• by Wendy Davis  @wendyndavis, March 15, 2023

The federal government should “enforce aggressively” a prior order requiring Twitter to take steps to ensure users' privacy and the security of their data, the advocacy group Public Citizen urges.

“The available evidence suggests that, under new ownership, the company may be increasingly cavalier about its users and its legal obligations,” Public Citizen writes in a letter sent this week to Federal Trade Commission Chair Lina Khan and U.S. Attorney General Merrick Garland. “Both to protect the interests of millions of Twitter users and to uphold the integrity of the FTC, we urge you to urgently investigate Twitter’s adherence to the consent decree and to enforce aggressively the terms of the consent decree without delay.”

The FTC and Twitter first entered into a consent decree in 2011 that prohibits the company from misleading consumers about privacy.

That order stemmed from allegations that security glitches resulted in hackers obtaining access to some users' names, passwords and private messages.

Earlier this year, Twitter agreed to pay a $150 million fine and enter into a revised agreement with the FTC over claims that the company violated the earlier order by misleading users about their data.

Among other requirements, the revised agreement requires Twitter to create and maintain a comprehensive privacy and security program, and to conduct a risk assessment before implementing or modifying products.

Last November, the FTC said it was “tracking recent developments at Twitter with deep concern.”

The agency's statement came around two weeks after current CEO Elon Musk took control of the company and almost immediately began firing people, including the former head of legal policy, trust, and safety. Other employees, including members of the company's privacy and security team, quit in those first two weeks after the change in ownership.

Public Citizen notes those departures in its letter, as well as more recent events -- including the company's announcement last month that it would disable text message two-factor authentication for users who weren't subscribed to the $8-a-month Twitter Blue service.

“Twitter will offer app-based authentication at no charge, but there is good reason to believe many users will end up with no authentication system at all leaving their accounts vulnerable to breech and security threats,” the letter says.

The group adds that the new authentication structure “plainly implicates the process and substantive obligations of the FTC consent decree.”

“The consent decree should prod Twitter not just to adhere to its terms but to exercise an abundance of caution to repeat its past wrongs,” the letter states.