By Jessica Corbett

Common Dreams

May 7, 2024

The Groundwork Collaborative's leader also said that "the Department of Justice should criminally prosecute Scott Sheffield," the former Pioneer CEO whom the FTC blocked from joining ExxonMobil's board.

Groundwork Collaborative executive director Lindsay Owens on Tuesday responded to U.S. government allegations of fossil fuel industry price fixing with calls for federal prosecution and congressional action to return money to the American public.

"Americans have been working harder and harder to cover rising energy costs, with the understanding that supply chain snags and geopolitical forces were keeping prices high," Owens said. "Now the Federal Trade Commission has uncovered the real source behind the price at the pump: collusion."

"The Department of Justice should criminally prosecute Scott Sheffield and Congress should tax back the industry's windfall profits and issue every American a refund," she added, referring to Pioneer Natural Resources' founder and longtime CEO.

Owens' statement came after members of the Federal Trade Commission (FTC) declined to contest ExxonMobil's controversial $64.5 billion acquisition of Pioneer—which was completed Friday—but approved a consent order barring Sheffield from serving on Exxon's board of directors or as an adviser to the fossil fuel giant.

"This complaint is a wake-up call about the dangerous consolidation of Big Oil's economic and political power."

The FTC voted 3-2 to accept the order and place related documents on the record for public comment. Citing communications including in-person meetings, public statements, text messages, and WhatsApp conversations, a commission complaint accuses Sheffield of trying to collude with the representatives of the Organization of Petroleum Exporting Countries (OPEC) and OPEC+.

"Mr. Sheffield's past conduct makes it crystal clear that he should be nowhere near Exxon's boardroom. American consumers shouldn't pay unfair prices at the pump simply to pad a corporate executive's pocketbook," said Kyle Mach, deputy director of the FTC's Bureau of Competition. "The FTC will remain vigilant in its enforcement efforts to protect competition in these vital markets."

Pioneer toldFortune that the company and its founder "believe that the FTC's complaint reflects a fundamental misunderstanding of the U.S. and global oil markets and misreads the nature and intent of Mr. Sheffield's actions," but neither party would take "any steps to prevent the merger from closing."

ExxonMobil "learned of the FTC's allegations regarding Sheffield from the agency and said in a statement that they are 'entirely inconsistent with how we do business,'" according to Fortune. "Exxon has agreed to the terms of the consent decree," which also "prohibits the oil giant from appointing any Pioneer employee or director to its board for five years."

Still, since the FTC's allegations were initially reported by The Wall Street Journal last week and then confirmed with the complaint's release, demands for additional action by the U.S. Department of Justice (DOJ) and Congress have mounted.

Cassidy DiPaola, Fossil Free Media's director of communications, on Monday called the complaint "explosive" and said that Democrats "must respond with bold action to hold this rogue industry accountable," including:

Aggressive congressional and DOJ investigations into the full extent of Big Oil's price fixing;

A windfall profits tax to claw back ill-gotten gains; and

End taxpayer subsidies for oil and gas.

"But accountability is just the first step. This complaint is a wake-up call about the dangerous consolidation of Big Oil's economic and political power. We can't let them use megamergers to entrench their control and crush clean energy competition," she stressed. "Ultimately, this is about the future we choose: One where we remain at the mercy of Big Oil's greed and destruction, or one where clean, democratically controlled energy powers our communities. It's time to make the right choice."

In response to the Journal's reporting, Tyson Slocum, director of Public Citizen's Energy Program, similarly said that "Congress must immediately hold hearings on Big Oil's alleged collusion with OPEC to raise gasoline prices for Americans."

"Congress must not only investigate Pioneer's alleged role in conspiring with OPEC, but whether there existed a broader conspiracy by U.S. oil companies to collude with OPEC nations," he argued. "Big Oil must be held accountable for any conspiracy by or among American oil companies and OPEC members."

The reporting was notably published on the same day as the U.S. Senate Budget Committee's hearing about a nearly three-year investigation into fossil fuel companies and trade groups' decadeslong "campaign of deception and distraction," which has evolved from denying the planet-heating impact of their products to pretending to be part of the solution to the climate emergency.

