Technology

Why senators are concerned about Twitter’s data security

FILE - The Twitter splash page is seen on a digital device, Monday, April 25, 2022, in San Diego. By hiring Linda Yaccarino as Twitter’s new CEO, Friday, May 12, 2023, Elon Musk is welcoming a veteran ad executive to the helm of the social media site. (AP Photo/Gregory Bull, File)

Lawmakers and privacy experts have grown increasingly concerned about Twitter’s data security and privacy safeguards after the departure of top company officials.

Last week, a group of Democratic senators sent a letter to Twitter raising concerns that recent resignations of top data security executives could put consumer privacy and data security in jeopardy and potentially violate a 2022 consent decree with the Federal Trade Commission (FTC). 

The letter follows the recent resignation of Twitter’s head of trust and safety, Ella Irwin, and the company’s head of brand safety and advertising quality, A.J. Brown.

Irwin, who oversaw content moderation, took the role last fall after Yoel Roth, Twitter’s former head of trust and safety, resigned amid Elon Musk’s chaotic acquisition of the company.

“These departures, following a string of high-profile resignations from Twitter’s lead privacy, information security, and compliance officers, raise concerns about Twitter’s ability to comply with its legal obligations,” the letter said. 


Sen. Elizabeth Warren (D-Mass.), a co-author of the letter, also took to Twitter and said: “Two of Twitter’s top safety executives resigned last week, after months of mass layoffs and hasty product launches. Is Twitter complying with an existing @FTC order to protect consumer privacy and safety? I’m calling for answers.”

Twitter’s history of privacy violations

Last year, Twitter agreed to pay $150 million to resolve a privacy lawsuit brought by the FTC and the Justice Department. The agencies alleged that the company improperly collected user data when it allowed advertisers to use that information to target ads. 

Under an updated consent decree, Twitter had to comply with additional obligations, including the creation and maintenance of a privacy and security program, the lawmakers noted in the letter.

Twitter must also notify the FTC within 14 days when the company has “a change in structure such as sales, including change of ownership, and mergers.”

Experts told the The Hill that these concerns are legitimate, and lawmakers should be questioning Twitter, especially given the company’s history with the FTC.

“It is reasonable for lawmakers to consider the privacy and security practices of companies if they believe there are potential violations as long as that is the true motive,” said Brandon Pugh, policy director of the cybersecurity and emerging threats team at the R Street Institute.

However, Pugh said that based on the letter, it seems unclear “what the specific actions Twitter is alleged to have taken, since it mainly relies on past actions and recent staff departures to assume that there have been violations.”

Pugh also said that Twitter should consider the concerns raised in the letter, given that the FTC has a history of investigating and taking action against the company for privacy violations. 

“It is not clear if Twitter violated consent decrees, but I would not be surprised if the FTC begins additional investigation surrounding issues raised in the letter, if it has not already,” he added. 

Cyrus Walker, the founder and managing principal at cybersecurity firm Data Defenders, also agreed that Twitter should be taking these concerns seriously and ensure that users’ information is protected.

“Because there is no senior leadership to be held accountable for implementing the consent decree and ensuring that the decree is being followed, the natural question is, ‘What are you guys actually doing to address the initial issue of the consent decree in the first place?’” Walker said. 

Walker added that the lawmakers should be questioning Twitter and conducting oversight of the company because it could set a bad precedent for other media giants, who find themselves in the same shoes. 

“A lack of consideration of information security can have a reverberating effect throughout the tech space based on the interconnected relationships that Twitter has with other providers, so they should definitely take it seriously,” he added. 

The Hill has reached out to Twitter for comment.