FTC Reveals That Twitter’s Old Security Team Prevented Elon From Violating FTC Consent Decree With Twitter Files Access

Soon after Elon took over Twitter and brought with him a sink-shaped wrecking ball, we wrote a story wondering if there was anyone left at the company who remembered that the company had a consent decree with the FTC that required it to take certain steps to make sure private info was not revealed to people who shouldn't see it. Turns out there were a few people! Though they were from the old Twitter team and it's not clear if any of them are left.

As you may know, the FTC has been trying to investigate whether or not Elon has complied with the terms of the consent decree, though Elon has been fighting it every step of the way. Part of his fighting" it is to have lapdog Jim Jordan accuse the FTC of politically motivated weaponization" in its investigation of Musk. Jordan sent a letter to Lina Khan requesting details of the FTC's investigation, and in a response sent last week, Khan actually reveals that Twitter did not violate the consent decree when it gave some wannabe journalists access to internal emails in what became known as the Twitter Files" to some gullible fools.

The key issue: did Twitter give unrestricted access to these outsiders in combing through Twitter tools and systems. It turns out they did not, but only due to the quick thinking of Twitter's longstanding security team, and no thanks to Elon himself, who seemed happy to give full access to any outsider who fluffed his ego enough:

Through the company's responses and depositions of former Twitter employees, FTC staff learned that the access provided to the third-party individuals turned out to be more limited than the individuals' tweets and other public reporting had indicated. The deposition testimony revealed that in early December 2022, Elon Musk had reportedly directed staff to grant an outside third-party individual full access to everything at Twitter. . . . No limits at all."7 Consistent with Musk's direction, the individual was initially assigned a company laptop and internal account, with the intent that the third-party individual be given elevated privileges" beyond what an average company employee might have.

However, based on a concern that such an arrangement would risk exposing nonpublic user information in potential violation of the FTC's Order, longtime information security employees at Twitter intervened and implemented safeguards to mitigate the risks. Ultimately the third-party individuals did not receive direct access to Twitter's systems, but instead worked with other company employees who accessed the systems on the individuals' behalf.

There's more in the letter that suggests the underlying investigation into further potential violations of the consent decree continue, but on the narrow question of whether the company violated the consent decree in giving access to the Twitter Files gang, the answer appears to be no (but also that Elon would have done so if existing employees who understood the decree hadn't stepped in to save the company and Elon's ass in this particular case).