Twitter settles privacy case with the FTC

Powered by SC Magazine

Agrees to security guidelines, regular audits.

Twitter has agreed to adopt a new security programme which will settles its privacy case with the US Federal Trade Commission.

The Commission said that the micro-blogging site would be enforcing best practices for password selection and control as well as submit to regular audits of its security controls.

Among the measures required will be the adoption of unique non-dictionary passwords not used with other accounts or stored within unencrypted email messages.

The company will also be required to swap out passwords regularly and protect its administrative controls through a unique log-in page that locks an account after a certain number of failed log-in attempts.

Additionally, the company will be required to adjust its notifications to users in order to avoid misleading them about the company's privacy protections.

In a blog posting, Twitter general counsel Andrew Macgillivray said that the company had already adopted a number of the stipulations in the settlement.

"Even before the agreement, we'd implemented many of the FTC's suggestions and the agreement formalizes our commitment to those security practices," he wrote.

The deal stems from a pair of breaches Twitter suffered in 2009 which lead to user accounts being compromised and a breach of Twitter corporate data. The FTC said that the breaches were due to lax security practices, such as using dictionary-based passwords and not limiting the number of log-in attempts on an account.

"When a company promises consumers that their personal information is secure, it must live up to that promise," said FTC bureau of consumer protection director David Vladeck.

"Likewise, a company that allows consumers to designate their information as private must use reasonable security to uphold such designations."

Copyright ©

Twitter settles privacy case with the FTC
Top Stories
Australia passes data retention into law
Mammoth last-ditch effort by Greens, indies knocked back.
ATO to kill off e-Tax
Veteran software to be replaced by more modern myTax.
CSC embroiled in CBA IT bribery scandal
ServiceMesh named in alleged dodgy dealing.
Sign up to receive iTnews email bulletins
Latest Comments
Do you support the Government's data retention scheme?

   |   View results