Musk's Twitter takeover raises more questions than answers about data privacy

Katie Wedell, USA TODAY

November 2, 2022 at 3:37 p.m.·9 min read

The $44 billion purchase of Twitter by the world's richest person, Elon Musk, has immediately launched speculation about the future of content moderation, hate speech and subscription models on the social media platform.

But users who hear Musk's plans for turning Twitter into an "everything app" have one concern top of mind – data privacy.

The company has a history of missteps when it comes to guarding user data

What's been exposed in past security breaches includes tweets, likes andemail addresses and phone numbers tied to Twitter user names, which aren't always someone's real name.

'FREED' BIRD: Day 1 of Elon Musk's Twitter and the social media platform's path forward

But if Twitter begins collecting more data, including payment info in order to charge users for services and offer commerce options, experts say the company will need to build up trust that it won't misplace or misuse that data.

"I think that the biggest jump here is if people are gonna trust Twitter enough to give them more data knowing that they've had missteps with the data that they have right now," said global data privacy expert and technologist Debbie Reynolds. "And if people like it enough to want to pay for things."

Privacy experts point to a few promising signs, including the fact that Musk has been critical of Twitter in the past for not using end-to-end encryption to protect direct messages.

"I think it's fair to say there's a lot of people who are looking very closely to see what's going to happen," said James Lee, COO of the non-profit Identity Theft Resource Center.

A history of Twitter's data privacy issues

Before Musk took over the company last week, Twitter had a trust problem, Reynolds said.

Earlier this year, Twitter was fined $150 million for misusing user data over a period of six years.

According to the Federal Trade Commission, Twitter prompted users to provide their telephone numbers and or email addresses for security purposes. Users were told the information would be used to enable multi-factor authentication to better secure who could log on to their accounts, as well as to help with account recovery.

In addition to using the phone numbers and email addresses for those purposes, Twitter also used the information to show people targeted ads, the FTC said.

"Just how persuasive was Twitter’s security pitch? During the time period covered by the complaint, more than 140 million users gave Twitter their email addresses or phone numbers for security purposes," the agency said in a release announcing the fine.

In July, a cybersecurity breach exposed the email addresses and phone numbers of 5.4 million Twitter profiles. At that time, Twitter recommended anyone trying to stay anonymous should not link a publicly known phone number or email to their Twitter account.

ZATKO: Twitter whistleblower brings critiques to Congress

"Historically there's been a number of concerns," Lee said. "A lot of them were focused on internal controls. Who has access within Twitter to the information about users?"

And after whistleblower Peiter Zatko filed a complaint exposing what he said was lax security that could make the company’s data vulnerable to foreign infiltration, he revealed more details about the level of access Twitter employees had to user data in testimony before the Senate Judiciary Committee in September.

“Thousands of Twitter employees can access user data they don’t need access to do their jobs. And if foreign assets work for Twitter, those foreign assets can also access the data,” he said during that testimony. “An employee could take over the accounts of all of the senators in this room.”

If that's accurate, Lee said it's a demonstration of poor cyber hygiene on Twitter's part.

"If you don't need to have access, you shouldn't have access," he said. "And even if you do need to have access, it needs to be strictly monitored and it needs to be ... only those pieces of data that you really need to do your job."

Given these missteps in the past, it could be a hard sell for Musk to begin asking users to turn over even more data, which Reynolds said seems likely given his profit goals.

"In order to make it more profitable to people who buy Twitter ads, they're going to have to collect more data about individuals," she said. "It remains to be seen if people trust Twitter enough to give them more information."

What personal data does Twitter collect?

Twitter doesn't collect as much personal identifiable information as other social media sites, Lee said, but that doesn't mean its data isn't valuable to criminals.

"The information they do have can be very valuable to cyber thieves and it can be very harmful to the individuals that their data gets out."

That includes the harm caused by revealing the identity of anonymous users, he said.

While many users only use the app to follow public figures, retweet and occasionally tweet thoughts of their own publicly, there are others for whom losing anonymity on the site could be dangerous, Lee said.

"There are people who rely on Twitter in journalism, in public policy and in other areas where you know if you want to do harm to those people, you can get a lot of information about them. And be able to advance that goal of either physically or you know virtually doing harm," he said.

WHISTLEBLOWER: Twitter negligent on cybersecurity

Twitter has made some strides in recent years to improve data privacy.

"They've added some new privacy controls ... now you can use an authenticator app, as opposed to the more traditional multi-factor authentication," Lee said. "That is far more secure. So they are doing some things to help people who want to lock down their accounts and protect their personal information."

Musk and others have criticized Twitter's lack of use of end-to-end encryption.

Twitter DMs should have end to end encryption like Signal, so no one can spy on or hack your messages
— Elon Musk (@elonmusk) April 28, 2022

That capability means communications like direct messages can only be seen by the sender and recipient, without employees of the platform being able to see.

Apps like Signal, WhatsApp, Telegram, Instagram and Facebook Messenger use this type of encryption either by default or if a user turns on the feature.

