Top Twitter security officials quit

Comment

SAN FRANCISCO — Several top privacy and security executives resigned from Twitter on Thursday, citing fears over the risks from Elon Musk’s leadership in a stunning exodus that prompted federal regulators to warn they might step in.

The company’s head of moderation and safety, Yoel Roth, who had become the public face of the company’s efforts to reassure users and advertisers that Twitter would not descend into a “free for all,” quit after Musk held his first all-hands meeting. That followed the resignations of Chief Information Security Officer Lea Kissner, the company’s chief privacy officer and its chief compliance officer.

Roth’s departure surprised many because he had been tweeting about product changes with Musk’s approval and because he joined the new owner in speaking to nervous advertisers about future plans just on Wednesday.

“He made it through the midterms. That was important,” a former colleague said.

Musk seeks to reassure advertisers

One current Twitter employee said several other members of the site’s privacy and security unit also had resigned, while another said those remaining were trying to stop a wave of abuse in the company’s expanded paid service, Twitter Blue.

The privacy departures prompted a rare warning from the Federal Trade Commission, which has emerged as the government’s top Silicon Valley watchdog. It was the second time in just two days that a federal official expressed concern over the chaotic developments at the company. less than 24 hours after President Biden said Musk’s relationships with other countries deserved scrutiny.

The agency said that it was “tracking the developments at Twitter with deep concern” and that it was prepared to take action to ensure the company was complying with a settlement known as a consent order, which requires Twitter to comply with certain privacy and security requirements because of allegations of past data misuse. A former employee said that three of the resignations were made by members from the FTC data governance committee. He spoke on condition of anonymity in order to discuss internal issues.

Twitter was initially subject to a consent ordering in 2011, and it accepted a new order earlier in the year. If the FTC finds Twitter is not complying with that order, it could fine the company hundreds of millions of dollars, potentially damaging the company’s already precarious financial state.

President Biden on Nov. 9 said that Elon Musk’s joint acquisition of Twitter was “worth being looked at,” considering the involvement of foreign governments. (Video: The Washington Post

Mark Zuckerberg acknowledges he overestimated e-commerce boom amid layoffs

“No CEO or company is above the law, and companies must follow our consent decrees,” said Douglas Farrar, the FTC’s director of public affairs. “Our revised consent order gives us new tools to ensure compliance, and we are prepared to use them.”

Privacy staffers expressed concern at the rapid rollouts without the FTC consent decree requiring security reviews. They also objected to Musk’s order in an email Wednesday night — his first to the staff since taking control of the company — that all employees had to begin working in the office 40 hours a week, effective Thursday.

Musk’s email did not address Twitter’s long tradition of flexible and remote work. Instead, it mentioned a dire need for money from Twitter Blue. “Without significant subscription revenue, there is a good chance Twitter will not survive the upcoming economic downturn,” Musk warned. “We need roughly half our revenue to be subscriptions.”

Musk addressed staffers at Thursday’s all-hands meeting. Two people spoke under the condition that they remain anonymous because they were not authorized by the company to speak publicly about it.

Musk said that Twitter would accept the resignations of those who do not wish to adhere to the new policy if they were physically capable. He also sought to quell concerns about Twitter’s privacy practices. For that, he turned to a tactic increasingly used at the new Twitter: citing his experience running Tesla, the electric vehicle maker that made him the world’s richest person.

Tesla has a long history of privacy, he stated. Tesla’s cars have surround view cameras that can pose privacy issues. However, the company has gone to great measures to protect users’ data, he stated. The issue, he said, isn’t new to him.

Musk recommends voting for Republicans before midterms

He noted how Tesla does not conduct market surveys — but rather focuses on making products people will love, he said, hinting at an ethos he seeks to bring to Twitter.

Musk replied that Twitter’s increasing dependence on payments would make it easier for advertisers to transact.

The meeting lasted about half an hour, and was held on very short notice. Musk arrived about 10 minutes late.