"The joint report and documents we discovered show how, time and again, the biggest oil and gas corporations say one thing for the purposes of public consumption but do something completely different to protect their profits," Rep. Jamie Raskin (D-Md.), the ranking member on the House Oversight Committee, testified during the hearing. "Company officials will admit the terrifying reality of their business model behind closed doors but say something entirely different, false, and soothing to the public."

The FTC just approved its first ever consent decree that considers Amazon review hijacking and manipulation deceptive marketing

Link to the FTC's latest press release

Before Google’s disastrous social network Google+ came the less remembered Google Buzz. Launched in 2010, Buzz survived less than two years. But its mishandling of people’s personal data motivated the first in a series of legal settlements that, though imperfect, are to this day the closest the US has come to establishing extensive rules for protecting privacy online.

When users set up a Buzz account, Google automatically created a friend network made up of people they email, horrifying some people by exposing private email addresses and secret relationships. Washington regulators felt compelled to act, but Google had not broken any national privacy law—the US didn’t have one.

The Federal Trade Commission improvised. In 2011 Google reached a 20-year legal settlement dubbed a consent decree with the agency for allegedly misleading users with its policies and settings. The decree created a sweeping privacy standard for just one tech company, requiring Google through 2031 to maintain a “comprehensive privacy program” and allow external assessments of its practices. The next year, the FTC signed Facebook onto a near-identical consent decree, settling allegations that the company now known as Meta had broken its own privacy promises to users.

WIRED interviews with 20 current and former employees of Meta and Google who worked on privacy initiatives show that internal reviews forced by consent decrees have sometimes blocked unnecessary harvesting and access of users’ data. But current and former privacy workers, from low-level staff to top executives, increasingly view the agreements as outdated and inadequate. Their hope is that US lawmakers engineer a solution that helps authorities keep pace with advances in technology and constrain the behavior of far more companies.

Congress does not look likely to act soon, leaving the privacy of hundreds of millions of people who entrust personal data to Google and Meta backstopped by the two consent decrees, static barriers of last resort serving into an ever-dynamic era of big tech dominance they were never designed to contain. The FTC is undertaking an ambitious effort to modernize its deal with Meta, but appeals by the company could drag the process out for years and kill the prospect of future decrees.

While Meta, Google, and a handful of other companies subject to consent decrees are bound by at least some rules, the majority of tech companies remain unfettered by any substantial federal rules to protect the data of all their users, including some serving more than a billion people globally, such as TikTok and Apple. Amazon entered its first agreement this year, and it covers just its Alexa virtual assistant after allegations that the service infringed on children’s privacy.

Joseph Jerome, who left privacy advocacy to work on Meta’s augmented reality data policies for two years before being laid off in May, says he grew to appreciate how consent decrees force companies to work on privacy. They add “checks and balances,” he says. But without clear privacy protection rules from lawmakers that bind every company, the limited scope of consent decrees allows too many problematic decisions to be made, Jerome says. They end up providing a false sense of security to users who might think they have more bite than they really do. “They certainly haven't fixed the privacy problem,” he says.

The FTC has sometimes strengthened consent decrees after privacy lapses. In the wake of Facebook’s Cambridge Analytica data-sharing scandal, in 2020 the agency agreed to stepped-up restrictions on the company and extended Meta’s original consent decree by about a decade, to 2040. In May this year, the FTC accused Meta of failing to cut off outside developer access to user data and protect children from strangers in Messenger Kids. As a remedy, the agency wants one of its judges to impose the most drastic restrictions ever sought in a privacy decree, spooking the broader business community. Meta is fighting the proposal, calling it an “obvious power grab” by an “illegitimate decision maker.”

There is more agreement between FTC officials, Meta, Google, and the wider tech industry that a federal privacy law is overdue. Proposals raised and debated by members of Congress would set a standard all companies have to follow, similar to US state and European Union privacy laws, with new rights for users and costly penalties for violators. “Consent decrees pale in comparison,” says Michel Protti, Meta’s chief privacy officer for product.

