Shulou(Shulou.com)11/24 Report--

Beijing, Nov. 14 (Beijing)-it is reported that after Twitter lost thousands of employees and senior compliance officers, Elon Musk's deputies are trying to address high concerns that employees will be held responsible for safety mistakes.

According to a message, Musk's lawyer, Alex Spiro, is mentoring the billionaire's legal team and is trying to reassure employees that they will not be jailed if the company is found to have violated the Federal Trade Commission's consent decree.

"as far as I know, some employees at Twitter who do not even engage in FTC have commented that if we do not comply with the rules, they may go to jail, which is not the case at all," Spiro wrote in a memo. "this is the company's obligation, it's the company's burden, it's the company's responsibility."

Twitter's information security team, which oversees the sharing of user data with advertisers and research partners, was fired after the acquisition, raising internal concerns about vulnerability to security threats and possible violations of FTC rules, according to two people familiar with the matter.

The layoffs, which began on November 3, affected 50 per cent of Twitter's employees, and a large number of departures led to chaos within the company. Several more executives left the company last week, including Lea Kissner, chief information security officer, Damien Kieran, chief privacy officer, and Marianne Fogarty, chief compliance officer.

Mr Spiro said Twitter had talked to FTC and would conduct its first compliance check. "the company's legal department is dealing with this," he said in a note. "

The dismissal of a six-person information security team has been combined with the company's layoffs of at least a dozen other employees working on security, privacy and compliance issues, according to sources. The company did not immediately disclose the scale of layoffs for these teams.

The company's wave of layoffs and departures is particularly noteworthy because they are currently under FTC consent laws, which agree to better protect users' personal data and must be subject to regular audits of their privacy and data security systems. Twitter was severely criticized by former employees for security vulnerabilities and was fined $130 million in May as part of a settlement with FTC and the US Department of Justice over data privacy.

Twitter's information security team is mainly responsible for third-party risk management and is responsible for providing security assurance to advertisers who work with Twitter and share data with the company, according to two people familiar with the matter. The people familiar with the matter declined to disclose their identities because they were not entitled to discuss the situation publicly.

The team also monitored Twitter's sharing of user data with dozens of business partners and research institutions, some of whom had access to a programming interface to view sensitive non-public information about Twitter users, such as location data, IP addresses and unique device identifiers, the sources said.

"the people who check this kind of access on Twitter are no longer there," one of them said. He added that the privacy and security of user data have been threatened as a result.

According to these people, part of the work carried out by the fired information security team is to ensure that the company complies with the consent decree issued by FTC in March 2011. The decree, which runs until 2042, orders Twitter to establish and maintain "a comprehensive information security plan designed to reasonably protect the security, privacy, confidentiality and integrity of non-public consumer information". Violations of the law may result in huge fines.

On Thursday, a leader of Twitter's legal team issued an internal note warning employees that the company would require engineers to prove that their work complied with FTC requirements, according to a memo.

"this will pose huge personal, professional and legal risks to engineers," the member of the legal team, who spoke on condition of anonymity, wrote in the memo. I expect all of you to feel pressure from management to push for changes that could lead to major accidents. "

FTC wrote in a statement that the agency was following Twitter's latest developments with "deep concern". The agency added that no chief executive or company was "above the law" and that the company must comply with the consent order.

Twitter's cyber security policy faces criticism after previous data breaches. In 2020, for example, a teenager from Florida was accused of leaking the accounts of celebrities, including Mr Musk and US President Joe Biden, and using them to promote a cryptocurrency scam.

In September, Peiter Zatko, the former head of security at Twitter, nicknamed "Mudge", told the Senate Judiciary Committee that the company had poor security practices. He said Twitter's leadership "ignored the company's engineers", in part because "the company's administrative incentives led them to put profit above safety".

Although rare, there are also cases in which corporate executives bear personal responsibility for security vulnerabilities. Joe Sullivan, the former head of Uber security, was found guilty in federal court in San Francisco after he tried to conceal the details of a hacker attack in 2016. Some of the charges against Sullivan relate to the fact that Uber was ordered by FTC to disclose the vulnerability, but he did not do so.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.