Elon Musk’s takeover of Twitter created a “chaotic environment” at the social media platform that may have violated a government order requiring an overhaul of its data security and privacy practices, according to a court filing.
The US Department of Justice (DoJ) alleged in a legal filing on Tuesday that depositions from former employees at Twitter, now rebranded X, raised “serious questions” about whether the company was complying with an order imposed by the consumer and competition watchdog, the Federal Trade Commission (FTC).
“The information obtained revealed a chaotic environment at the company that raised serious questions about whether and how Musk and other leaders were ensuring X Corp’s compliance with the 2022 administrative order,” the filing said.
Twitter’s former director of security engineering, Andrew Sayler, testified that he had “ongoing questions about Elon’s commitment to the overall security and privacy of the organisation” because he thought “the manner in which Elon was requesting us to grant access to third parties that had not undergone our regular vetting process … [had] some degree of disregard for the overall sensitivity and security at that level of access”.
In a further example from the filing, another employee said the Tesla CEO “insisted on launching the new Twitter Blue user verification service on an accelerated basis, despite staffing limitations”. Musk, according to the testimony, insisted that the service had to launch “right now” even though Twitter’s staffing was reduced so drastically that remaining employees were “struggling to keep the service up”.
Last year the site’s parent company Twitter Inc, now known as X Corp, settled charges that it had misled consumers about the privacy and security of their data.
In a settlement struck before Musk bought the company, it agreed to pay a $150m (£120m) fine and agreed to update a 2011 order that had been imposed by the FTC after an investigation into misrepresenting its data privacy and security practices to users. The DoJ said X Corp’s attempt to jettison that updated agreement, in a filing made in July, should be refused.
The updated order requires X Corp to implement a privacy and data security programme and update the FTC on compliance with it when asked. The DoJ filing claims X Corp is complaining that the FTC has asked “too many questions” since Musk bought the company.
The filing says the FTC had to ask questions because of “sudden, radical changes” at X after Musk’s takeover in October last year.
In March this year, it was disclosed that the FTC was investigating Musk’s mass layoffs at the company and trying to obtain his internal communications as part of ongoing oversight of the social media company’s privacy and cybersecurity practices, according to documents described in a congressional report.
The DoJ filing also counters X Corp’s argument that Musk should not have to testify about its compliance with the order. The DoJ argues that Musk has “unique, firsthand” knowledge about the company’s data practices.
The filing states that half of the platform’s employees were fired or resigned within weeks of the acquisition including “key executives in privacy, data security, and compliance roles”. It goes on to list problems under Musk’s leadership including the botched relaunch of the Twitter Blue subscription service and reports of site outages.
“The FTC had every reason to seek information about whether these developments signalled a lapse in X Corp’s compliance,” said the filing, which adds that the company’s attempt to dismiss the FTC order “largely fails to acknowledge” the concerns that triggered the regulator’s questions.
X Corp has been approached for comment.