Some key lawmakers are on board. “The single best way to increase compliance for different business models and practices is by Congress enacting a comprehensive statute that establishes a clear set of rules for collecting, processing, and transferring Americans' personal information,” says Republican Cathy McMorris Rodgers, the chair of the House committee that has studied potential legislation for years. Until she can rally enough fellow legislators, the privacy of every American on the internet is reliant on the few safeguards offered by consent decrees.

Innocence Lost

At the time Buzz launched in 2010, Google fostered a companywide culture of freewheeling experimentation in which just a couple of employees felt they could launch ideas to the world with few precautions, according to four workers who were there during that time. The search company’s idealistic founders Larry Page and Sergey Brin closely oversaw product decisions, and head count was one-eighth of the nearly 190,000 it is today. Many of the employees “were in a utopia of trying to make information accessible and free,” says Giles Douglas, who started at Google in 2005 as software engineer and left in 2019 as head of privacy review engineering.

During the earlier era, some former employees recall privacy practices as informal, with no dedicated team. Company spokesperson Matt Bryant says it’s not true that reviews were looser before, but both sides acknowledge that it wasn’t until the FTC settlement that Google started documenting its deliberations over privacy hazards and making a clear commitment to addressing them. “The Buzz decree forced Google to think more critically,” Douglas says.

The settlement required Google to be upfront with people about the collection and use of personal data, including names, phone numbers, and addresses. The former employees, some speaking on condition of anonymity to discuss confidential practices, say Google established a central privacy team for the first time. The company learned early that the FTC’s new invention had sting. It paid $22.5 million, then the agency’s highest-ever penalty, to settle a 2012 charge that Google had violated the Buzz agreement by overriding a cookie-blocking feature on Apple’s Safari browser to track people and serve targeted ads.

Google now has an extensive bureaucracy dedicated to privacy. Its central team has hundreds of employees who oversee privacy policies and procedures, three people who worked with the unit say, like the company’s public privacy principles that promise people control over use of their data. A web of hundreds of privacy experts scattered across Google’s many divisions reviews every product launch, from a minor tweak to the debut of an entirely new service like the AI chatbot Bard to a marketing survey sent to less than a thousand people.

Though a public agency forced many of those changes, there is diminishing transparency about how Google’s consent decree operates. The agreement requires an outside consulting firm such as EY (commonly known as Ernst & Young) to certify in an FTC filing every two years that Google’s guardrails are reasonable. Yet public copies of the filings have been increasingly redacted by the agency to protect company “trade secrets,” preventing any insight into the results of the assessments or the recent evolution of Google’s safeguards. Google’s Bryant says the assessments have led to program improvements, process discipline, and well-informed feedback but declines to provide details.

Unredacted segments of older filings show that Google’s compliance with the FTC has involved measures such as training employees on best practices, expanding data-related user settings, and, most importantly in the view of former employees, analyzing the implications of everything the company releases into the world.

Inside Google today, the privacy and legal review is the only step that a team cannot remove or mark as optional in the company’s main internal tracking system for project launches, commonly referred to as Ariane, the former employees say—unlike for security assessments or quality assurance. And only someone from Google’s privacy team can mark the privacy review as completed, the people say.

Reviewers must pore through an internal management tool known as Eldar to compare product code and documentation against company guidelines about uses and storage of data. With tens of thousands or more product launches annually, many updates Google considers “privacy non-impacting” or “privacy trivial” get only a cursory examination, former employees say, and Google is trying to automate triaging of the most important reviews.

Privacy reviewers have considerable power to shape Google’s products and business, according to five people who formerly held the role. One of their most common actions is to block projects from retaining user data indefinitely without any justification beside “because we can,” the sources say. More exhaustive reviews, according to the sources, have prevented YouTube from displaying viewing statistics that threatened to reveal the identities of viewers from vulnerable populations, and required workers involved in developing Google Assistant to justify every time they play back users’ audio conversations with the chatbot.

