Here’s a dilemma: The guy (”Hacker Croll”) who claims to have accessed hundreds of confidential corporate and personal documents of Twitter and Twitter employees, is releasing those documents publicly and sent them to us earlier today. The zip file contained 310 documents, ranging from executive meeting notes, partner agreements and financial projections to the meal preferences, calendars and phone logs of various Twitter employees.
We’ve spent most of the evening reading these documents. The vast majority of them are somewhat embarrassing to various individuals, but not otherwise interesting. An example – there are a number of documents showing the names of people who interviewed at Twitter for various senior level positions so publishing their names would obviously be distressing for them. Most of these people remain in their current jobs. Some documents show floorplans and security passcodes to get into the Twitter offices. We’re not going to post any of those documents.
But we are going to release some of the documents showing financial projections, product plans and notes from executive strategy meetings. We’re also going to post the original pitch document for the Twitter TV show that hit the news in May, mostly because it’s awesome.
There is clearly an ethical line here that we don’t want to cross, and the vast majority of these documents aren’t going to be published, at least by us. But a few of the documents have so much news value that we think it’s appropriate to publish them.
More posts coming soon.
Update: Our Reaction To Your Reactions To the Twitter Confidential Documents Post
Update 2: Final Tweet: The Twitter Reality TV Show Pitch
Update 3: Twitter’s Financial Forecast Shows First Revenue In Q3, 1 billion users in 2013
Update 4: Twitter’s Internal Strategy Laid Bare: To Be “The Pulse Of The Planet”
Why?
Because this violates your rights to privacy. Nobody needs to know too much about you without your permission. This is an ongoing issue which relates back to how much about you/your identity is exposed on the Web – are you aware? and do you have control to manage these data about you.
- Darren at AdExcel dot Com
Exactly. Say, as a twitter employee, this violates my right to privacy and exposes things about me and my identity to the web without my control.
Hmm.
yeah we’re not going to post any of that stuff.
Good ethical decision Michael. Just tell me this, why was Twitter so slack about these documents and why did that guy want to release them? How did he managed to collect all these documents?
They were hacked, it was slackness, you can’t cover _all_ security holes, there’s always one just waiting to be found. You’ve just gotta hope its you/your employee and not someone else.
His reason? My guess, fame.
http://www.tech...ly-distressing/
This is an asshole move. If these documents were obtained illegally (and it sounds like they were) by “Hacker Croll,” you have no right to publish them. One can only imagine the hissy fit you would throw if someone did this to TechCrunch.
That’s commendable but there’s still an appearance of a lapse in ethics here.
“…documents showing financial projections, product plans and notes from executive strategy meeting…s”
Really? We’ll have to see what exactly gets published and if it’s worthy of all this hoopla.
Nevertheless, this is just bad karma for a great blog which has become an integral part of the start-up community in the Valley and beyond.
Got sleaze?
You have to wonder. With all the publicity over twitter in the media, and the TV show, this could be their sex tape. How do we know for sure this was not intentional?
With all the Twitter-haters that comment on TC, you’d think that they’d be more open to the idea of releasing such documents…..
The difference between publishing documents or information that was obtained by means of a “whistleblower” inside a corporation and that obtained through the theft of proprietary data is the difference between civil and criminal courts.
I find it hard to believe that you fail to see the difference.
Posting even a single word from those files could not possibly be any more unethical. If some hacker happens to email me the checking account number and pin of some unsuspecting individual, I can’t hide behind some veiled 1st amendment BS if I were to publish that info to the world. I would be just as guilty.
This is information that you obtained not through research but through a hacker leaking the information. You shouldn’t be posting any of this information online.
Poor show Arrington, poor show.
I am not a Twitter user. As I understand it Twitter is a business that publishes information supplied by users but as yet it has not said how it will make money. Is it not in the public interest to publish details of how it will make money, if you have that information? I don’t understand why anyone using this service has not first asked how the business makes money. Any business should tell you how it makes money or plans to make money so consumers are protected, and if Twitter has kept it secret, it is in the public interest to publish it, in my view.
which is why Mike already said only few things would be posted!
still .. nothing should be posted by no one without Twitter’s permission. Poor decision techcrunch, you guys should know better.
I agree with Rama. Feels kinda shady.
lol. if we only posted things that companies gave us permission to post this would be a press release site and none of you would be here. News is stuff someone doesn’t want you to write. The rest is advertising.
Michael, life is not that simple and I bet you’ll receive a few more reactions along the way by people who feel that you’re like a guy “fencing” I’ll gotten goods. Most of us have come from your Twitter feed tweet to read this news of yours and while I may be curious what this is all about, I can’t help see the irony in you posting this news on Twitter’s site to increase viewership here. A lot of this is rubber necking at the accident at the side of the road by a company that’s pretty good to people so far. I suddenly feel pretty bad for Twitter and see you more as part of the situation that’s screwing them.
but TC *IS* a press-release site…
TC should not publish any of the information they have received which was collected in a clearly illegal manner.
I am sorry but I think it is morally corrupt to receive confidential information, which was hacked from another company, “..spend most of the evening reading these documents”, then try and find a patch of moral high ground by saying “We’re not going to post [some] of those documents”, but some of the financial projections are fair game. You are basically condoning the hack by your actions.
Had it been me in Twitters position, I would explore every legal avenue to get back at you.
Curious to know how TC management and employees would feel if it had been them that had their personal information “stolen” and others in the industry were talking about publishing some of it.
Michael said…
if we only posted things that companies gave us permission to post this would be a press release site and none of you would be here.
Michael, what you intend to do, makes you a hypocrite. Someone just handed to you stolen private properties that belong to someone else (Twitter). You should return the property to the rightful owners and perhaps request or seek their permissions (with no coercion) to publish only certain things that TC is interested in, but such info won’t be damaging to running their business. Again, if they decline, you should respect that decision.
