It’s not rocket science: Why Elon Musk’s Twitter takeover could be bad for privacy
Elon Musk has put an end to weeks of speculation with the announcement that Twitter has accepted his offer to buy the platform for $54.20 per share, valuing the social media platform at about $44 billion.
While Musk’s drawn-out pursuit of Twitter has come to an end, for him at least, the next chapter of Twitter's history and its hundreds of millions of users is just beginning.
The deal drew immediate fears that Musk, a self-styled "free speech absolutist," could turn back the dials on content moderation, potentially unraveling years of work that curbed the unfettered spread of hate speech and misinformation. But experts have been just as quick to warn of the potential privacy implications of the $44 billion buyout to take Twitter private, at a time that even employees are unclear about the company's future.
Per Musk's short 78-word statement, one of his many proposed plans for Twitter raising eyebrows in the industry is the open-sourcing of the platform's algorithmic code to make it publicly available. Musk claims this change — which Twitter has been mulling for some time — will help boost trust in the platform, which has for years faced an onslaught of false news and security incidents breaches, including one that saw hackers hijack high-profile Twitter profiles — including Musk's — to promote a cryptocurrency scam.
But cybersecurity experts fear that Musk’s open source vision for Twitter could make the platform more susceptible to attackers.
“The decision to open source this code likely means that it will be adopted by other social platforms, advertisers and others who are looking to hone their user targeting,” Jamie Moles, senior technical manager at security firm ExtraHop, told TechCrunch. “Of course, as with any widely adopted open source code, there are significant security implications. As we've seen with Log4Shell and Spring4Shell, vulnerabilities in widely used open source applications are exponentially more valuable. Making its code open source may increase transparency for Twitter users, but it may also make Twitter a much bigger target for attackers.”
Moles says that if done properly, Musk's plan to wage war on so-called spam bots, which have been used to spread malware and propagate political ideologies, could generate "new techniques that improve the detection and identification of spam emails, spam posts and other malicious intrusion attempts,” he added. “It may well be a boon to security practitioners everywhere."
Professor Eerke Boiten, head of the school of computer science and informatics at De Montfort University in the U.K., warned that open sourcing Twitter's algorithm could lead to malicious actors “gaming” the algorithm, which could see people treated differently based on their personal characteristics.
“Think, for example, of external manipulation of the targeted advertising aspects of Twitter, which is an area of concern for privacy even before it gets gamed,” said Boiten. “It would then also accelerate the arms race of new ways of gaming and finding countermeasures.”
Musk's short statement left much to the imagination. He did not say what his plans were for "authenticating all humans." Some read it as a plan to extend Twitter’s existing user verification system, or planning to introduce a real-name policy that would require users to provide documented evidence of their legal name. The digital rights group, the Electronic Frontier Foundation, voiced concerns that real-name policies have on the human rights value of pseudonymous speech, and that Musk may have not considered the ramifications that a lack of anonymity can have on certain groups of people.
“Pseudonymity and anonymity are essential to protecting users who may have opinions, identities, or interests that do not align with those in power,” the EFF said in a blog post. “For example, policies that require real names on Facebook have been used to push out Native Americans; people using traditional Irish, Indonesian, and Scottish names; Catholic clergy; transgender people; drag queens; and sex workers. Political dissidents may be in grave danger if those in power are able to discover their true identities.”
The EFF also voiced concern about the continued lack of end-to-end encryption for Twitter direct messages: “Fears that a new owner of the platform would be able to read those messages are not unfounded,” the EFF added.
Boiten, too, believes Musk’s pseudonymity crackdown would be the most concerning aspect of Musk’s takeover. “Anonymity is in many contexts a prerequisite for privacy. Once Twitter is known to have authenticated its users, oppressive governments can demand the authenticating information from them endangering a lot of current subversive use in such countries," he said. "I wonder how many anonymous Twitter accounts are currently run by Tesla employees — Elon Musk plays scrupulously by his own rules — so potential Tesla whistleblowers or unionizers wouldn’t be safe to get themselves authenticated on Twitter.”
In a tweet on Tuesday, Sen. Mark Warner, chair of the Senate Intelligence Committee, said Twitter has been "more forward-leaning than many of its competitors in its effort to tackle false, deceptive and manipulated content," and though he said the company has "significant room for improvement," Warner said he hopes that Musk will "work in good faith to keep these necessary reforms in place and prevent a backslide that is harmful to democracy."
For now, Musk's takeover bid for Twitter remains subject to shareholder and regulatory approval.