Forgot your password?
typodupeerror
Privacy Communications Security Social Networks The Courts IT Your Rights Online

Twitter To Establish Information Security Program 72

Posted by timothy
from the only-tell-longer-secrets dept.
An anonymous reader writes "Twitter has agreed to settle Federal Trade Commission charges that it deceived consumers and put their privacy at risk by failing to safeguard their personal information, marking the 30th case the FTC has brought targeting faulty data security, and the agency's first such case against a social networking service. Under the terms of the settlement, Twitter will be barred for 20 years from misleading consumers about the extent to which it maintains and protects the security, privacy, and confidentiality of nonpublic consumer information, including the measures it takes to prevent authorized access to information and honor the privacy choices made by consumers."
This discussion has been archived. No new comments can be posted.

Twitter To Establish Information Security Program

Comments Filter:
  • by Anonymous Coward on Thursday June 24, 2010 @08:05PM (#32685628)

    And they should have been permanently barred from the moment they started offering a service?

  • by Locke2005 (849178) on Thursday June 24, 2010 @08:30PM (#32685836)
    Barred for 20 years? Reviewed after 10 years? Twitter is a fad that will be passé by 2012... what the hell makes them think Twitter will still exist as a viable company in 20 years?!?
  • by dgatwood (11270) on Thursday June 24, 2010 @09:14PM (#32686160) Journal

    They don't, and they don't care. This is just a further example of the way in which corporate personhood results in a fundamentally broken and inequitable legal system.

    When a corporation misappropriates the secrets of hundreds of thousands of users, they get told the equivalent of "We know you stole a hundred thousand VCRs, but we're going to let you off with probation. We'll check back on you in a year, and we'd better not see a bunch of stolen VCRs when we do. But if we do, we'll check back in another year. Oh, and your punishment is that you're not allowed to steal VCRs again for twenty years."

    By contrast, if an individual steals just a couple of secrets from one corporation and leaks them to the press, the police raid the person's house and confiscate the person's equipment, and the person spends time in jail and usually ends up not being able to use the Internet for 20 years.

    All I ask is for the same punishment to apply to Twitter. Is that really so much to ask? Shouldn't corporations' privacy violations be punished just as severely as an individual committing a hundred thousand acts of corporate espionage? Seems pretty straightforward to me.

  • by sgt101 (120604) on Friday June 25, 2010 @10:44AM (#32690696)

    The statement "any password that is easy to memorize is not strong" is not true.

    The best way to create a strong easy to remember password is via a phrase.

    Iwearcoolshoes!638
    dobbinisanicehorse.112
    ponyslikejonty6eatcarrots?

    With respect to administrative controls, it is very easy to segment control and access in a system. I run a social media monitoring service, we have 3 basic types of user (Admin, Coordinator, Agent) but each one can have up to 30 options that define the precise controls and access they have. I am amazed that Twitter have not implemented a similar system.

    If my team (3 guys) can implement this, anyone can. It is reasonable to expect. In fact it's totally sensible.

    Compromise of individual accounts does not leak information as badly as administration - there is a host of stuff an admin could do that an individual couldn't.

    With respect to limiting access by IP address, again you are talking complete nonsense. It is feasible to do this on a whitelist that would enable access from anywhere, but would require an email or a phone call to set up. Hardly difficult, and again, why not segregate the machines to enable moderation (fAor example) from a browser or using ssh but locking the database away somewhere where no one can get to?
    Actually I agree that ssh is functionally strong enough to rely on - if that breaks all our games are up!

"A great many people think they are thinking when they are merely rearranging their prejudices." -- William James

Working...