Twitter employees afraid of prison?  |  Technology news

Twitter employees afraid of prison? | Technology news

After losing thousands of employees and chief compliance officers at Twitter Inc. Elon Musk’s lawmakers are racing to contain growing concerns that employees will be held responsible for security holes.

After losing thousands of employees and chief compliance officers at Twitter Inc. Elon Musk’s lawmakers are racing to contain growing concerns that employees will be held responsible for security holes.

Musk’s lawyer, Alex Spiro, who is leading the legal team after the billionaire’s takeover, sought to assure employees that they would not go to jail if the company was found to be in violation of the Federal Trade Commission’s approval decree, according to a letter seen by Bloomberg.

“I understand that there have been Twitter employees not even working on the FTC matter commenting that they could go to jail if we don’t comply — that’s simply not the way this works,” Quinn Emanuel Urquhart & Sullivan LLP attorney wrote. “It is the obligation of the company. It is the burden of the company. It is the responsibility of the company.”

Twitter’s information security team that oversaw the sharing of user data with advertisers and search partners was sacked after the acquisition, a move that raised internal concerns about vulnerability to security threats and potential violations of FTC rules, according to two people familiar with the matter. .

The layoffs, which began on November 3 and affected 50% of all Twitter employees, created an atmosphere of chaos within the company and were followed this week by the resignations of senior executives, including chief information security officer Leah Kesner, and chief privacy officer Damien Keran. Head of Compliance Marian Fogarty.

Spiro said Twitter has spoken to the Federal Trade Commission and will conduct its first upcoming compliance check. He said in his memo: “The legal department deals with it.”

The people said the move to scrap the six-person information security team was combined with the layoffs of at least ten other employees working on security, privacy and compliance issues at the company. The full size of these teams was not immediately available.

Layoffs and layoffs are particularly noteworthy in a company under the FTC’s decree of approval in which it has agreed to better protect users’ personal data and also has to undergo regular audits of its privacy and data security systems. Twitter has come under fire from former employees for security holes, and in May was fined $130 million as part of a settlement with the Federal Trade Commission and the Department of Justice over data privacy.

The information security team focused on managing third-party risks and was responsible for providing security assurances to advertisers who work with Twitter and share data with the company, according to the two people familiar with the matter, who spoke on the condition of anonymity. He is not authorized to discuss the situation publicly.

The team also monitored Twitter sharing user data with dozens of business partners and research institutions, some of whom had access to a programming interface that could be used to view sensitive non-public information about Twitter users, such as location data, IP addresses, and unique device identification codes, People said.

“The people at Twitter who are verifying this access no longer exist,” one person said, adding that the privacy and security of user data had been compromised as a result.

Work by the released information security team was intended in part to ensure compliance with the Federal Trade Commission’s March 2011 approval decree, according to the people. The decree, which is valid until 2042, ordered that Twitter must establish and maintain a “comprehensive information security program reasonably designed to protect the security, privacy, confidentiality, and integrity of non-public consumer information.” Violations of the decree can result in large fines.

On Thursday, a leader on Twitter’s legal team circulated an internal memo warning employees that the company will, from now on, require engineers to certify their compliance with Federal Trade Commission requirements, according to a memo seen by Bloomberg.

“This would place an enormous amount of personal, professional and legal risk on the engineers,” the unnamed member of the legal team wrote. “I expect all of you will be pressured by management to push for changes that are likely to lead to major accidents.”

In a statement, the Federal Trade Commission wrote that it was following recent developments on Twitter with “deep concern.” No CEO or company is “above the law,” the agency added, and companies must follow approval decisions.

Twitter’s cybersecurity policies have faced criticism in the past after high-profile data breaches. In 2014 and 2015, Saudi Arabia recruited spies within the company and used them to obtain information on dissidents operating on the platform without revealing their identity, according to US prosecutors. In 2020, a Florida teenager was accused of hacking into the accounts of prominent people, including Musk and US President Joe Biden, and using them to promote a cryptocurrency scam.

In September, Peter Zatko, Twitter’s former head of security known as “Mudge,” told the Senate Judiciary Committee that the company had poor security practices, leaving it vulnerable to “teenagers, thieves, and spies.” He said Twitter’s leadership “ignored its engineers” in part because their “executive incentives led them to prioritize profit over security.”

Although rare, there have been cases of personal liability of corporate executives for security breaches. Uber’s former chief of security, Joe Sullivan, was indicted in San Francisco federal court in a case that stemmed from a 2016 hack — the details of which he tried to hide. Part of the charges against Sullivan relate to the fact that Uber is subject to an order from the Federal Trade Commission and required to disclose violations.

#Twitter #employees #afraid #prison #Technology #news

Leave a Comment

Your email address will not be published. Required fields are marked *