U.S. Sen. Ron Wyden, (D-OR) has been a vocal critic of Twitter's lack of privacy controls, tweeting on the day of the sale, "If the U.S. had a privacy law with teeth, or if Twitter encrypted DMs like I urged years ago, Americans wouldn’t be left wondering what today’s sale means for their private information. The protection of Americans’ privacy must be a condition of any sale."

What could change under Musk?

Musk appears to have grand ambitions for Twitter, tweeting in October, "Buying Twitter is an accelerant to creating X, the everything app."

He was referring to his vision of creating an app called X that combines messaging, video, payments and commerce among other functions.

Musk has also said he'll implement a monthly fee for people to keep their blue checkmark which signifies their account has been verified. Since Twitter has been completely free to users, this would be the first time the company would be collecting financial information like a bank account number.

Adding features and fees to the app will undoubtedly require users to share more data than what Twitter currently collects, Reynolds said. And that data will be valuable to advertisers who Musk wishes to court.

VERIFIED FOR A PRICE: Elon Musk says Twitter to start charging $8 per month for blue check mark verification

DID ELON MUSK FIRE EVERYONE AT TWITTER?: Ned Segal, Parag Agrawal get the ax. What to know

"Musk really wants to monetize. He really wants to use Twitter as a way to create more money for advertisers and more money from advertisers," she said.

Because of that, Reynolds said she doesn't see a scenario in which Musk would nefariously use data about, say, a competing electric vehicle company.

"He really wants to show that Twitter can be more of a revenue generator ... try to court people saying, 'Hey, come over to Twitter. We have a lot of data on people that we can share with you so that you can advertise'"

Lee said Musk's company Tesla is known for its strict approaches to cybersecurity, which could bode well for tools he could bring to Twitter.

"Because of what Tesla does and how they do it, they do have good expertise in cyber security. So the ability to draw on some of that experience and that talent will be helpful to Twitter," he said.

What security changes will Elon Musk's Twitter put in place?

It may not be obvious to outsiders if and when Twitter makes any changes to its security procedures, Lee said, because cybersecurity experts don't typically talk about their tools and policies publicly.

"If they undergo a process to improve, particularly again those internal controls to make sure that ... internal access is restricted in ways it hasn't been historically. That's a good start," Lee said. "And then we'll just have to see what happens with the rest of that in terms of other, more traditional privacy issues."

While it remains to be seen exactly what new Twitter will do in the data privacy space, Lee said there's one surefire way users can protect themselves from misuse of their data: "Just don't tweet it in the first place."

"At the end of the day, the real risk, the largest risk is what you're actually putting on those platforms," Lee said. "People tend to overshare and then they're surprised when somehow their information is compromised or misused."

Dropping Twitter doesn't delete data they've already collected on you, Lee said, but going through the steps to delete old tweets or lockdown your privacy settings can only help if you're concerned about misuse of your data.

"I'm not seeing people say oh like quit Twitter right now. They're just waiting and seeing what's gonna happen," Reynolds said. "This trust problem just doesn't go away just because you have a new owner."

In fact, given Musk's at times unpredictable behavior – including firing off Tweets that have landed him in trouble with the Securities and Exchange Commission – experts say they just cannot predict with any level of certainty what is to come for Twitter.

"We're just sitting on the edge of our seats to see what's gonna happen," Lee said.

Follow Katie Wedell on Twitter: @KatieWedell and Facebook: facebook.com/ByKatieWedell

This article originally appeared on USA TODAY: Twitter's history of data privacy missteps has caused a trust problem

