Letter to Lina Khan, Chair of the Federal Trade Commission - Senator Markey Joins Blumenthal, Colleagues in Urging Ftc Investigation of Twitter


Dear Chair Khan,

We write regarding Twitter's serious, willful disregard for the safety and security of its users, and encourage the Federal Trade Commission (FTC) to investigate any breach of Twitter's consent decree or other violations of our consumer protection laws.

In recent weeks, Twitter's new Chief Executive Officer, Elon Musk, has taken alarming steps that have undermined the integrity and safety of the platform, and announced new features despite clear warnings those changes would be abused for fraud, scams, and dangerous impersonation. According to media reports, in prioritizing increasing profits and cutting costs, Twitter's executives have dismissed key staff, scaled back internal privacy reviews, and forced engineers to take on legal liability for new changes -- preventing managers and staff tasked with overseeing safety and legal compliance from reviewing the product updates. Moreover, key Twitter executives responsible for the platform's privacy, cybersecurity, and integrity resigned last week, further calling into question whether personal data is adequately protected from misuse or breach while the company explores new products and monetization strategies.

Users are already facing the serious repercussions of this growth-at-all-costs strategy. Since the launch of the verification feature over a decade ago, Twitter users have come to rely on the blue checkmark as an assurance that prominent users are who they claim to be -- the most clear sign that an account is trustworthy. When Mr. Musk announced plans to open Twitter's verification services to all paying users, experts warned the change would exacerbate the platform's already rampant problems with financial scams, foreign disinformation, and public safety threats. These misguided changes come at a time when Twitter is facing coordinated campaigns of racist, misogynistic, and antisemitic harassment, attempting to exploit the change in ownership to spread hate and vitriol.

Despite these warnings, Mr. Musk pressed ahead and launched the feature, resulting in fake accounts impersonating President Biden, Senators, athletes, companies, and others. Of particular concern, these fake accounts included scammers impersonating companies and celebrities for cryptocurrency schemes, identity theft, and other financial crimes.Twitter knew in advance that there was high likelihood the Twitter Blue product could be used for fraud, and still it took no action to prevent consumers from being harmed until this rampant impersonation became a public relations crisis.

We are concerned that the actions taken by Mr. Musk and others in Twitter management could already represent a violation of the FTC's consent decree, which prohibits misrepresentation and requires that Twitter maintain a comprehensive information security program. The FTC was already on notice, even prior to Mr. Musk's acquisition, about Twitter's recent inadequate security practices based on whistleblower disclosures by Twitter's former Security Lead Peiter "Mudge" Zatko. Earlier this year, Twitter agreed to pay $150 million to settle allegations by the FTC and the Department of Justice that Twitter violated the Federal Trade Commission Act and its 2011 consent decree with the FTC by deceiving users about the company's privacy and security practices. We fear that Mr. Musk's reported changes to internal reviews and data security practices further put consumers at risk and could directly violate the requirements of the consent decree. One Twitter lawyer was concerned enough about potential legal violations and management's attitude toward the consent decree that they advised colleagues to seek legal counsel.

We urge the Commission to vigorously oversee its consent decree with Twitter and to bring enforcement actions against any breaches or business practices that are unfair or deceptive, including bringing civil penalties and imposing liability on individual Twitter executives where appropriate. As you recently noted in Senate testimony, "no CEO or company is above the law, and companies must follow our consent decrees."

Thank you for your attention to this important matter.