Entire acquisitions have died at the hands of Google’s privacy reviewers, former employees say. The company evaluates the privacy risks of potential targets such as data retained unnecessarily or collected without permission, and sometimes commissions independent assessments of software code. If the privacy risks are too high, Google has canceled purchases, sources say, and efforts are underway to apply a similar process to divestitures and strategic investments.

For some Google employees, the changes demanded by privacy reviewers can be frustrating, the former reviewers say, delaying projects or limiting improvements. After a review restricted access to location data on users of Google Assistant, engineers struggled to assess the technology, one former employee involved says. For instance, they could no longer be sure whether the virtual helper’s responses to queries involving ambiguous street names, like Brown or Browne, were accurate.

Proponents of consent decrees say the roadblocks and dead ends show the settlements working as intended. “Google and its users are better off for the decree,” says Al Gidari, an attorney who handled the FTC’s Buzz deal for Google. “One might say but for it, nothing would be left of our privacy.”

For some of the Google sources and privacy experts more critical of the decrees, the sprawling compliance apparatus Google developed over the past decade is privacy theater—activity that fulfills the FTC’s demands without providing public proof that people who use its services are better off. Some former employees say that while staffing and funds for the consent decree’s “comprehensive privacy program” have ramped up, more technical projects that would give people greater protection or transparency have withered.

For instance, the Google Dashboard, which shows the type of data people have stored with different services, like the total number of emails in their Gmail account, has gotten little investment as engineers have had to focus elsewhere, two former company privacy managers say. A privacy-focused “red team,” distinct from a similar squad for cybersecurity issues, that has snuffed out unintended over-collection of data and inadequate anonymization in services available to users is still staffed by just a handful of employees, three sources claim.

New Threats

Meta’s privacy scandals show the limited power of consent decrees to encourage good behavior. The company signed its first agreement with the FTC in 2012 after disclosing some users’ friends’ lists and personal details to partner apps or the public without notice and consent. Like Google, the company pledged to establish a “comprehensive privacy program.” But it took a different tack to Google and didn’t have sufficient staff and tools to review everything it does today, says Protti, the product-focused chief privacy officer. The decree-mandated assessments didn’t catch the shortcomings.

In 2018, through media reports it became clear that Facebook for years allowed partner apps to misuse personal information. Personal data such as users’ interests and friends got into the hands of election consultancies such as Cambridge Analytica, which attempted to create psychological profiles marketed to political campaigns. Facebook re-settled with the FTC and agreed to a $5 billion penalty in 2020. The updated consent decree imposed firm new requirements, including making privacy central to the work of many more employees, tightening security around personal data, and limiting the company’s use of sensitive technologies such as facial recognition. Meta has spent $5.5 billion to comply with the revised deal, including growing staff focused on privacy to 3,000 people from hundreds, representing “a step change for the company in terms of the importance, the investment, the prioritization of privacy,” Protti says.

Meta is now required to conduct a privacy review of every launch that affects user data, conducting more than 1,200 each month and deploying automation and audits to increase their consistency and rigor while ensuring orders are followed post-launch, Protti says.

Each unit of the company has to certify internally on a quarterly basis how it's protecting users’ data. After the $5 billion fine, people don’t take these certifications lightly, the former employees say. New hires have to review and agree to the consent decree before they can even get to work. Failing to complete regular privacy training locks employees out of corporate systems indefinitely, employees say. “I don't think you will find an employee that doesn't believe that privacy is absolutely mission critical for Meta,” Protti says.

The FTC contends that Meta has failed on that mission. In May, the agency alleged that Meta misled its users about the meaning of privacy settings on the Messenger Kids chat app and failed to block its business partners’ access to Facebook data as quickly as promised. The FTC wants to ban Meta from profiting off the data of people under 18 years old and require it to apply privacy commitments to companies it acquires, so no unit escapes scrutiny. Protti says the accusations and demands are unfounded.

No matter the outcome, the legal battle could be the breaking point for consent decrees.