Some employees felt his decisions had not instilled confidence at the company. Slack was filled with outraged employees asking questions regarding the return-to office policy.

Questions included: “What’s the motivation? Work hard or get fired?” and “how do you plan to restore destroyed trust?”

“People are enraged, with very few expecting RTO would happen this soon,” said one employee who had been retained in the layoffs, but decided to leave. “I am ethically not okay with making the richest person in the world even richer. Also not okay with this alpha dog mentality — it’s already trickling down.”

Musk’s tactics had led to sniping between remaining employees, the person said, as colleagues who used to collaborate took aim at one another in public channels.

Roth had worked at Twitter for more than seven years, during which time he played a critical role in some of the company’s thorniest content decisions related to former president Donald Trump and the 2020 elections. Two days after the midterm elections, Roth left Twitter. This was at a time that many key Senate and House races are still not called.

Roth’s former colleagues said his departure will contribute to the disarray at the company.

Welcome to Elon Musk’s Twitter

“While we cannot predict what might happen in the post election period, I can imagine scenarios where ‘tough calls’ would have naturally made their way up to Yoel,” said Edward Perez, Twitter’s former product director for civic integrity, which includes its election policies. Perez is currently a board member of the OSET Institute, an independent nonprofit dedicated to election security and integrity. “And now of course it begs the question: who has sufficient institutional knowledge at this critical time?”

The FTC is currently the only government agency that could use consent decrees to stop Musk from taking over Twitter. Musk’s first two weeks as the CEO of Twitter were a disaster. chaotic. The federal government has only limited oversight of social media companies, but the FTC has used its oversight of consumer protection and competition to establish itself as the country’s top data privacy regulator. The agency has used consent orders to hold some of the country’s largest tech companies — including Google, Facebook and Snap — accountable for alleged privacy missteps. The agency reached a $5B settlement with Facebook in 2019 for its alleged violation a prior order.

Former FTC officials warned that the departures of key privacy and security officials, as well as some of Musk’s proposed changes to Twitter products, opened the company to serious regulatory peril.

Twitter settled with the FTC by designating employees responsible for privacy, security, and a senior corporate manager responsible for certifying compliance. Questions arise about whether there is still a chain or command, and if the people who are still there have the authority to ensure that the order has been enforced.

“There’s a lot of peril for the company if it doesn’t have continuity,” said a former FTC official who spoke on the condition of anonymity to candidly discuss the regulatory risks for the company.

David C. Vladeck, who was director of the FTC’s Bureau of Consumer Protection at the time of Twitter’s first settlement with the agency, said the departures and the chaos of Musk’s first weeks of ownership raise questions about whether “compliance requirements are going to fall through the cracks.”

Vladeck stated that Twitter could face exponentially higher penalties if it is alleged that it violated its agreement with FTC a second-time. “There would be some very significant multiple of the last fine,” he said, referring to the May penalty, which carried a $150 million fine. “You have to add a decimal point to that.”

Twitter entered into the consent agreement with the FTC after it was accused of using phone numbers and email addresses to target users with advertising. The FTC claimed that this was in violation of the 2011 consent order.

Twitter was required to implement enhanced privacy and security programs under the new decree. These programs were to be audited annually by a third party. Twitter must conduct a privacy assessment for any new products it launches under the decree.

It’s unclear exactly what the FTC’s deliberations could accomplish. Musk has not been afraid to make changes to his whirlwind takeover. He has cut half of the workforce and made major product changes. Musk has often mocked federal oversight and financial watchdogs like the Securities and Exchange Commission. In 2018, after the agency fined him $20 million for misleading Tesla investors, he said in a “60 Minutes” interview, “I do not respect the SEC.”

But the FTC has also shown increasing energy in wanting to hold even the country’s biggest companies to account. Its chair, Lina Khan, said in a Senate subcommittee hearing in September that the agency intends to strictly enforce its rules against companies that treat its “orders as suggestions.”

