Blog Network

About The Bloggers


Twitter Hires First General Counsel, Hacker Puts Him to Work

Last Friday, Twitter named Alexander Macgillivray as its first General Counsel -- apparently not a moment too soon. Just a few days later, reports the BBC, Twitter was in touch with its legal counsel trying to assess the fallout after hundreds of its internal documents accessed by a hacker were published on the popular TechCrunch blog.

The Twitter hacking incident first came to light on July 14, with this TechCrunch post that recounted its dilemma:

The guy (”Hacker Croll”) who claims to have accessed hundreds of confidential corporate and personal documents of Twitter and Twitter employees, is releasing those documents publicly and sent them to us earlier today. The zip file contained 310 documents, ranging from executive meeting notes, partner agreements and financial projections to the meal preferences, calendars and phone logs of various Twitter employees...

We’re not going to post any of those documents [relating to employee information or company floor plans]. But we are going to release some of the documents showing financial projections, product plans and notes from executive strategy meetings. We’re also going to post the original pitch document for the Twitter TV show that hit the news in May, mostly because it’s awesome.

There is clearly an ethical line here that we don’t want to cross, and the vast majority of these documents aren’t going to be published, at least by us. But a few of the documents have so much news value that we think it’s appropriate to publish them.

On July 15, TechCrunch reiterated its decision:

But we are going to publish some of the other information that is relevant to Twitter’s business, particularly product notes and financial projections. Many users say this is “stolen” information and therefore shouldn’t be published. We disagree.

We publish confidential information almost every day on TechCrunch. This is stuff that is also “stolen,” usually leaked by an employee or someone else close to the company, and the company is very much opposed to its publication. In the past we’ve received comments that this is unethical. And it certainly was unethical, or at least illegal or tortious, for the person who gave us the information and violated confidentiality and/or nondisclosure agreements. But on our end, it’s simply news.

If you disagree with that, ok. But then you also have to disagree with the entire history of the news industry. “News is what somebody somewhere wants to suppress; all the rest is advertising,” is something Lord Northcliffe, a newspaper magnate, supposedly said. I agree wholeheartedly.

In that same post, TechCrunch also argued that it wasn't responsible for the release of the documents. Instead, the fault lay with lax security systems in place at both Twitter and Google:

It’s not our fault that Google has a ridiculously easy way to get access to accounts via their password recovery question. It’s not our fault that Twitter stored all of these documents and sensitive information in the cloud and had easy-to-guess passwords and recovery questions. We’ve been sitting in the office for eight hours now debating what the right thing to do is in this situation. We’ve spoken with our lawyers.

So how did a hacker obtain the documents? Biz Stone, one of Twitter's co-founders, speculated on that in this blog post:

About a month ago, an administrative employee here at Twitter was targeted and her personal email account was hacked. ... From the personal account, we believe the hacker was able to gain information which allowed access to this employee's Google Apps account which contained Docs, Calendars and other Google Apps Twitter relies on for sharing notes, spreadsheets, ideas, financial details and more within the company.

Stone defended Google Apps, stating that Twitter would continue to use them. He claimed that the attack resulted from the public spotlight on Twitter and relentless efforts by hackers to break into Twitter employee accounts. Finally, Stone emphasized that the hackers targeted Twitter, the company -- not Twitter, the service -- and that user accounts had not been compromised.

So far, the data released by TechCrunch relates to the company's financial projections and business plan, reports the San Jose Mercury News. One such document described at ZDNet was an internal financial forecast that Twitter would increase revenue from zero during the first two quarters of this year, with a modest $400,000 in profit by Q3 2009, followed by $140 million by the end of 2010. By 2013, Twitter projected, it would have 1 billion users and make $1.54 billion.

As for legal issues related to the publication, there hasn't been much discussion as of yet in the blogosphere. The New York Times Bits Blog mentions some of the legal issues in passing, noting that Michael Arrington of TechCrunch said that he has lawyers looking at the legal aspects of trade secrets and the receipt of stolen goods. Meanwhile, Richard Koman at ZDNet isn't sure that the First Amendment would protect TechCrunch from liability in this case. If you have any thoughts on the legal issues here, feel free to share them below.

Posted by Carolyn Elefant on July 16, 2009 at 05:18 PM | Permalink | Comments (0)


About ALM  |  About  |  Customer Support  |  Privacy Policy  |  Terms & Conditions