They favored their profit over your privacy
By Phil Mattera for the Dirt
Diggers Digest
There has never been much doubt that the tech giants do not take government regulation seriously, but it is helpful to get confirmation of that from inside the corporations. This is the import of a whistleblower complaint from the former security head of Twitter that has just become public.
Peiter Zatko
submitted a document to the SEC, the Justice Department and the Federal Trade
Commission accusing top company executives of violating the terms of a
2011 settlement with the FTC concerning the
failure to safeguard the personal information of users.
The agency had
alleged that “serious lapses in the company’s data security allowed hackers to
obtain unauthorized administrative control of Twitter, including both access to
non-public user information and tweets that consumers had designated as
private, and the ability to send out phony tweets from any account.”
Zatko’s
complaint, which will play into the company’s ongoing legal battle with Elon
Musk over his aborted takeover bid, alleges that Twitter did not try very hard
to comply with the FTC settlement and that it prioritized user growth over
reducing the number of bogus accounts.
These accusations are far from surprising. In fact, three months ago Twitter agreed to pay $150 million to resolve a case brought by the FTC and the Justice Department alleging that it was in breach of the 2011 settlement for having told users it was collecting their telephone numbers and email addresses for account-security purposes while failing to disclose that it also intended to use that information to help companies send targeted advertisements to consumers.
Since Zatko was
fired by Twitter in January, he is in no position to describe company behavior
since the most recent settlement. It is difficult to believe that the $150
million fine will be sufficient to get Twitter to become serious about data
protection.
Twitter is not
the only tech company with a checkered history in this area. In 2012 Facebook
and the FTC settled allegations that the company
deceived consumers by telling them they could keep their information private and
then repeatedly allowed it to be shared and made public. Facebook agreed to
change its practices.
As with Twitter,
it eventually became clear that Facebook was not completely living up to its
obligations. The FTC brought a new action, and in 2019 the company had to pay a
penalty of $5 billion for continuing to deceive
users about their ability to control the privacy of their data.
The settlement
also put more responsibility on the company’s board to make sure that privacy
protections are enforced, and it enhanced external oversight by an independent
third-party monitor.
Zatko’s
allegations may prompt the FTC to seek new penalties against Twitter that go
beyond the relatively mild sanctions in the settlement from earlier this year.
The bigger
question is whether regulators and lawmakers are willing to find new ways to
rein in a group of mega-corporations. The effort in Congress to enact new tech
industry antitrust measures seems to have fizzled out for now. Such initiatives
need to be revived. We cannot let an industry that plays such a substantial
role in modern life think it is above the law.