Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more ➡
Download
Standard view
Full view
of .
Add note
Save to My Library
Sync to mobile
Look up keyword
Like this
5Activity
×
0 of .
Results for:
No results containing your search query
P. 1
In the Matter of Twitter, Inc. (Federal Trade Commission)

In the Matter of Twitter, Inc. (Federal Trade Commission)

Ratings: (0)|Views: 1,228|Likes:
FTC probes Twitter over its security practices, and Twitter settles with the FTC. This is a copy of the consent order. Twitter was not fined, but agreed to implement certain security practices.
FTC probes Twitter over its security practices, and Twitter settles with the FTC. This is a copy of the consent order. Twitter was not fined, but agreed to implement certain security practices.

More info:

Published by: Venkat Balasubramani on Jun 24, 2010
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See More
See less

06/25/2010

pdf

text

original

 
Page 1 of 8
UNITED STATES OF AMERICAFEDERAL TRADE COMMISSION )
 In the Matter of 
)AGREEMENT CONTAINING)CONSENT ORDETWITTER, INC.,)FILE NO: 0923093
a corporation.
))
The Federal Trade Commission has conducted an investigation of certain acts and practices of Twitter, Inc. (“Twitter”). Twitter (“proposed respondent”), having been represented by counsel, is willing to enter into an agreement containing a consent order resolving theallegations contained in the attached draft complaint. Therefore,
IT IS HEREBY AGREED
by and between Twitter, by its duly authorized officials, andcounsel for the Federal Trade Commission that:1.Proposed respondent Twitter is a Delaware corporation with its principal office or placeof business at 795 Folsom Street, Suite 600, San Francisco, CA 94103.2.Proposed respondent admits all the jurisdictional facts set forth in the draft complaint.3.Proposed respondent waives:A.any further procedural steps;B.the requirement that the Commission’s decision contain a statement of findings of fact and conclusions of law; andC.all rights to seek judicial review or otherwise to challenge or contest the validityof the order entered pursuant to this agreement.4.This agreement shall not become part of the public record of the proceeding unless anduntil it is accepted by the Commission. If this agreement is accepted by the Commission,it, together with the draft complaint, will be placed on the public record for a period of thirty (30) days and information about it publicly released. The Commission thereafter may either withdraw its acceptance of this agreement and so notify proposed respondent,in which event it will take such action as it may consider appropriate, or issue and serveits complaint (in such form as the circumstances may require) and decision in dispositionof the proceeding.
 
Page 2 of 85.This agreement is for settlement purposes only and does not constitute an admission by proposed respondent that the law has been violated as alleged in the draft complaint, or that the facts as alleged in the draft complaint, other than the jurisdictional facts, are true.6.This agreement contemplates that, if it is accepted by the Commission, and if suchacceptance is not subsequently withdrawn by the Commission pursuant to the provisionsof Section 2.34 of the Commission’s Rules, the Commission may, without further noticeto proposed respondent, (1) issue its complaint corresponding in form and substance withthe attached draft complaint and its decision containing the following order in dispositionof the proceeding, and (2) make information about it public. When so entered, the order shall have the same force and effect and may be altered, modified, or set aside in thesame manner and within the same time provided by statute for other orders. The order shall become final upon service. Delivery of the complaint and the decision and order to proposed respondent’s address, as provided to the Commission by the proposedrespondent, by any means specified in Section 4.4(a) of the Commission’s Rules, shallconstitute service. Proposed respondent waives any right he may have to any other manner of service. The complaint may be used in construing the terms of the order. Noagreement, understanding, representation, or interpretation not contained in the order or the agreement may be used to vary or contradict the terms of the order.7.Proposed respondent has read the draft complaint and consent order. Proposedrespondent understands that it may be liable for civil penalties in the amount provided bylaw and other appropriate relief for each violation of the order after it becomes final.
ORDER DEFINITIONS
For purposes of this order, the following definitions shall apply:1.Unless otherwise specified, “respondent” shall mean Twitter, its successors and assigns,officers, agents, representatives, and employees.2.“Consumer” shall mean any person, including, but not limited to, any user of respondent’s services, any employee of respondent, or any individual seeking to becomean employee, where “employee” shall mean an agent, servant, salesperson, associate,independent contractor, or other person directly or indirectly under the control of respondent.3.“Nonpublic consumer information” shall mean nonpublic, individually-identifiableinformation from or about an individual consumer, including, but not limited to, anindividual consumer’s: (a) email address; (b) Internet Protocol (“IP”) address or other  persistent identifier; (c) mobile telephone number; and (d) nonpublic communicationsmade using respondent’s microblogging platform. “Nonpublic consumer information”
 
Page 3 of 8shall not include public communications made using respondent’s microblogging platform.4.“Administrative control of Twitter” shall mean the ability to access, modify, or operateany function of the Twitter system by using systems, features, or credentials that weredesigned exclusively for use by authorized employees or agents of Twitter.5.“Commerce” shall mean as defined in Section 4 of the Federal Trade Commission Act,15 U.S.C. § 44.
I.IT IS ORDERED
that respondent, directly or through any corporation, subsidiary,division, website, or other device, in connection with the offering of any product or service, in or affecting commerce, shall not misrepresent in any manner, expressly or by implication, theextent to which respondent maintains and protects the security, privacy, confidentiality, or integrity of any nonpublic consumer information, including, but not limited to,misrepresentations related to its security measures to: (a) prevent unauthorized access tononpublic consumer information; or (b) honor the privacy choices exercised by users.
II.IT IS FURTHER ORDERED
that respondent, directly or through any corporation,subsidiary, division, website, or other device, in connection with the offering of any product or service, in or affecting commerce, shall, no later than the date or service of this order, establishand implement, and thereafter maintain, a comprehensive information security program that isreasonably designed to protect the security, privacy, confidentiality, and integrity of nonpublicconsumer information. Such program, the content and implementation of which must be fullydocumented in writing, shall contain administrative, technical, and physical safeguardsappropriate to respondent’s size and complexity, the nature and scope of respondent’s activities,and the sensitivity of the nonpublic consumer information, including:A.the designation of an employee or employees to coordinate and be accountable for the information security program.B.the identification of reasonably-foreseeable, material risks, both internal andexternal, that could result in the unauthorized disclosure, misuse, loss, alteration,destruction, or other compromise of nonpublic consumer information or in unauthorizedadministrative control of the Twitter system, and an assessment of the sufficiency of anysafeguards in place to control these risks. At a minimum, this risk assessment shouldinclude consideration of risks in each area of relevant operation, including, but notlimited to: (1) employee training and management; (2) information systems, includingnetwork and software design, information processing, storage, transmission, anddisposal; and (3) prevention, detection, and response to attacks, intrusions, accounttakeovers, or other systems failures.

Activity (5)

You've already reviewed this. Edit your review.
1 thousand reads
1 hundred reads
gamelawyer liked this
pcreich liked this

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->