November 26, 2022


Complete News World

Twitter’s top security officials have resigned


SAN FRANCISCO – Several top privacy and security executives resigned from Twitter Thursday, citing concerns about risks from Elon Musk’s leadership, in a stunning mass exodus that prompted federal regulators to warn they could step in.

Chief Information Security Officer Leah Kessner chirp They made the “difficult decision” to resign, and the company’s chief privacy officer and chief compliance officer has also resigned, according to screenshots from the employee’s internal Slack letter shared with The Washington Post.

One current Twitter employee said several other members of the site’s privacy and security unit have also resigned, while another said the rest are trying to stem a wave of abuse at the company’s expanded paid service, Twitter Blue.

The Federal Trade Commission, which reached its latest approval decree with Twitter in May, said it was “following developments on Twitter with deep concern.”

“No CEO or company is above the law, and companies must follow our approval decisions,” said Douglas Farrar, the FTC’s director of public affairs. “Our revised approval order gives us new tools to ensure compliance, and we are ready to use them.”

Privacy officers said they are more concerned about the rapid spread of new features without the full security reviews required by the Federal Trade Commission’s approval decree. They also objected to Musk’s order in an email on Wednesday evening — a first for employees since he took control of the company — that all employees must begin working in the office 40 hours a week, starting Thursday.

Musk’s email didn’t touch on Twitter’s long tradition of flexible remote work. Instead, she indicated a dire need to make money from Twitter Blue. “Without significant subscription revenue, there is a good chance that Twitter will not survive the next economic downturn,” Musk warned. “We need about half of our revenue to be subscriptions.”

See also  CVS plans to sell pharmacy long-term care company Omnicare, saying it is 'no longer a strategic asset'

Former FTC officials warned that the departure of key privacy and security officials, as well as some of the changes Musk proposed to Twitter products, opened the company to a serious regulatory risk.

In its settlement, Twitter agreed to hire employees responsible for privacy and security, including a senior company director who will be responsible for certifying the company’s compliance. The departures raise questions about whether such a chain of command is still in place, and whether the people are still there with the power and relationships to ensure that the order is carried out.

“There is a significant risk to the company if it does not have a going concern,” said a former Federal Trade Commission official, who spoke on the condition of anonymity to frankly discuss the company’s regulatory risks.

David C. Vladeck, who was director of the Federal Trade Commission’s Office of Consumer Protection at the time of Twitter’s first settlement with the agency, said the departures and chaos in the early weeks of Musk’s ownership raise questions about whether “compliance requirements will ever go away.” cracks.”

Vladeck said the penalties could be significantly higher for Twitter if it allegedly violates its agreement with the Federal Trade Commission for a second time. “There will be some very significant complications of the latest fine,” he said, referring to the May penalty, which included a $150 million fine. “You have to add a decimal point to that.”

Twitter entered into a consent decree with the Federal Trade Commission after allegations that it deceptively used email and phone numbers that it said it was collecting for security purposes to target users with ads. The Federal Trade Commission claimed that this violated the 2011 consent decree it reached with the company.

See also  Biden mocks 'sensitive' Chevron CEO Michael Wirth in row over gas price claims

The new decree requires Twitter to launch enhanced privacy and security programs, which were due to be audited by a third party. Under this program, Twitter is required to conduct a privacy assessment of any new products it launches.

Twitter pays $150 million fine for misleadingly collected data

Slack’s employee letter said that the rapid release of products and changes without effective security reviews was “extremely dangerous” for users.

It said engineers would have to bear the burden of certifying products to comply with Federal Trade Commission agreements, exposing them to significant personal legal risks.

The collapse of security leadership is particularly fraught because the FTC’s scrutiny was expected by January, according to two people familiar with the timeline.

One said that Kisner and other executives were hiring, despite the company-wide freeze, in a frantic attempt to meet compliance rules before then.

“There are people in dire need,” said one, who was among nearly half of the company laid off last week and spoke on the condition of anonymity to discuss internal issues on Twitter.

Slack’s letter posted a link to Whistleblower Aid, a law firm that represented former security chief Peter Zatko when he filed a complaint this year with the Securities and Exchange Commission and other federal officials citing alleged FTC violations, including what he described as insufficient registration to access Sensitive data and widespread use of outdated software.

The letter warned that the FTC could fine Twitter “billions of dollars”. The author claimed to have heard Alex Spiro, Musk’s chief attorney, say that Musk “is willing to take a great deal of risk in response to this company and users, because ‘Elon is putting rockets in space, and he’s not afraid of the FTC.'” Spiro didn’t immediately respond. On request for comment.

See also  Stock futures turned slightly positive after the Dow crossed the S&P 500, the worst month since March 2020

Ex-security chief claims Twitter buried ‘gross shortcomings’

Other employees said they took paid leave Thursday as evidence of disapproval.

Kisner, brought in by Zatko, has been admired within Twitter and seen as a mainstay amid the recent chaos.

“Twitter has had several major security incidents over the past several years due to poor internal controls and lax data architecture,” said Alex Stamos, former head of data security at Facebook and Yahoo. “The team led by Dr. Kessner has taken serious steps to close these shortcomings, as required by Twitter under the Federal Trade Commission’s approval decree.”

Lourdes Turrecha, a Silicon Valley cybersecurity and privacy attorney, said the sudden resignations were a bombshell in privacy circles that had already stunned the whistleblower Zatko’s complaint and the company’s mass layoffs.

“These executives don’t want to put their lives at risk and go to jail” if the company breaks the law, she said. “It’s a very difficult time to be a Chief Information Security Officer or Chief Technology Privacy Officer right now, especially when your company doesn’t seem to care about its privacy and security practices.”

Zakrzewski reported from Washington, DC Drew Harwell contributed.