As the current hot technology, Twitter has many admirers – but its security problems need handling with care.
Just when everyone and their pet has started a blog and a Facebook page, it seems that what you really need now is a Twitter account. Twitter (www.twitter.com) allows users to “microblog” by posting short messages – up to 140 characters – describing what they are doing. Hooking in nicely with text messaging and mobile technology, Twitter makes it even easier for you to bore the world with the trivia of your life.
There are some good points about Twitter. It is reportedly one of the quickest sources of news about natural disasters and terrorist attacks. It gained front-page publicity after an eye-witness to the plane crash in the Hudson river used Twitter to send the first pictures of the plane, well before the traditional media arrived (using twitpic.com).
Twitter has also had its fair share of security problems. One exploit used falsified text messages to post fake Twitter messages, and a poor choice of password led to further abuse. The spamming community has eagerly welcomed Twitter as a way of widening its target audience.
Not everyone is so enthusiastic. In a widely publicised and overhyped story, the US Department of Defense expressed concern that Twitter could be used by terrorists to enhance surveillance. To be fair, its comments, from a draft, were conservative and just exploring “possibilities”, but this didn't stop the internet community from pouring scorn on them.
Then there was the case of US Republican senator Pete Hoekstra, who on a recent trip to Iraq fired up his BlackBerry on the helicopter from the Green Zone and announced the exact time of his arrival on his Twitter “page”. While it could be argued that putting BlackBerry users in harm's way is in the public interest, in a danger spot like Iraq, it's common sense to check with your escorts before telling anyone where you are (after all, if the good senator were attacked, his escorts would have been in danger too).
Thankfully, his “Tweet” (as Twitter updates are known) was not picked up by the local bad guys, but it would be foolhardy to ignore it as a vulnerability. High-profile targets have been tracked using mobile phone signals, so underestimating the technological expertise of the enemy is foolish.
The knee-jerk reaction is to call for a blanket ban, closely followed by the suggestion that another piece of technology could be used to mitigate the problem (and make suitable amounts of cash for vendors). This is a continual arms race, with each side playing catch up in turn.
Fortunately, there is a simpler solution. The senator's mistake was not that he used Twitter or his BlackBerry, it was that he revealed specific details about his location to people who had no “need to know”. Today, this might be via Twitter; a few years back, it might have been a text message; a few years in the future, it will be something else. Technology may augment the vulnerability, but it seldom causes it alone. Addressing the low-tech but persistent problem of user education is much more cost-effective than deploying finger-in-the-dike technology barriers.
Twitter, Facebook and similar technologies are proving remarkably effective at spreading information. They are the primary channel for fast-breaking news – and have sometimes been the only source. There's no reason why closed user group equivalents could not be used for government, military and corporate users, overcoming most of the common security complaints. For example, the US intelligence community was an early adopter of the web with its Intelink system, that simplified the sharing of sensitive intelligence information, without compromising security.
Despite appearances, most of the security problems we see aren't really new, they are just technological updates on human failings. It seems that, to paraphrase a friend of mine, we can always rely on a human to put the twit into Twitter.
What do you think? Tweet your views to us at: http://twitter.com/SCmagazineUK