Twitter’s D.C. troubles could threaten Musk’s big plans
A recent data privacy settlement with the FTC puts Twitter’s business under the microscope for the next 20 years.
Elon Musk’s plans to make money from Twitter could be foiled by the heavy scrutiny facing the company because of lax security and privacy practices.
For the next 20 years Twitter will be operating under the close eye of the Federal Trade Commission, after a May settlement stemming from poor privacy and data security protections for its users before Musk bought it.
Twitter was also fined $150 million in May for violating the terms of a 2011 agreement with the FTC over the company's improper use of phone numbers to target ads. Former agency officials who spoke to POLITICO said the commission will be on high alert for anything that violates the settlement.
The commission is also continuing to investigate a whistleblower claim by its former security chief, Peiter ‘Mudge’ Zatko, that the company misled the agency over its privacy and data security practices.
If the FTC finds additional settlement violations, the company and its executives could be on the hook for an even bigger fine. The terms of the settlement require periodic independent audits of Twitter’s privacy and security practices, with the first one set for next summer.
Twitter’s use of data is expected to be key to its business — an imperative that could collide with the FTC’s heightened attention to consumer privacy and data use under President Joe Biden.
Musk paid $44 billion for the company, borrowing $13 billion along the way, and by his own estimation “obviously overpaying.” If he wants to turn the historically unprofitable company into a money maker, business observers believe it’s a good bet he’s going to lean on the advertising business, which accounts for about 90 percent of the platform’s revenues.
That business depends on finding new ways to collect and monetize information about Twitter’s users.
Musk has announced a push for more relevant ads on Twitter, which likely means that the social network will have to either improve its profiling capabilities or its ad personalization algorithms. Both rely heavily on data collection, and Twitter could at a disadvantage because of its past behavior.
“They’re sending signals around making ads more targeted, which requires more data,” Jason Kint, chief executive of Digital Content Next, said. “But at the same time, there’s limitations that are being put on how data can be used.”
The FTC declined to comment. Twitter didn’t respond to requests for comment.
Musk’s takeover also comes as the adtech industry is facing intense scrutiny from the FTC under chair Lina Khan’s leadership. While adtech groups argue that data collection and targeted ads are necessary to a free and open internet, the FTC is weighing whether to implement wide-ranging privacy regulations governing commercial surveillance. This is consistent with Biden’s mission to crack down on the tech sector with aggressive privacy and antitrust policies. It has also taken action against data brokers over practices that companies defend as standard procedures.
While Musk is the sole owner of Twitter, and can make all sorts of business changes on his own, like overhauling moderation policies or trying to monetize the verification badge, the FTC’s attention to the company means that he’ll need to be much more careful with the company’s data collection and ad personalization.
“Twitter does adtech today, but if Elon wants to get more aggressive and not let people opt-out to try to squeeze more revenue from it, then they could get in trouble,” said Justin Brookman, director of technology policy at Consumer Reports and a former policy director at the FTC’s office of technology research and investigation.
The company’s troubles with the FTC now go back 12 years. In May, Twitter entered into an amended settlement with the FTC, after it was caught allegedly using phone numbers shared for multi-factor authentication purposes to target ads. The government argued that this was deceptive, and Twitter agreed to pay a $150 million fine, along with abiding by privacy and security requirements set by the FTC.
Twitter agreed to the initial consent decree in 2011, after the company suffered cyberattacks in 2009 that allowed hackers to gain control of the service through simple security flaws.
More recently, former Twitter security chief Peiter ‘Mudge’ Zatko alleged in a whistleblower complaint that the company intentionally misled the FTC and violated the terms of the 2011 settlement.
The FTC is currently investigating those claims, according to a person familiar with the probe, who is not authorized to speak publicly. If the FTC finds additional settlement violations, the company and its executives could be on the hook for an even bigger fine.
One former FTC official said the agency doesn’t have the resources to proactively monitor every move taken by a Musk-owned Twitter, but it will almost certainly be reading his tweets and other public statements, and if new potential privacy abuses, or other deceptive conduct comes to light, it will act aggressively to stop it.
That would likely include holding Musk himself accountable. "We want to see bad actors face real consequences, and to do so, we are holding corporate leadership accountable," said Stephanie Nguyen, the FTC’s chief technologist at agency-sponsored privacy conference earlier this week.