A couple of weeks ago or so, you interviewed a top-notch anti-trust lawyer and since you’re a cheerleader for the use of anti-trust laws against private businesses, you seemed to be OK when the government robbed someone else’s properties via the anti-trust laws, but not when a private citizen stole those properties off another private citizen and handed them to you?
Return those stolen properties back, man!
Double standard & hypocrite? I bet ya?
There is no “right to privacy” — at least not in the US. Read the Constitution.
Even if there were an assumed right to privacy it is a right against invasion of privacy by the government, not other private individuals.
Maybe not in the US Constitution but it is in te Universal Declaration of human Rights
http://en.wikip...of_Human_Rights
I’m all for the right to privacy…
But I think, given US history, it might be a little naive to expect the US to start respecting international agreements now.
Nice try, but even that document is referring to rights of individuals against nations, governments, and other ruling bodies… not private citizens against private citizens.
Civil Law is what protects individuals against individuals. And neither the US Constitution nor the Universal Declaration of Human Rights claims to govern civil law.
You have the right to protect your privacy. But, if you’re an idiot and leave your laptop at the airport with thousands of private documents; well, no one violated your privacy except you. We all know there are unsavory characters in the world. It is an individual’s responsibility to accept personal responsibility for his private life, private information, and private feelings.
Once you open any of those up intentionally or unintentionally you must accept the consequences.
As soon as we start giving rights to protect ‘Stupid’ we risk sacrificing other privileges we have.
Finding a laptop, thumbdrive, or a fully-stocked hard-drive is not a violation of privacy. Having an authority figure confiscate it to divulge and disseminate the contents is a different matter altogether.
But, that’s not what we’re talking about here, is it?
Human rights?
this is the real world
but you still have a reasonable expectation of privacy or something …
just another marketing stunt from Twitter and Techcrunch, promoting Twitter TV.. we are not that stupid!
u r absolutely right Darren
Because they can, because they can..
Because techcrunch is a NEWS site, and this is NEWS?
Because the theft of documents from “the cloud” could potentially destroy the reputation of “the cloud” and thereby stunt the growth of an important new computing idiom?
Because these companies need to start taking data security seriously, when they have confidential information of tens of millions of users?
Because no-one can stop them?
Because the documents are now public domain?
Because the documents are public interest? (i’m the public, and I’m interested)
now some questions for you: Why not? Who’s concept of “wrong” should we all follow? How far would journalism have got, and how honest would our politicians be, if journalists didn’t publish against the wishes of the source?
And if Twitter was your company? You would state all of that?
You obviously do not understand the meaning of public domain. Just because someone legally or illegally posts something on the internet does not put that document in the public domain.
Being interested is not the same as the public interest. The Pentagon Papers were in the public interest because it showed the government lied to us about Vietnam. The public interest overrode the Pentagon’s and Nixon Administration’s wishes to keep it under wraps.
Try to be a bit more informed before making such assertions.
What about UFO’s Eric? The public’s interest overrides our government’s wishes but they still keep the truth from us. So I guess it’s still their choice about what’s public interest isn’t it?
An interested public is not the same as the public interest
I’ll only reply to your comment- Basically, Twitter is direct philanthropy for us at this stage- employing a lot of devs, not charging, etc. It’s in the public’s interest that these guys continue to grow without being hassled and left to grow. The hacker will continue to leak this all out until it’s all published with or without Mashable, so it’s a dilemma. I wonder what makes them feel so obliged to an interested public? I mean yeah, it’s good stuff, but they could have cashed in a huge advantage with Twitter by not being the one to break this, I guess. They were somewhat prudent in the filtering of it all. I’d be sweating bullets if I’d interviewed there and still had my unvested IPO shares, for sure…
someone else will publish it if tc doesnt. it doesnt matter morons
This is the worst statement you could have made. It doesn’t matter what others may or may not do. It only matters what you would consider to be ethical, i. e. morally right. That is Kant’s Categorical Imperative.
Obviously, ethical sound actions are not what journalism is about, from your perspective. So how on earth can you make out the right as a journalist to discover injustice and bad behaviour when you are not adhering to ethical behaviours yourself? You are opening up to loosing all credibility and that is all the reason why people read the output in the first place.
Maybe TC aren’t Kantians but Utilitarians. It’s not like Kant came and all matters on moral philosophy were settled forever.
And to be nitpicky Kant’s morality is not relativist, i.e. it’s not about what you consider to be morally right. The categorical imperative claims to render universal moral laws that are binding on all rational beings.
Kant is a moral absolutist. Hence the usage of the word “categorical” in accompanying imperative. And any person citing Kant in a discussion relating to the leaking of documents is extremely misguided. Kant should be quoted only in dark rooms in the underbellies of universities when there is nothing left to say about anything else, and even then it should be done with the greatest resistance. Voluntary Kanting is offensive and unscrupulous.
Keep up the bleating sheeple.
Well yes, there are other unscrupulous sites around. I suppose by collating all the unscrupulosity into one place, that’s one place I don’t have to read any more.
And no, just because someone sends “a zip file of 300+ documents” that doesn’t imply *any* of them *have* to be published at all. Smells way too underhand and fishy all at once.
you idiot anonymous, at least clear your twitter username when commenting.
Lolz his blog is supposed to be anonymous ..but not Twitter ..#Fail
Do’h! I caught that too. *snicker*
i didnt know that this blackmailing concept still applies . some people r simply put “unconcious” to use the term like Esther Harding and Jung used it. when they grow up ( not old ) they rediscover that there are better things to do than playing God with other peoples sensitive data. what happened to “mind your own business?”
right dear..it shud b
because they have it and they can publish it!
For the lulz!
Why, you ask?
Because it’s time to let society know that:
WE SHOULDN’T PUT OUR ENTIRE LIVES IN DATABASES !!!
Nothing connected to the net is secure.
And if you combine all those datasets of your person that are out there, you’ll get a very detailed file.
Example: In a few years or months, it will be easy to instantly get the complete name of all actors in adult movies by face recognition tech combined with (for example) Facebook pics (or whatever).
