• by Wendy Davis  @wendyndavis, February 21, 2024

X Corp. owner Elon Musk told employees to take action that would have violated a Federal Trade Commission consent decree, but “longtime information security employees” at the company intervened and instituted privacy safeguards, according to the agency.

Ultimately, staff “took appropriate measures to protect consumers’ private information,” FTC Chair Lina Khan said in a letter sent Wednesday to House Judiciary Committee Chair Rep. Jim Jordan (R-Ohio).

The letter comes in response to Jordan's questions to the agency about its investigation into X's compliance with a 2022 consent decree over alleged privacy lapses. That order prohibits the social platform from misrepresenting its privacy practices, and requires it to create a comprehensive privacy and security program, and conduct a risk assessment before implementing or modifying products.

Last year, Jordan's committee released a staff report accusing the FTC of “harassing” X (formerly Twitter) due to Musk's decision to reinstate accounts of prominent conservatives. That report noted that the FTC had repeatedly questioned Twitter in the three months immediately following Musk's purchase of the platform.

Khan said in Wednesday's letter that the investigation into the platform's compliance with the consent decree was “appropriate and necessary.”

“The FTC’s investigation confirmed that staff was right to be concerned, given that Twitter’s new CEO had directed employees to take actions that would have violated the FTC’s Order,” she wrote.

Khan added that the agency was already monitoring compliance when reports surfaced in December 2022 that Twitter had allowed outside journalists who reported on the so-called “Twitter Files” -- which involved the company's prior editorial decisions -- access to a trove of information.

“Media reports indicated Twitter had granted certain third-party individuals broad access to the company’s systems, communications, and other information,” Khan wrote.

“For example, one individual tweeted on December 8, 2022, 'Our team was given extensive, unfiltered access to Twitter’s internal communications and systems,'” she said.

Khan added that another individual was reportedly added to Twitter's Slack channel and given a company laptop.

“Such statements triggered legal scrutiny because their breadth indicated that Twitter may have disclosed consumers’ personal information -- such as direct messages, protected Tweets, or information revealing real names or telephone numbers associated with a particular Twitter handle -- in violation of the FTC’s order and undermining user privacy,” Khan wrote.

Khan also said the FTC discovered through depositions that Musk “reportedly directed staff to grant an outside third-party individual 'full access to everything at Twitter. . . . No limits at all.'”

But Twitter's security personnel were concerned about exposing private information and "implemented safeguards to mitigate the risks," she wrote.

"Ultimately the third-party individuals did not receive direct access to Twitter’s systems, but instead worked with other company employees who accessed the systems on the individuals’ behalf," Khan wrote.