Top Twitter security officials quit


SAN FRANCISCO — Several top security and privacy executives resigned from Twitter on Thursday, citing the rapid rollout of new features without proper security reviews and Elon Musk’s order that employees return to the office.

Chief Information Security Officer Lea Kissner tweeted Thursday morning that she had made the “hard decision” to resign, and the company’s chief privacy officer and chief compliance officer also quit, according to screenshots of an employee’s internal Slack message shared with The Washington Post.

A current Twitter employee said several other members of the site’s privacy and security unit also had resigned.

The Federal Trade Commission, which reached a consent decree with Twitter in May, said it was “tracking the developments at Twitter with deep concern.”

“No CEO or company is above the law, and companies must follow our consent decrees,” said Douglas Farrar, the FTC’s director of public affairs. “Our revised consent order gives us new tools to ensure compliance, and we are prepared to use them.”

Twitter entered into the consent decree with the FTC after allegations that it deceptively used email and phone numbers it said it was collecting for security purposes to target users with advertising. The FTC alleged that this violated a 2011 consent decree it had reached with the company.

The new decree required Twitter to start enhanced privacy and security programs, which were to be audited by a third party. Under that program, Twitter is required to conduct a privacy assessment of any new products it launches.

Twitter to pay $150 million fine over deceptively collected data

The Slack message cited Twitter owner Musk’s return-to-office directive but also noted that the departures were different from other protest moves because the quick release of products and changes without effective security reviews was “extremely dangerous” for users.

It said engineers would have to take on the burden of certifying that the products complied with Federal Trade Commission agreements, putting them at substantial personal legal risk.

The message also posted a link to Whistleblower Aid, a law firm that represented former security head Peiter Zatko when he filed a complaint this year with the Securities and Exchange Commission and other officials citing alleged violations related to the FTC.

Other employees said they were taking paid time off Thursday as a demonstration of disapproval.

Kissner, who had been brought in by Zatko, was admired inside Twitter and seen as a crucial backstop amid the recent chaos.

“Twitter has had several major security incidents over the last several years due to poor internal controls and a permissive data architecture,” said Alex Stamos, a former head of data security at Facebook and Yahoo. “The team [assembled by] Dr. Kissner made serious strides to closing these flaws, as Twitter is required to do by FTC consent decree.”

Zakrzewski reported from Washington, DC

This is a developing story. Check back for updates.

Leave a Comment

Your email address will not be published.