Before you Fleet that Tweet: The newest eDiscovery and privacy risk direct from the Twitterverse
In a world of rapidly proliferating apps and data types, eDiscovery is always at risk of falling a step behind. Just when you think your company has appropriate data security and eDiscovery protocols for all the modern collaboration tools necessary in today’s work-from-anywhere environment, Twitter releases what may be―at least from an eDiscovery, data privacy, and cyberbullying perspective―the most ill-conceived user-facing feature a social network has ever released into production.
Twitter deployed the new feature, “Fleet,” on November 17, hoping to mimic the success of similar disappearing “stories” on Instagram and other social media platforms. Fleets are essentially Twitter conversations that disappear in 24 hours. The disappearing feature is meant to encourage collaborative, casual sharing of stories without the “pressure” of having a public, permanent conversation.
It looks like nobody at Twitter did their “If this, then what” homework revealing what can happen if you allow ephemeral thoughts, opinions, and stories to proliferate and then magically disappear―with zero thought to privacy for its users. It’s also relevant to point out Twitter is Twitter, not Instagram, and it is sometimes used in very different contexts (think bullying vs. birthday parties).
Here are a few immediate things to know and pass along to your compliance team, IT department, HR director, employees, family―anyone for whom data and safety are serious professional concerns.
When someone “fleets a tweet” (creates and shares a story from their tweet or someone else’s):
- You can see any private Twitter accounts that viewed it, and the author of the original tweet does not get notified.
- You can add a comment or give an instruction, and the author is not notified.
- You can embed and link site content directly without notifying the owner of the linked content.
- You can tag accounts that have blocked you (or that you have blocked) in Twitter, and the tag will circumvent those blocks and direct those followers to your account.
- And, if you react to someone’s Fleet, Twitter automatically creates a direct message between you and them, even if you do not follow or even know them. And yes, this includes photographs. Unsolicited, of course.
Why does this need your attention now? The most obvious use case for Fleet right now is to cause harm by facilitating harassment, bullying, and viral amplification of disinformation without consequence.
And then disappear.
There is currently no mechanism for a person, company, or government targeted by a Fleet “mob” to identify, capture, and understand where all of the bullying, harassment, or misinformation is actually coming from. Even worse, Twitter is mainstream enough that it might not be blacklisted as an ephemeral app in your company or government agency.
The most immediate step for organizations that are serious about information governance, privacy, and security is to configure security policies to disable Twitter and Fleet (by name) if you have not already. It seems likely Fleet will be returned to Twitter’s UX department for redesign, and to the company’s privacy and security engineers to rectify some initial design flaws that were somehow overlooked. But until then, it seems unwise to expose your organization to these very real risks.
The second step is to check with your eDiscovery and compliance partners. Did they know about and immediately solve for this unfortunate development, or did you have to tell them?
Leigh Vickery is the Chief Strategy and Innovation Officer for Level Legal. She approaches her work holistically, always connecting the client's legal, technology, financial, and business goals with the ethical and cultural impacts throughout their ecosystem for a more comprehensive, innovative solution.