I think it is a bit late for that… all of our lives are in databases.
Did TechCrunch pay for this information?
I’m hoping that there is a law enforcement investigation of this activity.
Twitter may have had very poor security practices, but gaining unauthorized access to computer systems is a violation of the law and any part of the law that can be used to deter this sort of behavior in the future should be used. That includes investigation of accomplices.
Lets not beat about the bush – this information was stolen. It is also a breach of Twitter and employee privacy as well as continues the long standing debate on cloud and web based security. I can though also understand the news worthiness of this data breach. All I can say at this point is “ask yourself, would you like it if someone stole your personal and financial information and published it for all the world to see?” I know what the answer would be.
Your legitimizing the illegal and unethical actions of this person by publishing this information. Bad move TechCrunch. Very poor decision.
I agree with Brad White…move on Mike and leave Twitter alone and let them try running a start up the city. Not cool at all. This will be black eye for Techcrunch. Let some other fools and other websites that have access to the same info do it but don’t join the rat race and have some class. i agree with Brad all the way. People jobs at Twitter might be at stake.
I agree. It seems that this hacker has decided that these documents will end up on the internet one way or another, but by facilitating that process you’re essentially becoming an accomplice in the laundering of stolen information. This betrays the trust of the companies that you cover and the readers who follow you, all in return for an easy scoop. Shame on you, TechCrunch.
Mike is guaranteed to get slapped with a lawsuit from Twitter if this happens, and I can’t say it won’t be fun to watch in court. Go for it, Mike.
This isn’t “news”. If Twitter was selling arms to a third-world dictator, that would be one thing. These are just stolen goods.
Totally agree that publishing ANY of this information crosses the line.
TC didn’t hack anything they just received docs there is no law preventing them from publishing. And I think they should they are a news site after all.
Whoa!! If twitter guys cant even protect their own data, on what basis should we trust them with our data n tweets??
It wasnt their twitter accounts that were hacked. Other services were, just that twitter employees were targeted.
Not a good look. I understand your position, eitherway you lose. We expect unbiased news, but I also understand the need to have the respect of fellow entreprenuers and readers. I think the best thing you could have done, was not mention it at all. Its really lose lose at this point.
right marcs
dis is absolutely right wht u r saying
What is private about your tweets?
Nice post Michael. This is definitely a valid issue that has been ongoing and has not been focus on. The problem is that more people are becomng more open with their information but they are not educated/being aware of the consequences. There should some guidelines set in place to provide precautions.
- Darren at AdExcel dot Com
That’s a pretty bold move Mr. Arrington. While I’m sure the folks at Twitter will be upset, if you don’t publish the documents, I’m sure someone else will.
Someone most certainly will, and it will be big news. I wouldn’t be surprised if this gets on mainstream news, what with their obsession lately with Twitter.
However, while I do support a news site’s decision to post damaging but important information obtained by legitimate means, such as anonymous interviews, I think your decision to publish this provides serious incentive for hackers to attack other companies.
TechCrunch, the geek version of a tabloid magazine.
Its sure getting there… LOL
Not fast enough if you ask me. WHy should the pretty people have all the fun?
Uh, not so much. Tabloids make garbage up. Taking real documents and publishing them doesn’t make you a tabloid.
People here are always bitching about how this blog is a whore for companies that pay to advertise or a whore for companies who have the “right” venture capital, or a whore for Jason Calacanis (an inane claim, btw). So, when Techcrunch finally decides to do nitty, gritty, down and dirty, real investigative journalism, people BITCH even louder?
The Techcrunch audience is impossible to please.
You think this constitutes investigative journalism?
I’m pretty sure investigative journalism involves actually investigating. This is republishing information somebody *else* investig—wait, no, that’s information somebody else *stole.*
I do not think you should do that. I really don’t. These are are company documents, most likely ‘taken’ without their consent. Wouldn’t you also like it if stolen property is returned to you? Seriously. Honor, man! Honor.
What about their journalistic duty to publish relevant news. I think not publishing them would be dishonorable.
Wow
I believe this is called “falling from the cloud”. And a big reason my emails are stored locally like the good old days.
+1
++ and… don’t write anything on the internet that you dun want others to know and delete/deny anything your friends post and tag that you don’t want others to know.
It’s a very dangerous world here in the internet.
I store emails locally too!
Don’t use phone either, or write anything on paper
Stored locally?
So you run your own email server(s) and only send emails to other mailboxes on your own private LAN?
Right.
That’s exactly what I was thinking.
Tools.
I bet they are hitting the vodka about now.
the original security hole seems to be Google, via Google Apps for your Domain. Some passwords were guessed and things started to fall apart from there. Most (or all) of these documents were downloaded from Google’s servers.
Then don’t go after Twitter for gods sake. Go after Google Doc and Google Apps. Leave EV alone before he loses his job b/c of some wise ass hacker.
The scenario described would be Twitter’s fault, not Google’s. Everyone knows passwords can be guessed through brute force. If you’re a site as big as Twitter, you just don’t allow public interfaces to sensitive data that involved password authentication at all. There’s absolutely no way this is Google’s fault. They didn’t choose the password or put the documents there.
That’s it! This is a plot to discredit Twitter and Google all in one fell swoop by Ballmer. (How’s that for paranoid?)
I don’t think the newsworthiness of these documents outweighs the owner’s rights to keep this information confidential. I wonder if the SEC might be moved to look at TechCrunch for insider trading violations if there is information about their plans for certain business activities in the future?
Don’t think Ballmer wants to discredit a company he’s probably trying to buy–Twitter.
What is newsworthy is that the documents were stolen, not what they contain. Printing how they were obatined is news, printing the contents of the documents is tabloid trash.
Would you want document published if stolen from TechCrunch? This is not cool.
no, I would not.
Wait?! What?! Really?! Maybe I am misreading this but you wouldn’t want documents released that were stolen from TechCrunch, but you are gleefully releasing these *stolen* documents from another company?
