Twitter CEO Jack Dorsey can take a simple step that could conceivably save humanity: He can impose an extra “authentication” step when the president tweets.
Donald Trump’s inauguration makes this an urgent priority.
Yes, President Obama’s Twitter account could’ve been hacked. But a major shift in policy or an outlandish statement on his feed would have been widely assumed to be the work of hackers. The erratic Trump won’t enjoy the benefit of that doubt.
Now imagine the possible consequences of a hacker Tweeting, “Putin you betrayed me, BIG MISTAKE, payback incoming!” Or conjure your own dark scenario. And note that the possibility of Trump getting hacked isn’t just hypothetical:
My Twitter has been seriously hacked--- and we are looking for the perpetrators.— Donald J. Trump (@realDonaldTrump) February 21, 2013
Twitter hacks hardly ended back in 2013 when someone posted rap lyrics to his feed. “In the past year alone, the Twitter accounts of Kylie Jenner, Mark Zuckerberg, Keith Richards, Sundar Pichai, Drake, Travis Kalanick, the National Football League, and the foreign minister of Belgium (to name a few) were hacked or accessed by someone who wasn’t supposed to have access,” Joseph Bernstein writes. “Many of these infiltrations didn’t require sophisticated skills or the ability to hack Twitter. Bad actors can often gain access to an account through a third-party app that has permission to post to Twitter, for example. These hacks didn’t take the expertise or resources of a nation-state; some of them were done by a Saudi teenager. So who is going to secure the president-elect’s account? According to multiple people who have managed the campaign social media accounts of Hillary Clinton and President Obama, as well as the official presidential account, Twitter does not have any special security measures for politicians.”
With a president who has trained the world to treat his Twitter feed as the most direct expression of his mind and of the actions he intends to take, that is unacceptable. The Trump team may have safeguards in mind, or cooperate with whatever the folks at the White House Communications Agency recommend. But given the government’s poor track record with information security, there is no reason to leave the matter entirely in their hands. Twitter’s CEO has a responsibility to impose an additional safeguard. And doing so shouldn’t be difficult.
Going forward, the @POTUS account and any verified account belonging to the sitting president should lose the ability to post anything instantaneously to the Internet.
Instead, those accounts should post to a queue. Twitter should then send the tweet in question to a designated official, perhaps White House Chief of Staff Reince Priebus, who will be prompted, “Can you verify that POTUS wants to tweet this?” And 10 seconds or 20 minutes or 2 hours later, with that “authentication” process complete, the tweet could be published to the stream as before.
This approach, or a smarter alternative, would impose trivial costs and could have almost incalculable benefits. And the public would almost certainly support the restriction.
A poll conducted by the Wall Street Journal just found that a significant majority of Americans disapprove of the president-elect’s Twitter habit, with 69 percent agreeing that it’s bad for a president to use Twitter as he does “because in an instant, messages can have unintended major implications without careful review.” If there’s a slight lag in his ability to send tweets few Americans will object. The imposition of extra security may be uncomfortable for Twitter, especially if the Trump transition team assures its corporate leaders that they’ve got things covered. But given the stakes the company has a larger responsibility to act. Twitter declined an opportunity to comment for this story, but a spokesperson did note that two-factor authentication is available as an option for all user accounts.