November 15, 2009

Trick or Tweet? Is Twitter a Viable Emergency Notification System?

Posted in Best practices, Criminal activity, Employee issues, Facebook, LinkedIn, Social Media Tools, Social networking policy, Twitter tagged , , , , , , , , , , , at 11:40 pm by bizlawblog

Trick or Tweet? That question is not intended to remind you of what you hear on Halloween, when your neighbor’s kid knocks on your door and asks the annual question with a lisp.

We recently finished Halloween shenanigans, where kids disguise themselves as fictional characters and knock on doors in their neighborhood, traditionally asking if you’d like to give them a treat or risk a less enjoyable alternative. The question raised in this post, however, is whether use of social media, and Twitter in particular, is a bit of the same situation. Is Twitter being touted as a viable emergency notification system when it is not fit for that important purpose? A companion question might be whether we, as customers (i.e. The “Twitterati”), are putting pressure on this social media channel to transform itself into something for which it was not originally intended.

Many schools may start using social media channels, such as Twitter and Facebook as a more regular part of their emergency notification program. A variety of vendors are coming up with way to make this happen.

In a move that plenty of other institutions are sure to follow, Oregon’s Pacific University has integrated its emergency notification system with the popular social networking sites Facebook and Twitter. The move allows the 3,100-student university to send emergency messages to students via e-mail, RSS feed, or text message to mobile phones, Blackberries, wireless PDAs, pagers, and smart or satellite phones–and now Twitter or Facebook.

The university subscribes to an emergency notification system from Omnilert’s e2Campus that allows administrators to send a single message to a designated list of recipients on a variety of devices and in various formats. In November, e2Campus added Twitter and Facebook as options–and Pacific University was the first institution to jump on board.

University Links Twitter, Facebook with Notification System

My last post, Did Twitter Replace Cell Phones for Ft. Hood Shooting News?, mentioned that even the military recommended Twitter as an emergency information source, when a sudden surge in emergency traffic crashed the civilian cell phone system in the Ft. Hood area. As a country, the United States has been blessed with fewer natural disasters than many countries. Clearly, we are still trying to digest the disaster preparedness and recovery lessons from far-reaching events like hurricane Katrina, which likewise disrupted cell phone traffic in a number of ways. Is Twitter any better?

Matt Williams, Assistant Editor of Government Technology Magazine, posted an interesting article, mentioning some of the many uses the U.S. government is making of Twitter:

When Twitter’s founders launched the service in 2006, they advertised it as a way to keep abreast of friends’ everyday lives. The idea of “tweeting” in short bursts about mundane details – “I’m watching Dancing with the Stars!” – may seem narcissistic, or pointless. But a loyal following has found novel and unexpected applications for the service. This movement includes government agencies, which are use Twitter for various functions, such as real-time alerts about emergencies, election results and even science projects.

The most practical government applications for Twitter are in public safety and emergency notification. For example, the Los Angeles Fire Department (LAFD) updates its Twitter page with bulletins about structural fires, the number of responding firefighters, and injuries and casualties. A typical post is something like: “12126 Burbank Bl* No ‘formal’ evacuations; Firefighters maintaining 500′ exclusion zone pending LAFD Hazmat arrival…”

“The question really would be, why not do Twitter?” asked Bill Greeves, the county’s IT director. “It is 140 characters, so granted, you are limited in the message you put on there. But we’re not creating content for Twitter; we’re creating content to send out a message to the public, and we’re just taking advantage of the latest and greatest channels available.”

The beauty of it, Greeves said, is that if something better replaces Twitter or it all falls out of vogue, it won’t hurt the bottomline.

Governments use Twitter for Emergency Alerts, Traffic Notices and More

Williams’ article notes that one of the major hurdles to greater government use of Twitter may be “viewership,” but it appears even the U.S. State Department has taken note of Twitter’s potential use in an international context. An article by Lev Grossman, Iran Protests: Twitter, the Medium of the Movement, points out:

The U.S. State Department doesn’t usually take an interest in the maintenance schedules of dotcom start-ups. But over the weekend, officials there reached out to Twitter and asked them to delay a network upgrade that was scheduled for Monday night. The reason? To protect the interests of Iranians using the service to protest the presidential election that took place on June 12. Twitter moved the upgrade to 2 p.m. P.T. Tuesday afternoon — or 1:30 a.m. Tehran time.