Leo Laporte hasn’t been more right in his opinion of you.
I followed TechCrunch for ‘news’, it’s just trash tabloid stuff now. Not that you could give a da** but if these documents go out on TC I am unfollowing and un-RSSing it all.
Bye.
did you just self-censor the word “damn”?
Your nick is amazingly appropriate.
What has “twitter” or “michael” liking their documents published got anything to do with the decision to publish them, if they were acquired without their approval in the first place.
I mean, pay attention: Michael answered truthfully. I don’t believe he, or anyone, believes Twitter would want their documents published without their consent. The whole argument and post deal precisely with the fact that some of them might see the light of day (directly or “paraphrased”) without them wanting it.
You wouldn’t read this because you’re unsubscribing (god, how tired I am of this ridiculous threat).
This is hypocrisy, and a colossal dick move.
Your scoop here is that Twitter’s private information was hacked illegally. You can report that without any ethical question marks at all.
Benefiting from the spoils of that illegal act, on the other hand, is abominable.
I’d even say that reading those files was crossing the line and you should have notified Twitter and the authorities after skimming to verify that the material was authentic.
Regardless, while reading, if you found evidence of illegal or unethical actions or plans by Twitter, then I guess you could justify publication by being in the public interest — look at the UK’s MP expenses scandal for such an example — but your opportunistic fishing trip is just plain wrong.
@arrington, you disgust me.
Which is probably why the key to Mikes city isn’t protected only by the name of the street he grew up on.
Interesting! I did a reference for an engineering technologist who interviewed at twitter as a app security guy just few weeks ago. They asked him about cloud security, gears and security, and amazon aws security, hosted document encryption etc. Wonder how long has twitter been aware?
This really brings interesting question about if one can trust google as a the safe thing to have. May be we are not ready for the enterprise class..
Isn’t publishing stolen confidential information a violation of some Trade Secrets law?
http://nsi.org/...ionage/usta.htm
You can bet they’ve consulted lawyers before moving forward with any posts though..
The esteemed Mr. Arrington *is* a lawyer. Or at least he used to be.
Since it’s been publicly disclosed, it’s publishable.
Better luck next time, trade secrets.
Well I would say this is “Highly Distressing” …..
You shouldn’t publish any of these documents… You shouldn’t even have posted this blog post.
I think it’s unethical. The documents were acquired illegally and they’re confidential. You should have just ignored them, no matter how much “news value” is in them.
I’m very disappointed. Try to put yourself in their shoes for one moment… You should just let it go.
If it becomes public somewhere else anyway, so be it, but don’t get involved.
did you write a letter to the WSJ when they posted the peanut butter manifesto?
http://online.w...k_20061125.html
The New York Times wouldn’t have take the time to worry about what the right thing to do is. A quick call to their lawyer and they would have then posted everything they could legally. We’ve gone way beyond that, including having discussions with Twitter earlier this evening.
So what your saying is twitter realizes they can spin this as googles fault… and use it for marketing purposes..
Seriously… just look at the posts.. first it was gov’t has access to twitters feed.. then it was a hacker sent TC twitter files.. then TC does a post about it before they release things.. Mike tells you that he has talked to twitter…
It is beautiful marketing by TC and twitter..
“hey lets have our highly confidential, internal documents ‘hacked’ to market our service to many more people.”
marketing? give me a f’ing break.
3 posts now… and how many comments… you just have to know how to spin it.. it has played perfectly..
But, Michael, if someone hands you company secrets/interna containing material that is not of interest to the public (thus protecting the public from harm, for example), why would you want to become part of that? – Did Twitter tell you, please just go ahead, publish those documents which are OURS?
because it is newsworthy.
Well, there it is. The worst answer on the entire planet.
newsworthy or gossip?
Michael, if it were newsworthy, you should have simply reported whatever news was contained in these files. Carping about secret documents and potential embarrassment to as-yet-unnamed people is not news, it is at best gossip.
The old quote about new being what someone does not want you to know is just that — a glib quote, not something to base all your journalistic decisions upon. Unless any of this information is genuinely in the public interest, you should not publish another word of it.
I’m late to the game on this one, but this is a very grey area about stuff that is more than likely newsworthy. I do sincerely appreciate you letting the audience know your thinking process about it.
The fact that there is a security breach is newsworthy. The contents gained from that breach are either gossip or evidence in a criminal investigation. Either way, they’re not news.
Just because somebody would do it, it doesn’t make it ok.
You report about startups, you organize events for startups and entrepreneurs and many people (myself included) see TC as part of the community, and as such there is a certain level of trust and credibility. Unlike the WSJ, NYT et al, where all they care is audience, publicity, money.
I see it as a sort of a betrayal. Not that you have to hide or cover anything up, but at the very least you have to think about it as if it had happened to you. What would you want them to do? It doesn’t belong to you and it isn’t in the public’s interest to know… and, in all honesty, you shouldn’t even have read it. You have to do what is right, which is to ignore it.
The bottom line is that these documents are confidential to Twitter. Funny or not, embarrassing or not, it’s NOT anybody’s business. So, regardless on how it came to you, you should had ignored it.
At the end of the day, it’s your call. At least you’ve been having doubts about it, so that’s a good sign, but you’re taking steps in the wrong direction.
-fc
Interesting coming from someone using this post to drive traffic to his own site. How’s your poll coming by the way?
Well, the poll was removed from here, and I don’t really need to drive traffic to my site. Look it up on Compete. (You know the name) It’s doing quite well, thanks.
I would… but I don’t remember it anymore. Ahhhh, this is beneath me. I refuse to get into a tit for tat with someone named Felipe.
Ok, Dante… Don’t worry about it. You’ll get there some day too. Keep trying!
Felipe, I totally agree…just because the hacker was unethical, there’s no need for TC to follow in his footsteps.
