The Pathetic Punishment of Twitter
Any mystery about why tech companies feel free to plunder, lose and even illegally appropriate your personal data should be cleared up by observing how lightly the Federal Trade Commission spanked Twitter for losing control of 35 high-profile accounts.
Twitter last year allowed hackers into the accounts of Barack Obama, of journalists from CNN and Fox News, of Facebook, the Huffington Post, and of celebrities like Britney Spears, among others, all due to what the FTC now describes as lax security on the part of Twitter Inc. Later in the year, another hacker gained access to an internal Twitter administrative password. An FTC director told Bloomberg the incidents potentially compromised users' "personal information."
After an 11 month investigation that concluded "serious lapses" and a lack of basic safeguards gave hackers "administrative control" of Twitter, the FTC made this deal with the company: The microblogging service is forbidden from breaking the law, and the FTC is allowed to punish Twitter if it does so. That's it. That's the actual response of an actual federal regulatory agency to an amateur-hour breach of security that compromised the account of the president of the United States. Here's the absurdist quote from the FTC about this non-punishment, via TechCrunch:
Twitter will be barred for 20 years from misleading consumers about the extent to which it maintains and protects the security, privacy, and confidentiality... The company also must establish and maintain a comprehensive information security program, which will be assessed by a third party every other year for 10 years.
Also, says TechCrunch, "the order gives the FTC the ability to fine Twitter for future security breaches to the tune of $16,000 per incident." In other words, the federal government won an agreement giving it the right to enforce the law, with fines.
And puny fines at that. Given that Twitter has its pick of deep-pocketed investors, who have valued the company at $1 billion, there's basically zero deterrent in this agreement that keeps Twitter from exposing the exact same accounts all over again. It would cost a mere $500,000 dollars to do so. Pocket change, and no doubt a signal to the likes of Facebook and Apple/AT&T that they, too, can continue to skimp on security, expose user data, and write it all off as the cost of doing business. The worst that will happen is the FTC will investigate, ask if they'd be willing to agree to follow the law and then, in the case of a second violation, maybe fine them a trivial sum after yet another pointless and protracted investigation. In a blog post this morning, Twitter sounded petulant about the FTC deal, annoyed to even have to acknowledge "these incidents from 18 and 14 months ago."
Now that it's done crafting an ineffective arrangement with one of the biggest social networks on the planet, the FTC can get back to its favorite pastimes of lecturing and harassing small-fry indy bloggers, disfiguring antitrust, copyright and tax law to favor newspaper barons like Rupert Murdoch, and utterly failing to protect consumers from widespread deceit and fraud within the banking and financial industry.
Meanwhile, within hours of the announcement, a brand-new security hole was discovered, on Twitter.com. Your tax dollars at work.
[Pic: Twitter CEO Ev Williams, Getty Images.]