FTC chair Lina Khan has made taking on big tech a priority, and if she wins the case the agency may feel emboldened to pursue more consent decrees and to successively tighten them to keep companies in line. But an FTC win could also weaken decrees by making companies more likely to take the chance of going to court instead of signing an agreement that could later be unilaterally revised, says Maureen Ohlhausen, an FTC commissioner from 2012 to 2018 and now a section chair at the law firm Baker Botts who has represented Meta and Google in other matters. “That changes the calculus of whether to enter a settlement,” she says.

If Meta stops the FTC’s updates to the consent decree, it might encourage other companies to try to fight the agency instead of settling. Either result in the Meta case will likely increase the pressure on US lawmakers to establish universal restrictions and precisely define the agency’s power. In the process, they could empower Americans for the first time with rights beyond the consent decrees, like to delete, transfer, and block sales of personal data held by internet giants.

Jan Schakowsky, a Democratic representative from Illinois in the congressional talks, says though the FTC has forced reform at “formerly lawless companies” through consent decrees, “a comprehensive privacy law is needed to improve Americans’ privacy across the internet and from new types of threats.” Even so, there are no clear signs that years of inaction in Congress on privacy are set to end, despite vocal support from companies including Meta and Google for a law that would not only cover their competitors but also prevent a patchwork of potentially conflicting state privacy rules.

The FTC agrees that a federal privacy law is long overdue, even as it tries to make consent decrees more powerful. Samuel Levine, director of the FTC's Bureau of Consumer Protection, says that successive privacy settlements over the years have become more limiting and more specific to account for the growing, near-constant surveillance of Americans by the technology around them. And the FTC is making every effort to enforce the settlements to the letter, Levine says. “But it's no substitute for legislation," he says. "There are massive amounts of data collected on people not just from these biggest tech companies but from companies not under any consent decree.”

Elon-Twitter has been flagrantly ignoring the FTC consent decree. The FTC has already opened an investigation. Current and former employees have talked openly about the regulatory exposure he has created. One of his former lawyers basically shouted warnings on the company Slack, encouraging people to seek whistleblower protection.

How long does Twitter have left?

if we successfully complete the Ritual (Sans beating Reigen again), what are you hoping happens?

i'm hoping the FTC announces charges against Elon for violating the consent decree

A perfect storm could take out Twitter in 2023

The rumors of @apple & @google banning Twitter on the @AppStore & @googleplay, respectively, are growing louder.

Twitter would get crushed if this happens.

Elon is also facing a hostile FTC meeting in January.

“This is one of those cases where, if there’s an additional order, there will be personal responsibility for Musk,” Vladeck says. “His neck may be on the chopping block if there’s another consent decree, and there may be personal responsibility for other significant people within the organization.”

The FTC’s treatment of Facebook helps illustrate the danger to Musk and Twitter. In 2019, following a complaint alleging violation of a 2012 order, the agency hit the company with a record $5 billion in fines, and named CEO Mark Zuckerberg personally responsible for compliance and certification of documents under penalty of perjury. Heavy fines could be a major problem for Twitter, which, as part of Elon Musk’s takeover, was loaded with debt.

Also there is the EU issue as well.

Twitter has disbanded its entire Brussels office, according to media reports, raising questions about the social media company’s compliance with new EU laws to control big tech.

I am trying to do everything in my power to prepare for the worst-case scenario—Twitter being crushed by a perfect storm.

Twitter could barely handle a political/legal war with the United States 🇺🇸 or European Union 🇪🇺. But having to battle both plus Apple & Google will result in Twitter becoming 8chan.

Musk, the world’s richest person and the new head of Twitter, responded a few days later on the platform. He ironically asked if the ease with which the columnist could impersonate Markey was because his “real account sounds like a parody.”

Markey responded soon after.

“One of your companies is under an FTC consent decree. Auto safety watchdog NHTSA is investigating another for killing people. And you’re spending your time picking fights online. Fix your companies. Or Congress will,” he wrote on Twitter. 

