By Albert Fox Cahn
Elon Musk isn’t just buying Twitter, he’s buying every private tweet and direct message you’ve ever sent. He’s acquiring untold volumes of location data, IP addresses, and other metadata. And there are virtually no rules on how he can use it.
The acquisition could make the world’s wealthiest man into one of its most powerful—a titanic force built on wealth and millions of people’s personal data.
Not only will Twitter’s existing privacy policy cease to exist the moment the company is sold, it will be solely governed by the whims of one man—a 100 percent private company free from all the rules that apply to a publicly traded corporation.
That man, Musk, has shown himself to be a particularly erratic leader, with a string of high-profile lawsuits and settlements to prove it. He holds the distinction of being the only Fortune 500 CEO whose social media accounts are the subject of an SEC settlement, part of an agreement following Musk’s failed attempt to take the electric car firm Tesla private, when he falsely claimed (according to regulators) that “funding secured.” Musk has also faced an array of allegations ranging from falsely advertising self-driving car functionality on Teslas to enabling a culture of discrimination.
Twitter’s current and past management haven’t exactly been paragons of privacy advocacy, and while Musk hasn’t said much about the privacy impact of his acquisition, the Tesla boss tweeted this week: “Twitter DMs should have end to end encryption like Signal, so no one can spy on or hack your messages.”
The privacy-protective platform, Signal, is widely seen as the gold standard in secure messaging. Encryption for DMs would be a step forward, but there’s a long path from a promising tweet to a functioning encryption scheme. And while Musk’s encryption promises may have been a way to assuage growing privacy concerns, he failed to mention one thing: it won’t do anything to protect DMs sent in the past.
“End-to-end encryption” is frequently touted, but rarely understood. When properly implemented, the technology allows two or more people to communicate with each other using a secret encryption key that they, and only they have. But there’s a big problem with Elon’s one-tweet plan: new encryption won’t protect old messages.
If Twitter rolls out end-to-end encryption going forward, it will limit what data it can collect from us in the future, but it will leave Elon with almost unfettered access to, and control of, previous DMs. And even if Twitter were to deploy strong encryption, and that’s a big if, encryption is just one part of a broader set of data protections.
As Facebook and other firms have shown, even when the content of a message is encrypted, the company can still extract huge volumes of deeply invasive information on who is communicating, when, and where in the world they are. This metadata at times can be as sensitive as the content of the message itself, but it’s often completely unprotected by end-to-end encryption. And platforms like WhatsApp have an encryption workaround, so data that’s supposedly end-to-end encrypted one moment is forwarded to law enforcement the next.
Today, Twitter has huge warehouses of highly sensitive information about its hundreds of millions of users. And after the sale to Musk goes through, every bit of that data will be at his disposal. While Twitter’s terms of service don’t allow Musk to resell your private conversations, he has the ability to access it almost whenever and however he wants. Even worse, none of Twitter’s current privacy terms will necessarily apply after it’s sold. If Musk wanted to start using old DMs to peek at the inner lives of the world’s most powerful people, he could do it. And if he wanted to start revealing private conversations to the world, there’d be few consequences.
But there would be consequences for those whose messages are now vulnerable, particularly those in authoritarian regimes. “Twitter for the past decade has been a refuge of sorts for those who can’t bear the censorship on China’s social media,” said Yaqiu Wang, Senior China Researcher at Human Rights Watch. “Twitter is a place Chinese human rights activists trusted that wouldn’t hand in their information to the Chinese government,” but Wang says activists fear how Twitter could be impacted by Musk’s “vast business interests in China,” especially given what she describes as a history of “businesses groveling in front of Beijing in exchange for accessing the China market.”
The sad reality is that tech CEOs long abused their access to our supposedly private information, part of what has driven so many of us to demand safeguards like end-to-end encryption.
But Musk won’t only have more legal power to abuse access, he seems unconstrained by one of the biggest constraints on social media titans today: Shame.
Musk has built a following not just through his billions, but his brazenness, and seemingly reflexive contrarianism. And whether it’s his notorious episodes with Joe Rogan (where he waxed poetically about flying cars while smoking marijuana and operating a flame thrower), unlawful tweets about Tesla financing, or the statements he’s made about Twitter acquisition itself, Musk makes clear that he cares little about how he's perceived.
We’ve seen this movie before, albeit on a larger scale: A man unconstrained by norms, wielding the power of his institution in once-unimaginable ways.
Of course, the dangers are far greater when the institution being misused is the presidency of the United States, but like Donald Trump, an erratic and unconstrained man newly endowed with extraordinary powers is cause for serious concern.
Social media platform governance is broken today, but I’m terrified we’ll soon look back at this moment as a comparative golden age. Social media CEOs, as bad as they are, follow some norms, share some desire for legitimacy. What happens when those norms crumble? I fear we may all soon find out.