initiate enhanced privacy and security programs that must be audited by a third party. Under that program, Twitter is required to conduct a privacy assessment of any new product it launches.

Twitter to pay $150 million fine for fraudulently collected data

An employee Slack message said the rapid release of products and changes without effective security reviews was “extremely dangerous” for users.

It said engineers would have to bear the burden of certifying that products comply with FTC agreements, exposing them to significant personal legal risk.

The security management’s bankruptcy is particularly dangerous because an FTC audit was expected by January, two people familiar with the schedule said.

One said Kissner and other executives had been hired in a frantic effort to comply with compliance rules before, despite the company-wide freeze.

“People who are badly needed,” said one of them, who was among about half the company laid off last week.

The Slack message included a link to Whistleblower Aid, the law firm that represented former security chief Peiter Zatko this year when he filed complaints with the Securities and Exchange Commission and other officials about alleged FTC violations, including allegations of inadequacy. logging of access to sensitive data and extensive use of outdated software.

The message warned that the FTC could fine Twitter “BILLIONS” of dollars. The author claimed to have heard Alex Spiro, Musk’s top lawyer, say that Elon was “willing to take a huge risk to retaliate against this company and users because ‘Elon puts rockets into space, it’s not afraid of the FTC.’ ” Spiro did not immediately respond to a request for comment on the note.

Other workers said they were taking paid leave on Thursday in protest.

Kissner, who was brought in by Zatko, was admired on Twitter and seen as an important support in the recent chaos.

“Twitter has had several major security incidents over the past few years due to weak internal controls and a permissive data architecture,” said Alex Stamos, former head of information security at Facebook and Yahoo. “The team led by Dr. Kissner has taken serious steps to address these flaws, as the FTC’s consent decree requires Twitter to do.”

Source link