Musk’s lawyer tells Twitter staff they won’t be liable if the company violates the FTC consent decree

Following a warning shot from the FTC to Twitter yesterday, TechCrunch has obtained an internal email sent by Elon Musk’s lawyer, Alex Spiro, to all remaining employees — in which he seeks to calm staffers’ concerns by claiming that they do not have individual liability for upholding the requirements of the FTC consent decree.

We’ve reproduced the full text of the email (sic) below — which was sent by Spiro to Twitter staff at 5:21PM, November 10:

Elon – questions have arisen today regarding the consent decree in effect at the time you took over the company.

We have our first upcoming compliance check with the ftc since taking over and we will handle it.

The only party to the decree is Twitter- not individuals who work at Twitter. It is Twitter itself (not individual employees) who is a party and therefore only Twitter the company could be liable.

I understand that there have been employees at Twitter who do not even work on the ftc matter commenting that they could to to jail if we were not in compliance- that is simply not how this works. It is the company’s obligation. It is the company’a burden. It is the company’s liability.

We spoke to the FTC today about our continuing obligations and have a constructive ongoing dialogue.

We will of course remain in compliance with the consent decree and the legal department is handling it and happy to answer any questions

Thanks

Alex

The 2011 consent decree required Twitter to establish and maintain a program to ensure and regularly report that its new features do not further misrepresent “the extent to which it maintains and protects the security, privacy, confidentiality, or integrity of any nonpublic consumer information.”

In a note (first reported by The Verge) posted in Twitter’s internal slack and visible to all employees, a departing internal attorney said that in fact, individual engineers do engender “personal, professional and legal risk,” seemingly in contradiction to what Spiro sent in the above email.

On Thursday, key Twitter executives including the company’s Head of Trust and Safety Yoel Roth, as well as its Chief Information Security Officer Lea Kissner, Chief Compliance Officer Marianne Fogarty, and Chief Privacy Officer Damien Kieran all abruptly departed the company. The FTC noted that they are watching with “deep concern” the ongoing situation at Twitter in light of the consent decree.

The FTC fined Twitter $150 million earlier this year after finding a breach of the settlement related to user data provided for security purposes being used for ad targeting.

We’ve reached out to the FTC for clarification regarding the consent decree and individual employee liability and will update you if we receive more information.

Credit: techcrunch.com

"… fucking with the FTC doesn’t end well for anyone."

Musk's Twitter takeover is going just great.

Musk’s new legal department is now asking engineers to “self-certify” compliance with FTC rules and other privacy laws, according to the lawyer’s note and another employee familiar with the matter, who requested anonymity to speak without the company’s permission. Anyone working in Twitter needs to know that “self-certifying” something that violates the FTC’s consent decree may be tied to a prison sentence and huge fines.

The argument in this tweet is that FTC should go after Musk if there are slam dunk violations of a consent decree for twitter.

Elon Musk is putting Twitter at risk of billions in fines, warns company lawyer

Meanwhile, Musk’s personal lawyer is telling people, ‘Elon puts rockets into space, he’s not afraid of the FTC.’

By Alex Heath / Updated Nov 10, 2022, 11:52 AM EST

Twitter’s privacy and security teams are in turmoil after Elon Musk’s changes to the service bypassed its standard data governance processes. Now, a company lawyer is encouraging employees to seek whistleblower protection “if you feel uncomfortable about anything you’re being asked to do.”

The company’s chief privacy officer Damien Kieran, chief information security officer Lea Kissner, and chief compliance officer Marianne Fogarty have all resigned, according to two employees and an internal message seen by The Verge. Kissner confirmed their departure in a tweet on Thursday.

In a note posted to Twitter’s Slack and viewable to all staff that was obtained by The Verge, an attorney on the company’s privacy team wrote, “Elon has shown that his only priority with Twitter users is how to monetize them. I do not believe he cares about the human rights activists. the dissidents, our users in un-monetizable regions, and all the other users who have made Twitter the global town square you have all spent so long building, and we all love.”

