Twitter agreed to employ a new security program, requiring submission to third-party audits, as part of a settlement agreement with the Federal Trade Commission over privacy breaches that allowed hackers to take control of high-profile accounts, including the account of President Obama.

The two breaches, which occurred in 2009, also allowed take-over of the official feed for Fox News, and enabled hackers to view account holders’ personal information as well as send out fake messages. One breach that occurred in January 2009 involved a teen hacker cracking an administrator’s password: happiness.

In the FTC’s first ever case against a social networking site, they did not charge Twitter with a fine, but did prohibit the site from misleading its “consumers about the extent to which it maintains and protects the security, privacy and confidentiality of nonpublic consumer information,” for the next 20 years, according to an FTC report released June 24.

The extent of the breach to then president-elect Obama’s account included one tweet, offering his more than 150,000 followers the opportunity to win $500 worth of free gasoline. As a result, the site must create a comprehensive information security program to be assessed by an independent auditor every other year for the proceeding 10 years. The settlement also includes measure to control “unauthorized access to nonpublic information and honor the privacy choices made by consumers.”

According to the FTC’s logic, although social network site users have the option to reveal certain personal information, they also have the right to assume that their personal information is private and secure. The unanimous 5-0 vote by the commission will be clarified in the upcoming release of Twitter’s consent agreement to the Federal Register. The public will then be allowed 30 days to comment on the agreement, until July 26, 2010, at which point the Commission will have to decide whether or not to finalize the stipulations.

The FTC’s issuance of an administrative complaint results from adequate “reason to believe” that the law has been or is being broken, as well as the appearance that such a proceeding is in the best interest of the public. Suggestion of steps Twitter should employ in order to correct their privacy concerns include using extremely difficult-to-guess administrative passwords, disabling administrative password access after a limited number of failed tries to login, and by limiting administrative passwords with life spans of less than 90 days.

To file a public comment, please click on the following link: https://public.commentworks.com/ftc/twitter