So what exactly makes Twitter the medium of the moment? It’s free, highly mobile, very personal and very quick. It’s also built to spread, and fast. Twitterers like to append notes called hashtags — #theylooklikethis — to their tweets, so that they can be grouped and searched for by topic; especially interesting or urgent tweets tend to get picked up and retransmitted by other Twitterers, a practice known as retweeting, or just RT. And Twitter is promiscuous by nature: tweets go out over two networks, the Internet and SMS, the network that cell phones use for text messages, and they can be received and read on practically anything with a screen and a network connection.

This makes Twitter practically ideal for a mass protest movement, both very easy for the average citizen to use and very hard for any central authority to control. The same might be true of e-mail and Facebook, but those media aren’t public.

This use of Twitter in a mass crisis has apparently not gone without notice at headquarters. Twitter co-founder, Evan Williams, in comments to the BBC about the Iran-related maintenance delay said:

“We did it because we thought it was the best thing for supporting the information flow there at a crucial time, and that’s kind of what we’re about – supporting the open exchange of information.

“So it seemed like the right thing to do.”

Twitter Iran delay ‘not forced’

Is Twitter the new boss in social media town? Even networks like LinkedIn seem to be trying to attach themselves to it, as Taylor Singletary points out in his article on the LinkedIn blog, You want Tweets? There’s an App for that…:

As you’ve likely heard by now, we launched our first Twitter integration features at LinkedIn earlier this week.  For professionals who want to make Twitter part of their professional identity, you can now easily add your Twitter account to your LinkedIn profile, and seamlessly post LinkedIn status updates to Twitter, and vice-versa.

This launch also brings with it a brand new addition to the LinkedIn application platform: Tweets.

Tweets is an application that allows you to seamless integrate basic Twitter functionality into your LinkedIn experience.

Twitter itself, however, is not immune from interruption of service. Last August, it was the subject of an apparent denial of service attack. Eliot Van Buskirk’s article on Wired gives a nice outline of the event:

Twitter was shut down for hours Thursday morning by what it described as an “ongoing” denial-of-service attack, silencing millions of Tweeters. It was the first major outage the service has suffered in months and possibly the first ever due to sabotage. The outage appeared to begin mid-morning, EST, and affected users around the world. After about three hours, the service was coming back online in fits and starts.

In a denial-of-service attack, a malicious party barrages a server with so many requests that it can’t keep up, or causes it to reset. As a result, legitimate users can only access the server very slowly — or not at all, as appears to be the case here.

Not only was the site down, but client applications that depend on the Twitter API could also not connect to the service, creating a complete Twitter blackout. According to June ComScore numbers Twitter has more than 44 million registered users and its user base has been growing rapidly for months as it becomes better known in the mainstream.

Denial-of-Service Attack Knocks Twitter Offline

Twitter’s statement was, of course, less verbose:

We are defending against a denial-of-service attack, and will update status again shortly.

Update: the site is back up, but we are continuing to defend against and recover from this attack.

Update (9:46a): As we recover, users will experience some longer load times and slowness. This includes timeouts to API clients. We’re working to get back to 100% as quickly as we can.

Update (4:14p): Site latency has continued to improve, however some web requests continue to fail. This means that some people may be unable to post or follow from the website.

Ongoing denial-of-service attack

Some, such as Roberta Whitty, a member of the Gartner blog network, clearly feel it dangerous for organizations to rely upon Twitter:

The denial of service attack on Twitter should remind organizations that are automating their emergency call trees and crisis communications that a single end point isn’t good enough. Given the growth in social networking, more and more organizations are starting to think about leveraging these sites for emergency/crisis communications. But if it becomes your only end point, you risk not getting your message out when it is most needed – during a disaster.  In addition, no national telcom network has been tested for a regional disaster, so your phone messages might not get delivered either. Hence, build for emergency notification around multiple channels for best coverage. What is your organization doing to support best coverage?

Don’t Rely Only on Twitter for Emergency Notification

One must also wonder how the continuous barrage of scams might impact use of any form of social media as an emergency notification system. Michael Arrington’s article, Facebook To Increase Enforcement Of Anti-Scam Rules, points out:

Facebook says that deceptive ads are a widespread problem on the Web…

Anyone who doesn’t engage in scammy behavior right now is at a monetization disadvantage. There are real similarities between this issue and steroid use in baseball. As long as the MLB didn’t really enforce steroid use among players, it was a competitive necessity to take the drugs, and so many more players took them than otherwise would.

We know that companies such as Microsoft are the target of frequent attacks by hackers. Some of these may have gained insider knowledge as employees of their targets and are thus extraordinarily effective in their destructive efforts. How could any governmental entity, however, think it might be less likely to attract detractors?

