The Federal Trade Commission has acknowledged a wide-ranging investigation into Twitter’s privacy practices after a House subcommittee on Tuesday disclosed a dozen letters from the agency to the company seeking information about its operations under new CEO Elon Musk.
The acknowledgment marks a rare public confirmation of a probe linked to alleged violations of an FTC settlement, which Twitter first signed in 2011, and which was designed to force the company to improve its protection of user data. It also highlights the intense scrutiny surrounding both Twitter and its regulator as officials try to determine whether violations of the settlement may have occurred under Twitter’s new management — which could broaden the company’s already vast legal exposure.
The probe could have huge repercussions for Twitter’s business at a time when Musk is slashing staff and rushing out new paid features to offset sharp losses in ad sales and bolster the company’s bottom line. If proven, violations of Twitter’s consent decree could pave the way for billions in fines, new limitations on Twitter’s operations or potentially even binding obligations on Musk or other executives.
Meanwhile, regulators in Europe have repeatedly reminded Musk of Twitter’s coming requirements under a new content moderation law known as the Digital Services Act, violations of which could result in fines of up to 6% of Twitter’s annual global revenue.
Among other things, the FTC letters sought testimony from Twitter about its staffing changes due to resignations and firings following Musk’s takeover of the company, according to the staff report. The FTC asked about Twitter’s selective release of internal company data to independent journalists as part of the so-called Twitter Files, and requested that Twitter name the journalists to whom Musk had released confidential Twitter information, the report said.
The report also claims the FTC asked Twitter to produce thousands of Slack messages related to Musk, details of its Twitter Blue subscription program, and information about the office equipment it was reportedly selling as part of its cost-cutting moves. Across a dozen letters, the FTC made more than 350 requests for information, according to the report.
The staff report, by a Republican-led House Judiciary subcommittee devoted to examining the alleged “weaponization” of the US government, claims the FTC probe is politically motivated and is being conducted to “harass” Musk. (Musk has courted and found support from a number of Republicans in Congress.) In response, the FTC said in a statement that the probe is consistent with both the agency’s mission as well as its specific legal duty to enforce promises by Twitter that it would safeguard users’ personal information.
“Protecting consumers’ privacy is exactly what the FTC is supposed to do,” said agency spokesman Douglas Farrar. “It should come as no surprise that career staff at the commission are conducting a rigorous investigation into Twitter’s compliance with a consent order that came into effect long before Mr. Musk purchased the company.”
The Wall Street Journal, which first reported the FTC letters and viewed at least one of them, said the FTC is seeking to depose Musk as part of the investigation. Twitter, which has laid off its communications staff, didn’t immediately respond to a request for comment.
Following the release of the House subcommittee report this week, Musk took to Twitter to denounce the agency, calling its investigation “a shameful case of weaponization of a government agency for political purposes and suppression of the truth!”
The consent agreement Twitter signed in 2011, and that was updated in 2022 following other alleged violations, requires Twitter to maintain a robust information security program that protects user data. Last year, before Musk completed the acquisition, allegations by the company’s former head of security, Peiter “Mudge” Zatko, raised significant doubts about Twitter’s compliance with the agreement.
First reported by CNN and The Washington Post, Zatko alleged that during his tenure at the company, Twitter enabled vast numbers of employees and engineers to make changes to Twitter’s live product and interact with real user data without sufficient safeguards. He also claimed Twitter had misrepresented the state of its security to members of its board and to regulators worldwide. Those allegations prompted a Senate hearing and, as the FTC acknowledged this week, a formal investigation into whether Twitter has breached its commitments.
The FTC has hinted for months that it is closely scrutinizing Twitter’s conduct. Testifying before the Senate last year, FTC Chair Lina Khan told lawmakers that Twitter’s executives could “absolutely” be held personally accountable if an investigation finds those executives facilitated violations of an FTC consent decree. At the time, Khan did not disclose the existence of any such investigation. Around the same time, the FTC said it was “tracking recent developments at Twitter with deep concern” amid reports Twitter may not have filed privacy impact assessments related to changes to its business and product under Musk.
“No CEO or company is above the law, and companies must follow our consent decrees,” the FTC said at the time. “Our revised consent order gives us new tools to ensure compliance, and we are prepared to use them.”