Twitter has reportedly acquired security startup Whisper Systems in a move that may suggest the microblog company is ready to focus more heavily on data protection and privacy for its mobile users.
Whisper Systems is a mobile security firm consisting of two key players: Stuart Anderson and Moxie Marlinspike. The deal was announced on Whisper Systems' website, though the financial terms were not disclosed.
Industry observers are noting that the deal – Twitter's first security-related purchase – is more likely about acquiring talent than any particular technology. Currently, Whisper Systems has several data security products in beta, but none are available for wide release.
The security firm's products, which include services called RedPhone and TextSecure, are geared toward mobile devices, which the startup asserted is an area that hasn't been thoroughly explored yet.
"We started Whisper Systems with the goal of improving security and privacy for mobile devices," the company stated in a blog post. "We were attracted to this not only because we saw it as an opportunity to reinvent the security solutions that never really worked in the PC environment to begin with, but also because the stakes are much higher – due to the nature of mobile devices themselves – and we didn't like the way that things were looking."
Whisper Systems also noted that its services will be temporarily suspended as it goes through the transition. RedPhone, a voice encryption service for Android devices, will go offline immediately, while FlashBack, an encrypted backup service for Android, will be interrupted after one month.
Though it is unclear exactly how Whisper Systems will be incorporated into Twitter, the startup has a fair point regarding the lack of security on mobile devices. Until recent years, mobile security hadn’t been a major concern for many people. But with the sudden rise of the smartphone and the tablet, this has changed rather suddenly, as consumers and business users alike are looking to protect their mobile devices from many of the same threats against traditional PCs, including malware, spam and hacks.
Combined with the growing use of social media websites, these concerns are compounded. Twitter, for its part, has seen its fair share of criticism when it comes to data security and privacy. In March, for example, the microblogging site reached a settlement with the U.S. Federal Trade Commission, which accused Twitter of deceiving its users by "failing to safeguard their personal information."
As part of the settlement, Twitter has been "barred for 20 years from misleading consumers about the extend to which it protects the security, privacy and confidentiality of nonpublic consumer information." The company was also required to establish a new security program, which will be assessed every other year for the next 10 years by an independent auditor.
Since the settlement was reached, Twitter has indeed implemented new measures aimed at protecting user information. One such measure is the inclusion of HTTPS for both its website and mobile application. However, this too has been criticized, as website users must manually turn on the feature, though it is a default setting for mobile accounts.
Despite these occasional shortcomings, the acquisition of Whisper Systems – one of many deals Twitter has made in the last year – signals that the company is giving greater precedence to protecting user information. This should be an encouraging sign for data privacy advocates, who often worry that social websites often treat data security as a secondary interest.
Consumerization News from SimplySecurity.com by Trend Micro