New York State Calls for a Dedicated Social Media Regulator

On the heels of a cyberattack on Twitter this summer, the New York State Department of Financial Services (DFS) called for a dedicated regulator to oversee big social media platforms. In a 37-page report, the department described the July 15 attack in which accounts of Barack Obama, Joe Biden, Jeff Bezos, Elon Musk and others were hacked and used to promote a cryptocurrency scam. Three people have since been charged with posing as employees to launch that attack, which relied on relatively simple tactics.

The Wall Street Journal reports that social media companies are subject to New York’s 2019 Stop Hacks and Improve Electronic Data Security Act (SHIELD Act), and “some oversight from the Securities and Exchange Commission, the Justice Department and the Federal Trade Commission,” but no dedicated regulatory agency.

“Social-media platforms have quickly become the leading source of news and information, yet no regulator has adequate oversight of their cybersecurity,” said DFS superintendent Linda Lacewell. “The fact that Twitter was vulnerable to an unsophisticated attack shows that self-regulation is not the answer.”

Twitter, which cooperated with the DFS investigation, also debuted “initiatives dedicated to security and privacy, including training for employees.”

DFS’s report “recommended that the new regulator, which could be a part of an existing agency or a stand-alone body, should be allowed to designate the largest social media platforms as systemically important … the label is usually reserved for the very largest banks and institutions underpinning financial markets, which are subject to stronger oversight than their peers.”

DFS also praised cryptocurrency exchanges, “which it directly regulates,” and was responsible for blocking around 6,000 transactions worth $1.5 million during the Twitter hack.

Since then, in response to DFS’ harsh criticism, Twitter brought on former Rubrik executive Rinki Sethi as its chief information security officer and “has since limited staff access to key functions on its platform.”

Related:
The Shocking Twitter Hack This Summer Started with a Tech Support Scam, New York Regulators Allege, CNN, 10/14/20