In the latest flip-flop, Twitter took away blue ticks from verified users who had not subscribed to Twitter Blue last week, only to bring them back a few days later for those users who have more than one million followers.
From Amitabh Bachchan tweeting 'tu cheez badi hai musk musk' to Stephen King being confused about why he has a blue tick he hasn't paid for, Twitter’s new policy regarding verified accounts has been chaotic, to say the least.
To understand the implications of Twitter's confusing paid verification model, The Quint spoke to Udbhav Tiwari, head of Global Product Policy at Mozilla, and Aman Taneja, principal associate at Ikigai Law, a tech law and policy firm.
What are the risks associated with paid verification?
Udbhav Tiwari: It is not the paid verification bit that creates the risks, but the processes and procedures that Twitter follows in order to verify an account. When people got a blue tick before this, Twitter used to verify their identity in some form – either online or via identity documents – before granting it to them. The paid aspect of it doesn't change the reality that we just have to determine the identity of an individual before verifying them as legitimate or illegitimate individuals.
The same thing extends to companies that usually ask for some kind of documentation to prove that the Twitter account is actually controlled by someone in the company before giving it a verification. And all of this used to happen before the paid verification system as well.
For context, Twitter's verification process before Elon Musk took over the social media platform was more rigourous. You can read more about the same here.
What about identity theft or deceptive trade practices?
Udbhav Tiwari: That's got nothing to do with paid verification. When the paid verification system was first launched, there were many online reports of how individuals were changing their names post-verification. So like, they got a blue tick to their name, John Doe, and then changed the name, hypothetically to Mick Jagger. And therefore, people thought that that there might be an actual Mick Jagger.
In practice, Twitter has now imposed some restrictions on how often you can change your name, after you get a blue tick, including right immediately after you get the blue tick. And if you make some changes, that sometimes leads to the tick temporarily disappearing.
Therefore, the risks that stem from paid verification, whether it's identity theft or deceptive trade practices, have nothing to do with the $8 or how much ever in rupees that people are paying, but instead have to do much more with the processes and procedures that will follow, where clearly there is scope for a lot of improvement.
But the problem is not just that a verified account could pose as you, it's also about how a non-verified user could pose as you. As a result, users either have to pay for Twitter Blue or face the risk of being impersonated. If a user does not want to live with that risk, then Musk is essentially forcing users to pay for verification vis-a-vis Twitter Blue, which could amount to deceptive trade practices.
Additionally, going beyond deceptive trade practices, Twitter could be engaging in unfair business practices as well. One such example is Twitter claiming that people have subscribed to Twitter Blue, when in fact they have not, like the case of Stephen King as mentioned above. While Musk claims to be "paying for a few personally (just 'Shatner, LeBron and King'), there is no official statement from Twitter about what is actually going on. After all, it was Rolling Stone that reported the one million follower cut-off.
Another strange aspect is that celebrities, who are dead, have become Twitter Blue subscribers, obviously without their consent, like Chadwick Boseman, Kobe Bryant, and Sushant Singh Rajput, to name a few. For instance, if you click on the blue tick next to Sushant Singh Rajput's username, this is what it says:
Is paid verification legal within the IT Rules or any other law?
Aman Taneja: The IT Rules simply require that social media platforms give users the option to verify their identity. The rules give flexibility to the platforms to figure out what an appropriate mechanism for this looks like. There is no fixed limitation on this verification being a service that is charged for. At the end of the day, it is a service that is being provided and it is up to the company offering that service to determine if and how they want to monetise it.
Does phone number verification raise data protection concerns?
Aman Taneja: Not really. How this data is handled and used by the platform is subject to the contractual terms between the platform and its users. Global platforms are subject to data protection laws of various jurisdictions, and as a result, follow global best practices that apply to handling user data. Having said that, India is still formulating its own dedicated data protection law, so Indian users still don’t have access to the additional protections that a law like that could potentially offer them, like the ability to approach a data protection regulator.
Will users who pay to get verified attain some lesser-known advantage?
Udbhav Tiwari: Well, Twitter has also started referring to the content posted by people with blue ticks on the feeds of non-verified accounts. It has officially announced that it will recommend tweets from accounts that have the blue tick, even if you don't follow them, So, what this will create is a system where people who pay Twitter will get more visibility on it.
This essentially takes Twitter back to the "lords and peasants system" that Elon Musk set out to fix in the first place. Here, he is calling that system "bullshit," and demanding that "power" be given "to the people."
Are we nearing Aadhaar-based verification for social media users?
Aman Taneja: No. There are no existing legal provisions or even active policy conversations where it is being suggested that Aadhaar-based verification should be mandated to verify social media users. The existing rules also talk about offering users a voluntary option for verification. In any case, there is a fairly robust KYC (Know Your Customer) mechanism in place at the access layer of the internet. You have to do a stringent KYC to get a phone or broadband connection, so it’ll be hard to justify measures to mandate mandatory verification for every service you use.
But the Grievance Appellate Committees, which have been set up under the IT Rules to hear users' complaints against large social media companies such as the likes of Facebook and Twitter, currently require users to provide their Aadhaar details to log in to lodge a complaint. This is not the same as requiring Aadhaar-based verification for social media, but it does make Aadhaar mandatory to access this appeals system. The Software Freedom Law Centre has made a representation to the IT Ministry to change this requirement.
Last week, The Indian Express reported that the central government has proposed draft rules that allow private entities to carry out Aadhaar authentication for a number of services. The expansion of Aadhaar's ambit beyond government services is something that the Supreme Court deemed "unconstitutional" a couple of years ago.
(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)