Referring to last Augusts’ attacks against both facebook and Twitter, Ryan Singel’s article noted:

They don’t make any sense.

“I’m afraid two outliers make a line and there is something going on… We have entered the third generation of denial of service attacks, and anyone that plans on the rationality of criminals is at risk.”

What does that mean? It means if you make the assumption that the bad guys online are just a new breed of bank robbers, that can get you into trouble if there are a few sociopaths mixed in.

The ongoing attacks Thursday on Facebook and the micro-publishing site Twitter likely involve tens of thousands of compromised computers under the control of a single person. Likely the attack involves asking the sites to serve up a page of search results, or some other processor-intensive requests. That makes it hard to determine if the request is a real user action or a malicious fake.

Is There Rhyme or Reason to the Attacks on Twitter?

As the title of another of Ryan Singel’s articles tells us:

Security experts say the attacks on Twitter and Facebook are nothing new under the sun and that Distributed Denial of Service Attacks — which render a web server useless to real users by overwhelming the server with fake requests, are commonplace on the net. DDoS (pronounced dee-daas) attacks are usually carried out using a zombie army of infected Windows computers known as a botnet, where the controller tells the infected computers what site to bombard with requests.

“This kind of stuff happens every day, but when it happens on Twitter, people don’t know what to do with their thumbs,” said Paul Ferguson, a senior threat researcher for security giant Trend Micro.

And so far there’s nothing to indicate there’s anything particularly interesting about the attack from a technical perspective, according to security expert Tom Byrnes, the founder of ThreatStop, a network security company.

“Taking something down on the web is garden variety vandalism,” Byrnes said. “They aren’t doing anything new … someone has a botnet and they are just pounding on Twitter and Facebook.”

Twitter, Facebook Attacks No Surprise to Security Experts

So how do we reconcile these events? The government is recommending use of social media channels for emergency notification purposes. Schools and other organizations are rapidly adopting it as a significant part of their own emergency systems. At the same time, however, disgruntled employees and political activists are focusing their efforts at bringing down these emerging communication giants, and are doing so with amazing success.

If a single hacker can bring down the Twitter and Facebook networks, what damage could be done by a terrorist organization or, perhaps one of the many rogue nations we face in our global village? We can certainly hope these social media moguls will learn their lesson from these attacks and spend more of their effort on making these networks secure. We also know that, historically, the hackers often seem to be at least one step ahead of law enforcement, network security experts, and others upon whom we rely for protection.

We have likewise read stories about illegal probing of military and infrastructure networks, including those designed to make our nuclear facilities secure. Might we not anticipate that at least some of this probing may be leading up to attempts at breaching the defenses being tested. Sure, some of this may just be teens with too much computer time on their hands, or political dissidents whose focus in on something other than world destruction. On the other hand, are we setting ourselves up for the big bang by increasing our reliance upon social media for emergency news, rather than what this media was intended for originally?

That’s what I think. Please leave a comment and let us know what you think.

If you are really interested, I just started yet another free group on LinkedIn, Social Media Search and Forensics. Many of these articles and discussion about them are posted there. Please join us.

Advertisements

3 Comments »

  1. […] Adams, at the SociaLies blog recently published a post titled, “Trick or Tweet? Is Twitter a Viable Emergency […]

  2. […] an alarm system is dangerous, but if only the turkey is at state, this may be sufficient. With our Twitter early warning system tied into the day’s calendar on our refrigerator, we were notified, in order, that: our […]

  3. bizlawblog said,

    I have to wonder about the ability to use unvetted social media channels in the mix. This article about an attack on Twitter points out just how fragile these networks still are.
    http://vator.tv/news/show/2009-12-18-twittercom-attacked-dns-records-compromised

    Twitter’s “official” statement is here: http://blog.twitter.com/2009/12/dns-disruption.html

    I agree that a mix a of channels is a better solution than having to depend on only one (witness the original Ft. Hood cell phone outage).

    My concern is about what a “bad guy” could do with disinformation. Let’s say I didn’t like the police, so I report there is a holdup at a liquor store at 4th & Oak and it looks like a cop is down. Can anyone tell me there is not a chance something bad is not going to come from first responders speeding to help?

    Suppose this happened on a wider scale, with unvetted Twitter messages resulting in the well planned clogging of tunnels after the 911 attacks in NYC, in order to do more “bad things?”

    Until we have a system in place to judge the veracity of social media, I am concerned about the potential for abuse.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: