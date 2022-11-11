Twitter’s ongoing exodus includes the company’s chief privacy officer, Damien Kieran, and chief information security officer Lea Kissner, who tweeted Thursday that “I’ve made the hard decision to leave Twitter.”

Roth’s resignation is a “huge loss” for Twitter’s reliability and integrity, said his former coworker and friend Emily Horne.

“He’s worked incredibly hard under very challenging circumstances, including being personally targeted by some of the most vicious trolls who were active on the platform,” said Horne, who oversaw global policy communications at Twitter until 2018. “He stayed through all of that because he believed so deeply in the work his team was doing to promote a public conversation and improve the health of that conversation.”

Cybersecurity expert Alex Stamos, a former Facebook security chief, tweeted Thursday that there is a “serious risk of a breach with drastically reduced staff” that could also put Twitter at odds with a 2011 order from the Federal Trade Commission that required it to address serious data security lapses.

“Twitter made huge strides towards a more rational internal security model and backsliding will put them in trouble with the FTC” and other regulators in the U.S. and Europe, Stamos said.

The FTC said in a statement Thursday that it is “tracking recent developments at Twitter with deep concern.”

“No CEO or company is above the law, and companies must follow our consent decrees,” said the agency’s statement. “Our revised consent order gives us new tools to ensure compliance, and we are prepared to use them.”

The FTC would not say whether it was investigating Twitter for potential violations. If it were, it is empowered to demand documents and depose employees.

In an email to employees seen by the AP, Musk said “Twitter will do whatever it takes to adhere to both the letter and spirit of the FTC consent decree.”

“Anything you read to the contrary is absolutely false. The same goes for any other government regulatory matters where Twitter operates,” Musk wrote.

Twitter paid a $150 million penalty in May for violating the 2011 consent order and its updated version established new procedures requiring the company to implement an enhanced privacy protection program as well as beefing up info security.

Those new procedures include an exhaustive list of disclosures Twitter must make to the FTC when introducing new products and services — particularly when they affect personal data collected on users.

Musk is fundamentally overhauling the platform’s offerings and it’s not known if he is telling the FTC about it. Twitter, which gutted its communications department, didn’t respond to a request for comment Thursday.

Musk has a history of tangling with regulators. “I do not respect the SEC,” Musk declared in a 2018 tweet.

The Securities and Exchange Commission recently examined for possible tardiness his disclosures to the agency of his purchases of Twitter stock to amass a major stake. In 2018, Musk and Tesla each agreed to pay $20 million in fines over Musk’s allegedly misleading tweets saying he’d secured the funding to take the electric car maker private for $420 a share. Musk has fought the SEC in court over compliance with the agreement.

The consequences for not meeting FTC’s requirements can be severe — such as when Facebook had to pay $5 billion for privacy violations.

“If Twitter so much as sneezes, it has to do a privacy review beforehand,” tweeted Riana Pfefferkorn, a Stanford University researcher who said she previously provided Twitter outside legal counsel. “There are periodic outside audits, and the FTC can monitor compliance.”

—-

AP reporters Frank Bajak and Marcy Gordon contributed to this report.