Obviously the breach is newsworthy – and if anyone should be slammed for it, it should probably be the person who chose the account password, and perhaps even the person who decided sensitive documents like this should be stored online – but the actual documents themselves are stolen property and should be treated as such.
Would you cycle around on your neighbours bike if someone stole it and gave it to you? It really is that simple.
Arrington asks: “did you write a letter to the WSJ when they posted the peanut butter manifesto?”
That wasn’t a stolen document. That was a “leaked” document from a trusted source who was sent the memo.
See the difference?
lol. if we only posted things that companies gave us permission to post this would be a press release site and none of you would be here. News is stuff someone doesn’t want you to write. The rest is advertising.
don’t journalists at news orgs do the hard work of seeking out facts honestly with integrity? not resisting the temptation to print out facts acquired through theft instead of your own labor is not the same thing.
I disagree. Twitter is a tech company, this is a tech publication. I understand the moral high ground, and honor can still be maintained by not publishing anything that may threaten the security of Ev and those whose accounts were breached… but publishing things like the idea for the TV show, Projected growth etc. still lies within moral boundaries. Where would Governor Sanford be if Gina Smith hadn’t stumbled upon those emails and went public? Still fucking his mistress (and the people of south carolina). Publish it Mike…
yeah. i mean, i’m looking at the security codes to get into Twitter’s building. I’m not going to publish that. And Twitter now has the full set of documents in their possession and can take steps to protect themselves. Meanwhile, I’m going to post some notes from a product meeting. I’m pretty sure everyone is going to be ok.
security codes to get into Twitter´s building can easily be changed.
strategic info don´t.
but I´m sure you handled everything with them and that we are being part of a huge circus…
http://www.zata...showtopic=10005
“I just learned that Twitter has contacted the FBI so i decided to delete all my posts.”
I googled these images from the admin panel
img244.imageshack.us/img244/308/twitter03.png
img244.imageshack.us/img244/308/twitter03.png
img244.imageshack.us/img244/twitter03.png/1/w1680.png
img244.imageshack.us/img244/308/twitter03.png
This dude originally posted this on April 29th, so this happened well over 2 months ago. Why are you guys posting about it “now”?
This is very depricated news.
Um, because they were emailed the documents today? You know, like it says in the article that you’re commenting on.
Even the Twitter blog post about it was from April 30th
http://blog.twi...n-security.html
This is way old.
I think that is in reference to the admin screenshots, this is something very different.
If what TC is saying is true, it means that the Twitter blog post about it was a total lie.
no, it was a different event.
this is new. some of the documents are dated from June.
Wow, they didn’t close the hole after a month of access from the same guy after they sent the FBI after him?
They suck. Like REALLY bad. I bet they’d get fired from my work place the same day.
I wouldn’t assume that. I’m not sure.
It’s obvious that he got this from the employee’s Yahoo email account and not Twitter after the initial attack, BUT
most all tech companies in California will NOT email internal documentation to a free Yahoo or Gmail email account.
Typically they will run an exchange server behind the company firewall and email reports and company email in the company network or remotely through an IPSec tunnel.
A big tech startup emailing company jewels(documents) to freemail accounts instead of having the sysadmin set up a proper email account for the first.last.employee@twitter.com is negligence.
It’s clear that even after nearly 3 years, they have no employee handbook or policies set up.
Suckage. I bet everybody there wears flip flops.
Well that’s what you get Flippy floppies.
I bet it wreaks of sun tan lotion over there.
Cool, look forward to seeing the Twitter TV show thing. Twitter has huge ramifactions for online video, particularly live online video.
I predict this will be the beginning of the end of TechCrunch.
Naaa… the beginning of the beginning. They hold in their possession possible answers for one of the biggest questions in tech… how will they monetize.
That would be interesting…
Trying to imagine the shitstorm you would cause if someone did that to you
Is this a practical joke? If it isn’t then it’s either a satircal take on the UK Telegraph’s exposure of MP’s expenses or a warning signal to startups who’ve got their heads stuck in the ‘cloud’ mumbling gibberish about ‘transparency’. In any case I cannot see that it’s in the public interest to release this material other than for the sensationalist effect that you already suggest. I expect Twitter to sue for damages.
Yeah, yeah, loss of revenue…
:grabs popcorn:
this could potentially be as uncomfortable as when I saw Bruno.
IANAL, but aren’t essentially willfully participating in a criminal act? If I *know* the stereo/tv/whatever I’m being sold was stolen, I’m an accessory to the crime, no?
No, typically any information, even if obtained illegally by a third party, is admissible in a court of law. Similarly I would think that if you are passed illegally-obtained information, you are not under obligation to withhold it from the public, with some exceptions.
Not illegal, but tortious. Tippees who receive information in violation of a fiduciary duty can have a surprising degree of legal liability. They are so going to get sued for this.
Must be a slow news week. Publishing stolen confidential documents just for the sake of doing it or because one of the docs is “awesome”? Pathetic. Sorry, but it is. You’re not breaking the Watergate scandal here, Michael – there’s nothing in the public interest that justifies publishing these documents.
really? THIS story got a “slow news week” comment from someone? Maybe you’re annoyed with twitter stories, but they are the hottest startup out there. Documents like these are a huge story and winner. Daniel, go moonwalk into oblivion for me.
Mike, can you just start limiting techcrunch comments?
Wow, someone has a real stick up their ass tonight. Moonwalk into oblivion? Just because I disagree with the frivolous publication of confidential, stolen documents?
Yes, please Michael, start limiting comments.
It’s called “journalism”, Daniel. You stupid bint.
If a bunch of secret documents fall into your lap and you run a news business, then you would publish those. Otherwise you wouldn’t be running a news business for very long.
Did you just say bint? Great word.
That’s not journalism, it’s opportunism coupled with greed. As Arrington said himself, if it was TC documents that were STOLEN, he wouldn’t want them published. There is no news here.
And what’s with the personal insults? Can you people not disagree with someone without getting personal?
Arrington is twitter’s biggest cheerleader. This is probably a PR stunt.