The FTC reached a settlement with Twitter in May after the company was caught using personal user info to target ads. If Twitter doesn’t comply with that agreement, the FTC can issue fines reaching into the billions of dollars, according to the lawyer’s note to employees.

The note goes on to say that its author, who The Verge knows the identity of but is choosing not to disclose, has “heard Alex Spiro (current head of Legal) say that Elon is willing to take on a huge amount of risk in relation to this company and its users, because ‘Elon puts rockets into space, he’s not afraid of the FTC.’”

Musk’s new legal department is now asking engineers to “self-certify” compliance with FTC rules and other privacy laws, according to the lawyer’s note and another employee familiar with the matter, who requested anonymity to speak without the company’s permission.

The employee said this week’s launch of the revamped Twitter Blue subscription disregarded the company’s normal privacy and security review, with a “red team” reviewing potential risks the night before the launch. “The people normally tasked with this stuff were given little notice, little time, and unreasonable to think it [the privacy review] was comprehensive.” None of the red team’s recommendations were implemented before Twitter Blue’s relaunch, the employee said.

Musk has signaled that one of his first priorities is rebuilding Twitter’s infrastructure. During a Twitter Spaces audio conversation with advertisers on Wednesday, he said that he wanted to redo the company’s software stack so that the same technology is powering the relevance of tweets and ads. “We have to be adventuresome here,” he said.

In a statement shared with The Verge after this story was published, an unnamed FTC spokesperson said the agency was “tracking recent developments at Twitter with deep concern. No CEO or company is above the law, and companies must follow our consent decrees. Our revised consent order gives us new tools to ensure compliance, and we are prepared to use them.”

Former Twitter outside counsel Riana Pfefferkorn noted in a tweet that the company’s FTC consent order requires the company to do privacy reviews before making changes to the product. That same FTC consent order requires Twitter to submit a compliance notice signed by predetermined officers of the company to the FTC 14 days after a change in company control — which means Twitter owes the FTC a compliance notice today, 14 days after Musk took over.

“I anticipate that all of you will be pressured by management into pushing out changes that will likely lead to major incidents,” the Twitter lawyer wrote in the Slack message, which you can read in full at the end of this article.

On Thursday evening, Musk sent an email to employees obtained by The Verge to address concerns about the FTC consent order. “I cannot emphasize enough that Twitter will do whatever it takes to adhere to both the letter and spirit of the FTC consent decree,” he wrote. “Anything you read to the contrary is absolutely false. The same goes for any other government regulatory matters where Twitter operates.”

Here is what the Twitter lawyer wrote in Twitter’s Slack:

Twitter is a remote-first workplace, and has operated as such for years. It is a fundamental change to our employment contracts to require a 40hr a week in-office requirement. I do not, personally, believe that Twitter employees have an obligation to return to office. Certainly not on no notice (if at all). I also remind all Tweeps (at least in the US) that we have an unlimited PTO policy. All Tweeps are able to take PTO. Perhaps today is a good day to take some rest and recharge. Everyone here should also know that our CISO, Chief Privacy Officer and Chief Compliance Officer ALL resigned last night. This news will be buried in the return-to-office drama. I believe that is intentional. Over the last two weeks. Elon has shown that he cares only about recouping the losses he’s incurring as a result of failing to get out of his binding obligation to buy Twitter. He chose to enter into that agreement! All of us are being put through this as a result of the choices he made. Elon has shown that his only priority with Twitter users is how to monetize them. I do not believe he cares about the human rights activists. the dissidents, our users in un-monetizable regions, and all the other users who have made Twitter the global town square you have all spent so long building, and we all love. I have heard Alex Spiro (current head of Legal) say that Elon is willing to take on a huge amount of risk in relation to this company and its users, because “Elon puts rockets into space, he’s not afraid of the FTC.” I have heard another leader in the Legal department say that because of the tight SLA’s (of two weeks?!) between product inception > launch, Legal will “have to shift the burden to engineers” to self-certify compliance with FTC requirements and other laws. This will put huge amount of personal, professional and legal risk onto engineers: I anticipate that all of you will be pressured by management into pushing out changes that will likely lead to major incidents. All of this is extremely dangerous for our users. Also, given that the FTC can (and will!) fine Twitter BILLIONS of dollars pursuant to the FTC Consent Order, extremely detrimental to Twitter’s longevity as a platform. Our users deserve so much better than this. If you feel uncomfortable about anything you’re being asked to do, you can call Twitter’s Ethics Hotline at (800) 275-4843 or submit a report at ethicshelpline.twitter.com. Please also note the FTC’s number is: 1-877-FTC-HELP. You may also remember that Mudge reached out to httos://whistlebloweraid.org I wish you all luck. It’s been such an honor to work with all of you. And I’ll be taking a day of PTO today. 🫡💙

