Clout is might
Two days ago, we
had a major Twitter event that should give those with a large following cause
for concern with regards to the responsibility they bear.
Associated Press (AP)
was founded in 1846 and it is a news syndication agency that provides a news
wire service which I believe is monitored as a reputable source of information
by markets, governments and the global public at large.
AP also has a
Twitter account @AP with 1,920,114 followers at the time of my writing this
blog having posted 50,298 tweets.
It was all of AP
At no time were the
AP news wires compromised but by sleight of social engineering someone obtained
the password to their Twitter account, posted a few
mischievous tweets about explosions in the White House with the President
hurt and well, all hell broke loose before the level-headed realised the
account had been hacked.
On that alone, the
Dow fell 143 points besides other consequences of that unfortunate incident.
For me, it
highlighted the burden of responsibility that falls on both AP and Twitter with
regards to having the power to disseminate information that can result in
inadvertently serious consequences well beyond the intended purposes of the
instruments of dissemination.
The duty of care that comes with responsibility
If anything, AP
must now realise that the reputation and clout of the organisation undergirds
any medium of expression that the organisation chooses and though Twitter has a
low security threshold, it is by no means an insignificant vehicle of almost
overarching influence on public sentiment.
Therein lies some
responsibility on the part of AP to understand that they cannot afford to be
hacked even if it is easy to do so and where that might happen some monitoring,
evaluation and vetting system needed to be in place to ensure that whatever is
posted by that AP Twitter account does not suffer a loss of integrity leading
to a loss of face and reputation by a highly reputable organisation.
Premium security for Twitter
On the part of
Twitter, a security rethink is required. They provide the medium for the
dissemination of content but being a postmaster does not mean you have not responsibility
if you end up delivering a packaged bomb to a recipient.
It is clear that
especially for verified accounts, there has to be additional security
protections beyond just the password, probably verified accounts can be given
some premium service that includes multifactor
authentication, tweet preview processing with approval processes, delayed
publishing on sensitive matters and much else.
More importantly,
when a reputable organisation tweets, those tweets should be verifiably authenticated
from source to destination, they should be tamper-proof and once published
readers should be sure that they cannot be repudiated.
Protected Tweets
Obviously, this
adds payloads to tweets if these security mechanisms are to be implemented, but
it is a worthwhile price to pay for organisations with reputations to keep and
uphold beyond the mere responsibility they have to their followership.
It might also mean
that certain tweets be protected from modification and can only be retweeted as
posted, possibly with a PT tag, PT being Protected Tweet, audit trails might
also be added as the need arises.
Security and responsibility lessons
The main issue here
is that security needs to be improved on and organisations knowing the burden
of responsibility they carry have to institute workflows to ensure that what is
tweeted in their name is what they have sanctioned and approved to be tweeted.
Twitter is no more
the playground for lax security controls which could impact negatively on
sentiment in the marketplace and other forums of engagement.
Neither AP nor
Twitter could have foreseen the consequences of a hacker’s mischievous prank of
false news, the lesson to take away from this episode is if you are trusted
with a great following, you are responsible for what your followers read from
you in professional excellence and in error, what you cannot afford is to be in
error.
