Statement of Karen Hobert Flynn, President of Common Cause
‘Just trust us’ is no longer a viable or safe option for Twitter and other social media companies. Americans expect and deserve safeguards that protect their personal data and ensure companies take meaningful steps to mitigate harms when experiencing data breaches, particularly ones that pose a serious threat to public safety and the integrity of our elections. The large-scale hack of high profile Twitter accounts reveals how security vulnerabilities on social media platforms can have serious threats to our society. Yesterday’s Bitcoin scam had many victims, but it also raised the terrifying specter of the damage that might be done by a similar hack aimed at stirring social upheaval, insurrection, or upending the 2020 election. The episode again laid bare the insufficient defenses and oversight of the social media companies that can hold such sway in the public square. It also revealed the startling lack of transparency from the social media giants. No clear explanation of the hack or even its scope has been offered. And many of us who have been hacked have yet to be notified by Twitter.
Yesterday’s hack occurred in an age when the current President conducts official business on his Twitter account. Federal agencies such as the Census Bureau and the Center for Disease Control also share news and information through social media. It is time for real government oversight and for meaningful legislation to safeguard these important yet extremely vulnerable platforms. We need adequate notice and enhanced transparency to assess the scope of breaches. We need an independent audit regime that can determine whether companies that collect our sensitive data are adequately protecting it. And we need Twitter and other social media platforms to develop a plan that ensures an attack like this does not happen again. The potential to create a crisis from whole cloth on social media platforms is just too great to be left without real oversight that protects our personal data and implements remedies that hold companies that fail to protect our data accountable. Our safety, our security, and our democracy are too important to be blindly entrusted to these corporations no matter how much the spend on lobbyists and political contributions. It is long past time for government to act on this matter.