The Verge reached out to Musk for comment. Twitter no longer has a communications department.

Makena Kelly contributed reporting for this story.

Update November 10th, 7:25PM ET: Added Thursday evening email from Musk.

Update November 10th, 11:50AM ET: Added the full Slack message from a Twitter lawyer, details about Musk’s comments to advertisers, more about the launch of Twitter Blue, and noted that Musk was contacted for comment.

Update November 10th, 2:28PM ET: Added more information about the FTC consent order Twitter is under and a comment from the agency.

Elon is attempting to cut costs and increase revenue. That’s a pretty standard way of turning a company around. There’s a lot of flailing out there about his decisions, but that seems like the basic logic behind them, no matter how boneheaded his first steps are. But he has money - and that gives him both choices and time.

He may even succeed in turning every twitter user into a source of profit, but he will fundamentally change the character of the platform. The more worrying thing is that if he is successful- it’s easy to see him going on a buying spree of other social media platforms that aren’t profitable (like Tumblr) to either shut down the competition or transform them in similar ways. He could change the entire landscape of worldwide communications, which seems obviously attractive to a billionaire and his dubious backers (Russians and Saudis).

On the other hand - his privacy, security, and advertising execs quit today. And apparently Twitter was already under a consent decree by the FTC around security and privacy violations- and they issued a statement today, around the blue check mark feature.

He’s also been selling Tesla stock, causing that to lose value(after saying he wouldn’t ) to fund his current Twitter misadventures, pissing off his fanboy investors, who lost money and are trying to game out ways to recoup it.

So he’s got a fair number of people pissed at him - but most of those will come around if he can show a profit. I think he hasn’t begun to see the real problem he’s going to face.

See…Elon has always run dream factories- what I call companies that attract people who have a larger goal and few opportunities for people to combine their dreams with a decent standard of living. Believe in climate change and want to make electric cars a reality? Originally, Tesla was your only choice.

Want to work in space flight, but not for the government? SpaceX is one of the few ways you could do that.

Elon was able to be downright abusive to his employees and they put up with it, because it was a trade off for work they wouldn’t get any other way.

But Twitter? Twitter is a whole other bag of cats. Twitter is just software. Mature software. Not even very interesting software. In an industry which, despite recent layoffs, is teeming with opportunities to build something new, something interesting, and something that could make money. People in the industry have choices. They can go elsewhere- and they will.

You think that the old Twitter board hasn’t already identified key architects and engineers and tried to poach them?

Of course they have.

And the other thing about software developers is that when they don’t want to do something, it can be remarkably hard to get them to do it in the time and fashion you want them to. Selective stupidity, footdragging, and malicious compliance can kill products and cost companies millions of dollars. I’ve seen it. I have a feeling that if anything kills Twitter it’ll be because the employees decide to make Elon’s takeover a Pyrrhic victory

WASHINGTON, Nov 17 (Reuters) - Seven Democratic senators sent a letter on Thursday to the Federal Trade Commission, warning that Twitter, now owned by Elon Musk, was acting in disregard of users and urging the agency to investigate any breach of a consent decree that the FTC inked with Twitter.

oh he's so fucked

Interviews with 20 current and former Meta and Google staff say FTC consent decrees blocked some user data harvesting, but they are now outdated and inadequate (Paresh Dave/Wired)

http://dlvr.it/T0PH3k