Elon Musk’s Twitter Buy Exposes a Privacy Minefield
Elon Musk Secured an agreement on Monday to buy Twitter for about $44 billion and take the company private. In his initial comments about the move, Musk discussed a range of goals from “making the algorithms open source to increase trust” to addressing spambots and “authenticating all humans.” There isn’t more information available yet on how Musk will steer Twitter, but privacy and security proponents say that these initial comments paint a mixed picture of where the social media giant could be headed under its new leadership—and reveal the risks of trusting platforms to protect our private information.
Unlike Facebook and other platforms that have enforced “real name” policies, Twitter has largely allowed people to use pseudonyms or remain anonymous, an approach that could change under Musk. Additionally, Musk will soon be able to access all Twitter user data, including IP addresses and the content of direct messages. Twitter’s DMs are notably not end-to-end encrypted, meaning that they can be accessed by whoever controls the platform. Proponents of end-to-end encryption have long emphasized that the protection not only safeguards users’ data from prying eyes of all sorts, but puts the power with users for the long term, regardless of who owns the service when.
“Elon Musk is now literally the king of Twitter. There is nothing stopping him from accessing your direct messages or handing them over to a government—perhaps one in a country where Tesla is trying to do business,” says Evan Greer, deputy director of the digital rights group Fight for the Future. The Chinese government, for example, is notorious for policing both public discourse and private communications, demanding that tech companies retain records about the identities of their users even if people are allowed to post using a handle. As rival ultra-billionaire Jeff Bezos highlighted in a Monday tweet thread, one of Musk’s other companies, Tesla, has major business interests in China. Twitter, meanwhile, remains a thorn in Beijing’s side.
Like other tech giants, Twitter has spent years building out systems for reporting things like the number of government information requests it receives or legal demands to remove content. Musk has indicated that transparency will be a priority for him at Twitter, but it remains unknown which areas he wants to focus on and what his stance will be on issues like government requests for user data.
In general, digital rights advocates point out that open standards protect speech more effectively than closed ecosystems, because they allow multiple organizations to offer versions of an interoperable service that users can choose from. (Think about SMS and email as two examples of these types of services.) In practice, though, users have flocked to the relative simplicity and ease of use that platforms like Twitter offer. In recent years, the company even launched its own exploratory program, Project Blue Sky, to look at ways of opening Twitter up as an interoperable, standardized platform rather than a single, closed service.
When Musk talks about “authenticating all humans,” it’s possible he’s referring to a plan to reduce spambots by having users, say, fill out captchas before tweeting to prove that they’re human. It’s unclear how feasible a system like this would be, but in theory, privacy and security advocates say, this is a best-case scenario and could actually be useful. The worst-case scenario, though, is that Musk is advocating a situation in which Twitter would either collect information about each user to confirm internally that they are an individual person or, worse still, require that users only have Twitter accounts under their legal identity.