Elon Musk starts mass layoffs at Twitter

Thursday is the departure day for the executive team Europe has a data protection law, but not like the United States, and this has also been subject to scrutiny. Ireland’s Data Protection Commission is seeking more details from the company about the departure of the company’s chief privacy officer, Damien Kieran. Companies are required to have a data protector officer as per European regulations.

A spokesman for the Irish DPC said the agency had “not received any official notification from Twitter.” Kieran did not respond to a request for comment. Marianne Fogarty (ex-chief compliance officer for Twitter) also didn’t respond to a request. However she did reply on Monday tweeted: “I don’t watch Game of Thrones. I certainly don’t want to play it at work.”

Twitter announced Wednesday that anyone who pays $8 per monthly will be able to receive the same blue checkmark it used to give celebrities, verified politicians, and companies for years. However, since the company doesn’t verify identities, fake accounts have proliferated all over the site, including those of Biden, Pope Francis, Tony Blair, and former prime minister of Britain.

One tweetA blue-check account pretending to be Eli Lilly, gained 1,500 retweets, more than 10,000 likes, and remained online for three hours Thursday afternoon. An Eli Lilly spokesperson told The Post on Thursday they “are in communication with Twitter to address the issue.”

Musk said that the company would close such accounts. However fake accounts were still online for hours, receiving thousands of likes, retweets, and retweets. On Thursday morning, a responseMusk replied to a mention that Biden was a fake and was discussing sex acts.

Twitter’s paid verification service is here. What you need to know.

In an internal Slack message shared with The Washington Post, an employee said the quick release of products and changes without effective security reviews was “extremely dangerous” for users. The message stated that engineers would have to certify that the products conformed with FTC agreements. This puts them at considerable personal legal risk.

According to two people familiar the schedule, the FTC audit was due by January. This is making the crisis of the security leadership more difficult. One person said that Kissner, and other executives, had been hiring despite a companywide freeze in an attempt to meet compliance rules.

“Desperately needed people,” said one of them, who was among the roughly half of the company laid off last week and spoke on the condition of anonymity to discuss internal issues at Twitter.

The Slack message provided a link to Whistleblower Aid. This law firm represented Peiter Zatko as security head when he filed a complaint with the Securities and Exchange Commission and other federal authorities citing alleged violations of the FTC. The Washington Post previously reported that his complaintIt was noted that there was not enough logging of access to sensitive information and that widespread use of outdated software was common.

The message warned that the FTC could fine Twitter “BILLIONS of dollars.” The author claimed to have heard Alex Spiro, Musk’s top lawyer, say Musk is “willing to take on a huge amount of risk in retaliation to this company and users, because ‘Elon puts rockets into space, he’s not afraid of the FTC.’” Spiro did not immediately respond to a request for comment.

Former security chief claims Twitter buried ‘egregious deficiencies’

Others said they were taking Thursday off to protest disapproval. Zatko brought Kissner in and he was widely admired on Twitter. He was seen as a crucial backstop during the recent chaos.

“Twitter has had several major security incidents over the last several years due to poor internal controls and a permissive data architecture,” said Alex Stamos, a former head of data security at Facebook and Yahoo. “The team led by Dr. Kissner made serious strides to closing these flaws, as Twitter is required to do by FTC consent decree.”

Lourdes Turrecha, a cybersecurity and privacy lawyer in Silicon Valley, said the sudden resignations were a bombshell in privacy circles that had already been stunned by Zatko’s whistleblower complaint and the company’s mass layoffs.

“These executives do not want to put their lives on the line and go to jail” if the company breaks the law, she said. “It’s a very hard time to be a chief information security officer or a chief privacy officer in tech right now, especially when your company doesn’t seem to care about its privacy and security practices.”

Zakrzewski reported out of Washington.



Source link

[Denial of responsibility! reporterbyte.com is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – reporterbyte.com The content will be deleted within 24 hours.]

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

NASA confirms discovery underwater artifact from Space Shuttle Challenger disaster

Next Post

Windows 11 will get iCloud Photos

Related Posts