WASHINGTON–The Federal Trade Commission today announced Twitter settled charges of deceiving consumers and putting privacy at risk by failing to safeguard personal information, an announcement that marks the agency’s first such case against a social networking service.
Twitter has operated since July 2006. The social networking website allows users to send brief 140-character updates to those who sign up to receive such messages. FTC charged Twitter with violating FTC Act §5 after intruders obtained unauthorized administrative control of the Twitter system to send unauthorized messages from accounts including one message, purportedly from Barack Obama, that offered more than 150,000 followers a chance to win $500 in free gasoline for filling out a survey. Unauthorized messages also were sent from eight other accounts, including Fox News.
FTC’s pursuit of Twitter signals the agency may be expanding the scope of its enforcement actions to include more than just identity theft and theft of personal financial data. The proposed consent order prohibits Twitter from misrepresenting the security, privacy, confidentiality, or integrity of any “nonpublic consumer information.” The proposed order would also require Twitter to establish and maintain a comprehensive information security program in writing.
The FTC would also require this security program “to contain administrative, technical, and physical safeguards appropriate to Twitter’s size and complexity, the nature and scope of its activities, and the sensitivity of the nonpublic consumer information.” This would include recordkeeping requirements to enable the commission to monitor compliance over the 20-year life of the order. The commission vote to accept the proposed consent order was 5-0.
The case is In re Twitter, Inc., FTC File No. 092 3093 (June 24, 2010).