BINGO!
Thanks!
Though this is embarrassing and its one of those things that scares people as the the fear of personal data being compromised is genuine. and I agree that the docs should not be published at least by TC.
I’m sure the documents you’re going to release are interesting to say the least, but shouldn’t you stick way behind the ethical line on this issue?
On a, possibly, blue-eyed note… but don’t you (like I) use Twitter also to drive traffic to your blog/site? Don’t you (like I) pay zero for that service? Why on Earth would you want to collaborate with someone who stole from them? Why would you even consider doing so? If those documents don’t contain any evil scheme to do the public in, so to say, forget it, send it to the Twitter people, and get on with REPORTING!
You’re gonna post about this instead of how awesome launchly is? Bah! That said, I’m with the others… *grabs some popcorn to watch*
There is something to be said for taking the position that (a) We (techcrunch) received these documents and we could have broken the story, but (b) We chose not to. That way, you get the bragging rights to have been first to publish, without actually stepping into the muck that is sure to surround this when its published later by somebody else.
again, we’re not posting the vast majority of these files, and nothing that has to do with personal information. I think once you see what we post you’ll see how we made our decision.
The funny thing is that the personal stuff would probably create far more page views and would be less of a legal issue. But we’re making the decision based on our own ethical compass, not (mostly) the advice of our lawyers.
It is STOLEN material, Michael! What on Earth are you on about… ‘ethical compass’?! What kind of ethics you subscribe to that allow for publishing stolen material, NOT of proper interest to the general public – but harmful to the one they were STOLEN from?
Sorry, Derek, but who the hell are *you* to decide what’s of interest to the general public?
Publish the documents, TC. Publish them all!
Very simple: Private and/or confidential information that does not concern the public (e.g. because it relates to an elected official, some shady scheme and/or product fault that would harm the public, and/or the interests of a stock holder’s concern, etc.) is no-one’s business.
@ Derek… riiiiiiight, so Governor Sanford leaving his state to fuck some chick from Argentina is no one’s business? Gina Smith broke that story from leaked emails buddy…that were private, and confidential (and inspirationally romantic)…
WewewewewweWait. Did you just say people shouldn’t learn about products that could potentially harm them because it doesn’t concern the public? Or was that a typo?
Derek described a short list of some types of documents that DO “concern the public”. Dante … try not to work so hard for your misunderstandings, and Michael, it wasn’t a typo, merely a misreading on your part.
And FWIW, I, and many commentors, can easily see the difference between a document that was leaked in the public interest by investigators or staffers who hoped to reveal dangerous or criminal activities, and one that was stolen by a hacker who had no idea what he would find, and who grabbed low-hanging fruit wholesale just for the sake of doing it.
If some staffer releases memos that indicate breach of the public trust, that is one thing. It does raise ethical questions, but not related to whether the documents SHOULD have been brought to light.
But for a criminal to hack into a (albeit poorly) protected computer system (violating USC Title 18, among others) and then to pass the documents on to a “journalist” to have said “journalist” describe the documents to the Internet audience and threaten to release some of them, just for the heck of it, well, that’s a whole different story that does not speak well of the “journalist”.
Fortunately, “journalists” have no obligation to report the truth or to behave ethically under any circumstances, so Arrington can publish whatever he and his publisher want, as long as he is willing to accept the new “less-than-trustworthy” label that has already been slapped on his forehead. In this age of readily-searchable decisions, he’ll be carrying that label for quite a while.
@Stupidscript
I’d view TC as untrustworthy if they didn’t publish a significant news story.
@Dante – Any Sandford reference made relevant is awesome… … … and yeah, kinda inspirationally romantic.
you should not publish the stolen infos. there is no use for it to the public. there is no scandal or criminal act you can uncover. this is just cheap journalism. i hope techcrunch is not into that kind of thing that i only now from yellowpress offline media.
it seems desparate to just generate traffic with a possible story like this while basically saying you gave a shit about your reputation.
don’t do it.
the news is that soneone hacked twitter and forwarded the infos to you. period.
Wow. Arrington I hope you have good bodyguards. That said, I can’t wait to see the posts! LOL.
This was really a bad move techcrunch. I don’t think this is the way to get visitors to your site. You should be giving back the docs to twitter instead. Shame on you guys. I’ve many times send news tips on startups to techcruch inorder to publish them….but they never appeared. Now they have time to go through all the “confidential” docs and post tat shit.
No…..shame on you for sounding like such a pussy
That might say more about the value of your news tips than it does about TC.
I cant believe Tech crunch who is inspiration to most of us (bloggers) is going to publish documents that were clearly confidential and just some lame bugger sent you who according to you is hacker .
How pathetic is that. where is Honor trust and professionalism?.
i am gonna stop reading if its published here
I think Michael can give you better answer about Honor, Trust and Professionalism. I must say Tech Crunch will no more source of inspiration for me…
Is that the same inspiration that came up with that god awful logo? That ironically looks like a “TC”…
Shame on whoever hacked Twitter and shame on all you people egging on TechCrunch to unveil the documents. But most of all, shame on Twitter for enabling a hack.
Man – and here I thought the leaked rejection email with all the candidates CCd was bad…
You’re tossing out quite a bit of “shame” there lol.
Not cool Techcrunch. Maybe Guiness could give ya most unethical tech blog award or at least a mention on fail blog…yikes! Really disgusting move.
Microsoft Office docs more secure?
*cheesy thumbs up*
Microsoft buys Twitter within the next two weeks.
#Heyitcouldhappen
wow… that’s a wake up call..
first things first..
1. any other start-up still interested in publishing it’s confidential information on google apps (I know a few around here that do that)? thx michael for sharing that THAT was where it all started. btw THIS is the news: Google Apps is in NO way secure.
2. though I sympathize with some comments on the publication being “questionable” – it is already too late.. The blog post already contains sensitive information (Twitter TV – holy kaw). For the rest:
3. I would really love to know that TC checks with the Twitter execs which piece of information could be published and which not. Otherwise this would get them in serious trouble I guess.
