

Twitter Settles With FTC - Judson
http://voices.washingtonpost.com/posttech/2010/06/twitter_settles_charges_by_ftc.html

======
cedsav
From the FTC website, the list of "reasonable steps" that twitter (and really,
any web app) should have taken:

* requiring employees to use hard-to-guess administrative passwords that are not used for other programs, websites, or networks;

* prohibiting employees from storing administrative passwords in plain text within their personal e-mail accounts;

* suspending or disabling administrative passwords after a reasonable number of unsuccessful login attempts;

* providing an administrative login webpage that is made known only to authorized persons and is separate from the login page for users;

* enforcing periodic changes of administrative passwords by, for example, setting them to expire every 90 days;

* restricting access to administrative controls to employees whose jobs required it; and

* imposing other reasonable restrictions on administrative access, such as by restricting access to specified IP addresses.

[<http://ftc.gov/opa/2010/06/twitter.shtm>]

------
gojomo
So the FTC reads about horses escaping, tells the farmer to close the barn
door, and reports that as a successful enforcement action. Woohoo, your tax
dollars at work!

Twitter didn't need any federal regulator to tall them to improve their
practices; the embarrassment of the well-publicized incident -- and their
continuing growth as a prominent target -- gives them all the motivation they
need.

