The recent meltdown of Twitter security raises important issues related to Data Portability, most notably issues of security, integrity, and responsibility, that are relevant to all users. It also serves to demonstrate the need for prioritization by data stores.
Had Twitter simply said, “we will take your data and do whatever we want with it – including giving your login credentials to whomever we want” then no one would have had a problem. Of course they would probably have a lot less users.
But that is not what they said – and that is not the expectation that users had. In fact, in addition to the specific “terms of service” agreement that everyone accepts when they become Twitter users, there is an implied relationship that is created that defines the expectations of both sides. One of those is the reasonable expectation that your login information (including password) would be private and protected.
Now, obviously this is a dynamic world and there are lots of bad guys out there. And it will never be perfect. But there are straight forward solutions to many of these issues – especially in this day and age -- provided their implementations rate the necessary priority in the eyes of the Twitters (and other data stores) of the world.
To Twitters credit, their response has been quick -- and still in process. But more folks need to be proactive, not simply reactive.
Elias Bizannes, a fellow DataPortability board member, talked about this at length over at the official Data Portability blog, as did DP board member Christian Scholz here.
OAuth by itself is not the answer – but it is an important part of the solution. Ultimately the solution involves technologies such as OAuth and OpenID, but it also requires a mindset, commitment, and acceptance of responsibility in proactively keeping the rights of users always in the forefront. This is a main tenant of Data Portability and is an issue likely to dominate the headlines for some time to come – one way or the other. Companies will increasing be called out – or praised --- on this issue depending on their policies and priorities.