What I find even more troublesome is that the breach still seems to be existing!!! This alleged hacker is reacting to things that are happening now… (like deleting his posts due to the involvement of the feds)…
I think someone should really help the Twitter ppl to close the holes ASAP.
I did speak with a Twitter exec earlier this evening about this and let him know what our plans were. He made some requests that we agreed to, others that we didn’t.
hmm… why shouldn’t you agree with request from Twitter… It’s THEIR information, THEIR documents…
I think you should comply fully with that…
and pleeeease run ASAP the story that Google Apps was the backdoor… Let them (Google) get some heat for this one, as well.
Like Mike ( and Lord Northcliffe before him) said: “News Is What Somebody Somewhere Wants To Suppress; All the Rest Is Advertising.”
Again… you are giving Twitter’s competitors an illegal advantage…
Twitter has competitors?
Seems that everyone that has a blog is talking about journalism and the law – he didn’t need to consult Twitter at all about these documents and was free to post what he intends to post, so long as it isn’t directly affecting an employees privacy in regards to their address, or any other personal information that might conflict with rights and freedoms.
Everyone keeps asking if Michael Arrington is jealous of twitter – I’m wondering if all of you are jealous of Michael & TechCrunch.
This is like my first time being on TC for more than 20 seconds, so I hold no allegiance or affiliation.
How is posting this information an illegal advantage? Please cite your claim, I’d like to know.
Should be interesting to see how it all plays out. I take it you have very little respect for Twitter. Where does that come from?
wow. no. I have tremendous respect for twitter. I love that company. now excuse me while I post these meeting notes and financial projections.
Proof positive this is just a spoof.
Hah!
Hahahaa.
This is just going way too far. Sorry but this goes way beyond journalism. You can’t legitimize stealing corporate information through this kind of behavior!
It makes me wonder if you are envious that you didn’t have the idea for twitter in the first place. There is no reason to be so giddy about publishing this stuff. Isn’t having the information already enough. This doesn’t show much moral fiber on your part. Do you have to prove (to yourself) what a big honcho you are?
Do unto others as you would have them do unto you.
I have lost respect for Mike Arrington and TechCrunch.
“He made some requests that we agreed to, others that we didn’t.”
Ok, my first time visiting this site will also be my last. Thank you for making it so easy. You epitomise everything that is wrong with humanity. I have a tiny start-up. Really tiny. However it means everything to me. If some little prick stole my private information off my server and sent it on to someone like you, well, I’d have hoped you would have had enough cop-on and moral fibre to alert me so I could contact the cops, and delete it because I didn’t want anyone reading it. Obviously you are not capable of this basic act of understanding or compassion, and are therefore subhuman. I would like to second what others have said – I hope your business is wiped out by a hacker…not just your site, but your entire business.
Ultimately all these docs are going to leak into a torrent. Their value is just too high for them not to be distributed. It took less than a day for TechCrunch to get the full set.
It makes sense for TechCrunch to post these news articles. Since the information is going to get out there anyway, TC might as well take advantage of the traffic boost from having it first.
It’s not really a question of ethics.
Personally I can’t wait to see what’s in them (and the fallout when the interview list gets leaked!).
Mike – I would really like to hear more explanation of how the TechCrunch team made the decision to apparently cross the ethical line that you don’t wish to cross. It seems to me that if you want to play it safe, it would be simple to just not act on the info you have.
I don’t understand the logic, more info would be appreciated. What did your discussions with Twitter involve? Did they ask you not to post these “juicy” documents? Did they agree with your perspective that there’s just no other choice?
the conversation was off record, not going to go into it.
what if somebody recorded the conversation and tweets it to all. You need to cool down.
um. dunno.
My take is this…you know a crime was committed…you know that the documents are not stored on Google’s servers for public access and that they were ’stolen’. Well hey then it’s obvious to me that you are gaining commercial advantage from the proceeds of theft. It’s a no brainer…you’ll be screwed…and Google will be funding the litigation with its deep pockets!
And some people say Hollywood is sleazy. Apparently, geeks can be just as vicious.
Isn’t possession of stolen property an issue in itself? Isn’t this the reason that someone who buys (for example) stolen jewelry from a pawn shop, they have to give it back? Isn’t this evidence?
Sorry for all the questions, but journalistic integrity aside, you know it’s stolen, thus you’re profiting from a crime – unless you want to remove all the ads from your upcoming posts based on the documents.
Michael. You are so much better than that. Hopefully, you will wake up tomorrow and change your mind. There is a difference between printing a memo leaked by an insider and publishing stolen documents.
And that difference is? There certainly isn’t one from a legal perspective.
Jimmy buddy, you certainly aren’t a lawyer. There is unquestionably a difference between a leaked memo from an employee and information obtained via theft or hacking.
IMO you are just giving people that want to harm the industry a stage to publish their crimes.
Alot of people won’t be amused by the publication and it can eventually also become a back-fire for your own reputation.
Just listen to your readers and leave it.
The info was gotten illegally, so posting any of it legitimizes such illegal activity, even if the info posted is innocuous. It’s shady, but it will be a surefire page-view generator.
Come on, you couldn’t post at least one doc in this post? Not one?
“There is clearly an ethical line here that we don’t want to cross,”
…and on the previous paragraph he goes like:
“But we are going to release some of the documents showing financial projections, product plans and notes from executive strategy meetings”
Your ethical line is very very blurry. You are actively contributing to the dissemination of STOLEN information, and not only that, you claim to maintain an ethical position about it.
How cynical.
Andres I tolally agree. this is no way
Well, he has the stolen documents. He thinks these stolen documents are “newsworthy.” He thinks it’s “ethical” to publish stolen company records. – I think it is, if not criminal, or assisting criminals, it is at least worth the consequence of withdrawing ones traffic from TC. Because, you know, if this how STOLEN documents are treated, what’s with all the date collected on this site? from me? From you? The proof of a sites ethics are in the pudding.
