The FTC wants to make sure no one will be able to falsify Tweets from
the president offering free gas or commandeer Fox News Channel's feed
in the Twittersphere.
In its first complaint against a social
networking platform, the Federal Trade Commission Thursday says it has
secured an agreement with microblogging service Twitter that it will not
mislead consumers about the extent to which it protects personal
information and will take steps to better protect that information. The
FTC issues a complaint when it believes a company or individual is
breaking the law.
The FTC had charged Twitter with a "serious
lapse" in data security that allowed hackers to effectively take
"administrative control" of Twitter, including to private Tweets.
"When
a company promises consumers that their personal information is secure,
it must live up to that promise," said David Vladeck, Director of the
FTC's Bureau of Consumer Protection, in announcing the settlement.
"Likewise, a company that allows consumers to designate their
information as private must use reasonable security to uphold such
designations. Consumers who use social networking sites may choose to
share some information with others, but they still have a right to
expect that their personal information will be kept private and secure."
According to the FTC, between January and May 2009, those hackers
were able to "view nonpublic user information, gain access to direct
messages and protected tweets, and reset any user's password and send
authorized tweets from any user account."
According to the
commission, "one tweet was sent from the account of then-President-elect
Barack Obama, offering his more than 150,000 followers a chance to win
$500 in free gasoline. At least one other phony tweet was sent from the
account of Fox News."
Those breaches, said the FTC, were because
Twitter did not require employees to use hard-to-guess passwords; had
not prohibited employees from storing passwords in plain text in
personal e-mail accounts; did not disable passwords after a reasonable
number of failed attempts; did not restrict access to administrative
controls, and more.
Under the settlement, Twitter is barred for
20 years "from misleading consumers about the extent to which it
maintains and protects the security, privacy, and confidentiality of
nonpublic consumer information, including the measures it takes to
prevent authorized access to information and honor the privacy choices
made by consumers." It must also "establish and maintain a comprehensive
information security program."
A third party, not yet
identified, will get to assess that security program biennially for the
next 10 years.
The commission vote to accept the settlement was
5-0.
The FTC wants to make sure no one will be able to falsify Tweets from the president offering free gas or commandeer Fox News Channel's feed in the Twittersphere.
In its first complaint against a social networking platform, the Federal Trade Commission Thursday says it has secured an agreement with microblogging service Twitter that it will not mislead consumers about the extent to which it protects personal information and will take steps to better protect that information. The FTC issues a complaint when it believes a company or individual is breaking the law.
The FTC had charged Twitter with a "serious lapse" in data security that allowed hackers to effectively take "administrative control" of Twitter, including to private Tweets.
"When a company promises consumers that their personal information is secure, it must live up to that promise," said David Vladeck, Director of the FTC's Bureau of Consumer Protection, in announcing the settlement. "Likewise, a company that allows consumers to designate their information as private must use reasonable security to uphold such designations. Consumers who use social networking sites may choose to share some information with others, but they still have a right to expect that their personal information will be kept private and secure."
According to the FTC, between January and May 2009, those hackers were able to "view nonpublic user information, gain access to direct messages and protected tweets, and reset any user's password and send authorized tweets from any user account."
According to the commission, "one tweet was sent from the account of then-President-elect Barack Obama, offering his more than 150,000 followers a chance to win $500 in free gasoline. At least one other phony tweet was sent from the account of Fox News."
Those breaches, said the FTC, were because Twitter did not require employees to use hard-to-guess passwords; had not prohibited employees from storing passwords in plain text in personal e-mail accounts; did not disable passwords after a reasonable number of failed attempts; did not restrict access to administrative controls, and more.
Under the settlement, Twitter is barred for 20 years "from misleading consumers about the extent to which it maintains and protects the security, privacy, and confidentiality of nonpublic consumer information, including the measures it takes to prevent authorized access to information and honor the privacy choices made by consumers." It must also "establish and maintain a comprehensive information security program."
A third party, not yet identified, will get to assess that security program biennially for the next 10 years.
The commission vote to accept the settlement was 5-0.