Hello!
Rod Stewart, 79, rocked by shock divorce news: report
In a surprising turn of events Rod Stewart has received some shocking divorce news. See details.
HuffPost
Trump Throws 4th Of July Fit In 'Disgraceful' New Holiday Tantrum
Critics called out the former president for a bonkers Independence Day message that barely mentioned the holiday.
The Daily Beast
World’s Winningest Party Loses in Spectacular Style
LONDON—The Conservatives, the world’s winningest political party, were booted out of power in dramatic style on Thursday after 14 years of chaotic and divisive rule.The exit poll, which dropped at 10 p.m. local time (5 p.m. EDT), showed that the Labour Party had secured a landslide victory, ending an era of Conservative rule over Britain that stretches back to 2010; the year that the iPad and Instagram were launched and Lady Gaga wore that meat dress to the MTV music awards.In that time, the Con
The Daily Beast
Obama Privately Goes Shaky After Offering to Prop Up Biden
Former President Barack Obama has reportedly told allies that Joe Biden’s disastrous debate performance has made his bid to win back the White House even tougher than it had been previously.The Washington Post reports that Obama gave a harsher private assessment of Biden’s chances of re-election following the debate despite publicly trying to ease concerns by tweeting that “bad debates happen.”The outlet reported that Obama “spoke directly with Biden by phone after last Thursday’s debate to offe
HuffPost
Conservative Commentator Says Trump’s Post-Debate Move Is ‘Freaking A Lot Of People Out’
Former Fox News pundit Jonah Goldberg had CNN’s Jake Tapper laughing with his response.
BuzzFeed
"Oomf" Is The Newest Gen Z Affectionate Slang That's Taking Over The Internet — Here's What It Actually Means
This word doesn’t mean what you think.
Hello!
King Charles and Queen Camilla's portrait with Prince William and Prince Edward sparks questions from royal fans
The King and Queen were pictured alongside the Prince of Wales and the Duke of Edinburgh at the Thistle Service in Edinburgh during Royal Week
BuzzFeed
"I Was Heartbroken But Said I Would Think About It": This Man's Wife Suddenly Wants To Have An Open Marriage To Sleep With Other People, And The Internet Has A Lot Of Thoughts On It
"She said she needs to explore that part of her..."
Cover Media
Stormy Daniels believes it's 'not fair' she owes Donald Trump $600,000
The adult film star, who accused the former President of giving her hush money to keep quiet about their alleged sexual encounter now owes Trump $600,000 (£470,000) in legal costs after a defamation case she brought against him was dismissed. Last month in New York, Trump was criminally convicted for defaming another sexual assault accuser, E.Jean Carroll. The 45-year-old said on the Daily Mail's podcast, Everything I Know About Me, "How is it fair that I have better, more compelling evidence than E. Jean Carroll? And I'm glad she won. They continue to hand her money like it's f**king candy.”
HuffPost
‘Pile Of Crap’: Trump Rails Against Biden, Harris In Unhinged Rant Caught On Video
The former president ripped into his rivals in newly leaked footage.
CBC
A boy needed stitches after swimming in a man-made lake in Montreal. Did a fish attack him?
WARNING: This story contains graphic images of a leg injury.Last week, George Mandl, an American vacationing in Montreal, took his eight-year-old son Max to Parc Jean-Drapeau for a swim.It was a hot afternoon, and Max played on an inflatable structure anchored in the park's man-made lake.As his legs dangled in the blue-green darkness, he felt a stabbing pain. He screamed and, when lifeguards pulled him from the water, his leg was bleeding."It felt like a kind of electrical pain, like that pain w
BuzzFeed
Over 50% Of Hybrid Workers Admitted To Partaking In A New Controversial Office Trend, And This Is Why They're Defending It
If employees are expected to swipe into the office, chances are some people are doing this.
The Canadian Press
Irish prime minister 'appalled' by Canadian tourist's death after alleged assault
MONTREAL — Ireland's prime minister says he's "absolutely appalled" by an assault in the country's capital that resulted in the death of a tourist from Montreal. Simon Harris on Wednesday described Neno Dolmajian's death in Dublin as "reprehensible" and "horrific" and told parliament the death is now being investigated as a murder. "I'm absolutely appalled at the recent vicious attack in Dublin city centre which resulted in the death of a young man, Neno Dolmajian, and my thoughts are with his l
HuffPost
Kristi Noem’s Shot At Kamala Harris Backfires Immediately
The South Dakota governor, who once shot her puppy in a gravel pit, complained that the vice president isn’t relatable.
NextShark
74-year-old woman dies after being shoved in front of San Francisco train
Corazon Dandan died after being pushed into an oncoming BART train at San Francisco’s Powell Street Station at around 11 p.m on Monday night. The suspect, 49-year-old Trevor Belmont, also known as Hoak Taing, was arrested at the scene and booked into the San Francisco County Jail on suspicion of homicide and elder abuse. Dandan, who was Filipino American, was a dedicated telephone operator at the Westin St. Francis and other hotels.
People
How Much Do Dallas Cowboy Cheerleaders Make? A Breakdown of Salaries Mentioned in “America's Sweethearts”
Netflix's docuseries 'America's Sweethearts: Dallas Cowboys Cheerleaders' has sparked conversations about the salaries of NFL cheerleaders
BuzzFeed
This Viral Video Of A Teacher's Rant Right Before Officially Retiring Has Been Seen Over A Million Times — Here Are The Reasons Why She Can "No Longer Deal" In The Profession
"I can no longer deal with the 'new' type of parent and the 'new' type of child that is a product of the parent that I am trying to teach..."
Cosmo
Bikinis, sheer 'fits and hotel robes: Alix Earle nails the Italy holiday wardrobe
We have been loving the Instagram outfit pictures of Alix Earle's bikinis, crochet dresses and hotel robes complete with a hair towel from her holiday to Italy.
Hello!
Prince Harry's cousin Lady Amelia Windsor is a festival babe in retro bikini and flares
Lady Amelia Windsor modelled a tiny bikini top with bold festival flares as she partied with friends at Glastonbury - see photos.
People
Kansas City Chiefs CEO’s Daughter Gracie Hunt Celebrates Fourth of July in Patriotic Bikini: ‘Board Meeting in Session‘
Gracie — the eldest child of Chiefs owner Clark Hunt and Tavia Hunt — shared holiday photos of herself paddleboarding

A history of Twitter's data privacy issues

What personal data does Twitter collect?

What could change under Musk?

What security changes will Elon Musk's Twitter put in place?

Latest Stories