Actually the line was already crossed when they read the stolen documents in the first place.
“Someone stole a Ferrari convertible and left it on our driveway with the keys in it. We’ve caned it up and down the freeway for a few days and it’s a really good car, so we’re going to let our friends drive round in it for a bit. But we’re not going to sell it on eBay because there’s an ethical line that we don’t want to cross”.
Is there a possibility that TC and Twitter are cooking up a conspiracy?. Show the financial projections document and get high valuation by potential acquirer?. Google supposedly offered $1B? perhaps the stakeholders want more?
Just from the design you can tell that twitter is full of idiots.
No doubt – the use of ‘ruby on rails’ proves massive douchery, for one. Next, the lack of features, the constant downtime, the 140 char. limit… I’ve read interviews with their techs, too, about basically how they had no idea they were designing a messaging service to start with and made twitter work internally more like a blog hosting site. This contributes to the awful performance of the site.
So, yes. But nowhere NEAR as full of idiots as their users and the media that fawn over them all the time (they’re the new second life, and about as useful).
Guatama Buddha – “Three things cannot be long hidden: the sun, the moon, and the truth.”
Wacky Wednesday
I’m amazed at the harsh tone here. First of all, bravo for having this conversation in public before publishing. Though I’m guessing TC has considered the legal ramifications, my understanding is that the liability lies with whoever stole the docs, not someone who publishes them, unless TC instigated the theft. I’m guessing the answer to that is, “No.”
Beyond that, publishing such leaked memos or documents is hardly unusual or extreme. (See the Pentagon Papers). Of course, this is hardly a matter of national security. But as Arrington references, the “peanut butter memo” is just one of about a million such instances of leaked internal documents being posted. Just check out All Things Digital to see a pretty steady stream of leaked internal emails from Yahoo execs.
Protecting the privacy of third parties such as job interviewees, is the right thing to do. Such info could potentially destroy their careers. No reason to involve them unless there was a figure of significance (i.e., if it turned out Eric Schmidt had interviewed to be Twitter CEO).
The real question then is this: Is the information of news value? I would say given Twitter’s explosive growth, and it’s growing role in news and information, anything that speaks to its business model and strategic plans has high news value.
If you disagree, that’s understandable. But try this: Stop reading leaks about new Apple products, or Google features, or whatever gadget or online service you follow. These things are all regularly the result of such leaked documents.
As long as reasonable steps are being taken to protect innocent parties, and not endangering anyone, then publishing is reasonable.
The information in the leaks from Apple products doesn’t include “floorplans and security passcodes” of the Twitter offices. There’s a huge difference between product leaks and security leaks.
TechCrunch is way out of line.
as i said before about 20 times, i’m not publishing that, and I alerted Twitter to the issue so that if someone else does publish it, they can protect themselves.
so, mostly you are doing it just to demonstrate that you had it before anyone else?
ok, we got the point. you are entitled to a big ego and we respect that. now, please don’t make the situation worse.
I’d like to introduce you to News.
Welcome.
Mikey,
The only legit way to handle this is to NOT publish the full docs, but you could possibly publish redacted docs — with most of the information blackend out.
Either way, you should contact the FBI immediately because you are in possession of stolen materials by your own admission.
This isn’t a game. At the very least, if you publish, you are in for many years in court. This won’t go away. Google and Twitter have investors who will want this addressed harshly.
Little Mikey will be made an example of. You have no moral or legal ground to stand on. You can only loose.
TC might have a small chance at some increase traffic. Is it worth it? You’d better own lots of shares (probably restricted, heh?).
Good luck. This isn’t journalism. This is where the shit hits the fan for online media. It may be the wild, wild west — but don’t forget the sheriff will always come to town.
There are two issues here:
1. One thing is a leak – this is a hacker actively stealing information
2. TC is going to benefit from the post and yet it claims to maintain an ethical stand
TC are bitches, yet I still come back. Anyway, don’t post the stuff, seriously, this just crosses the line. ?I need to find a new PR site…
I agree up to a certain point…
News is – as Michael states above – things that companies don’t want him to publish…
BUT we are talking about “trade secrets” here. Docs from June (see above) that maybe could include internal product mgmt details, that could drive Twitter out of business (not going to happen) – or at least give their competitors a head-start.
Do you know what “fun” it is to through all your strategy over-board and start over again?
This is not a leak about a new Apple product (that is already built or on it’s way to be manufactured). As a competitor you don’t have the chance to outperform them…
This is software! Anyone reading their product features could implement that.. Remember.. Twitter has an eco-system of nearly 11000 apps surrounding them. All searching for the new killer feature.
This is very bad, if you found this info then you should keep it secrete, This post is totally illegal activity and twitter may sue you…
I’m pretty sure TC will get sued if any one of those “confidential” documents are published… legally speaking, i’m pretty sure they’re not even allowed to read them, let alone publish them…
How can you not be allowed to read something sent to you?
What contract did he enter wherein he gave up the rights to read that document?
mmm well let me state first that im not a lawyer but the way i think about this is as if someone steals my mail for lets say a period of one month, then places them all in a box and sends the box to a news company, lets say XNN… XNN has the rights to open the box sent to them, but are they allowed to go through my mail just because the box was sent to them? and even worst, publish a story about it?
A. The news was sent to them, thus how could they know.
B. They are news company, with documents that pertain to a business, not an individual. There are separate freedoms.
Michael, freedom has nothing to do with it. These documents are known to be stolen. It is illegal to use them, period.
Personal or business either way its illegal.
And you are way wrong, actually there are MORE protections for stolen business data than there are for stolen personal data.
Before you make such bold statement you’d better read some law books.
I made neither of those bold statements, actually.
Twitter documents shouldn’t be disclosed, techchurch got those documents in inbox that’s fine. But publishing it is not fine.
So they read them. big f’n deal …find a real issue t o whine about