Twitter To Establish Information Security Program 72
An anonymous reader writes "Twitter has agreed to settle Federal Trade Commission charges that it deceived consumers and put their privacy at risk by failing to safeguard their personal information, marking the 30th case the FTC has brought targeting faulty data security, and the agency's first such case against a social networking service. Under the terms of the settlement, Twitter will be barred for 20 years from misleading consumers about the extent to which it maintains and protects the security, privacy, and confidentiality of nonpublic consumer information, including the measures it takes to prevent authorized access to information and honor the privacy choices made by consumers."
Re:Barred for 20 years? (Score:1, Interesting)
And they should have been permanently barred from the moment they started offering a service?
Kinda like consecutive life sentences... (Score:4, Interesting)
Re:Kinda like consecutive life sentences... (Score:5, Interesting)
They don't, and they don't care. This is just a further example of the way in which corporate personhood results in a fundamentally broken and inequitable legal system.
When a corporation misappropriates the secrets of hundreds of thousands of users, they get told the equivalent of "We know you stole a hundred thousand VCRs, but we're going to let you off with probation. We'll check back on you in a year, and we'd better not see a bunch of stolen VCRs when we do. But if we do, we'll check back in another year. Oh, and your punishment is that you're not allowed to steal VCRs again for twenty years."
By contrast, if an individual steals just a couple of secrets from one corporation and leaks them to the press, the police raid the person's house and confiscate the person's equipment, and the person spends time in jail and usually ends up not being able to use the Internet for 20 years.
All I ask is for the same punishment to apply to Twitter. Is that really so much to ask? Shouldn't corporations' privacy violations be punished just as severely as an individual committing a hundred thousand acts of corporate espionage? Seems pretty straightforward to me.
Re:This doesn't make sense (Score:4, Interesting)
The statement "any password that is easy to memorize is not strong" is not true.
The best way to create a strong easy to remember password is via a phrase.
Iwearcoolshoes!638
dobbinisanicehorse.112
ponyslikejonty6eatcarrots?
With respect to administrative controls, it is very easy to segment control and access in a system. I run a social media monitoring service, we have 3 basic types of user (Admin, Coordinator, Agent) but each one can have up to 30 options that define the precise controls and access they have. I am amazed that Twitter have not implemented a similar system.
If my team (3 guys) can implement this, anyone can. It is reasonable to expect. In fact it's totally sensible.
Compromise of individual accounts does not leak information as badly as administration - there is a host of stuff an admin could do that an individual couldn't.
With respect to limiting access by IP address, again you are talking complete nonsense. It is feasible to do this on a whitelist that would enable access from anywhere, but would require an email or a phone call to set up. Hardly difficult, and again, why not segregate the machines to enable moderation (fAor example) from a browser or using ssh but locking the database away somewhere where no one can get to?
Actually I agree that ssh is functionally strong enough to rely on - if that breaks all our games are up!