Advertising Law Blog

On Thursday, August 6, 2009, the microblogging serviceTwitter was hit with a dedicated denial of service (DDOS) attack, an Internet-based effort that clogged and ultimately shut down Twitter's servers until the company could launch a defense. DDOS attacks are nothing new; ISPs, corporations and organizations face them all the time, and many of the "Trojan horse" computer infections are designed to place "bot" programs on victim computers to help launch future DDOS attacks. It's no surprise that Twitter was targeted; not only is the service widely popular and frequently featured in the media, but it has been used for political as well as commercial purposes, raising its profile among potential attackers. (CNET reported that the August 6 Twitter outage was the result of a massive attack targeting a single user in the Republic of Georgia.)

What may have been missed, however, is the business lesson of the Twitter DDOS incident: how many other companies were down because Twitter was? While Twitter (the service) can be accessed via the Twitter Web site, Twitter (the company) publishes an application programming interface (API) that enables anyone to write software to connect to and communicate via the service. The API also includes access to search tools, enabling software developers to create programs that not only allow posting (or "tweeting") to Twitter, but sophisticated analysis of trends, tracking company mentions, and other information management. This capability has led to an explosion of Twitter-compatible programs, including desktop software like TweetDeck and Seesmic Desktop, smartphone Twitter programs for the iPhone, BlackBerry and Palm Pre (for which I use Twee) among others, and business Twitter tools like coTweet. For now, most of these tools (like the Twitter service itself) are free, although there is clearly money being spent on development and promotion in anticipation of revenue, whether from advertising, software, advanced services, or some combination.

The problem, though, is that all of these new companies and products are depending on a single service, Twitter, which is small, privately held, and currently not generating revenue. While the company "plan[s] to build Twitter, Inc into a successful, revenue-generating company that attracts world-class talent with an inspiring culture and attitude towards doing business," it could shut down tomorrow, whether voluntarily, because of funding problems, or if it suffers so many attacks like the August 6th incident that keeping it running becomes prohibitively expensive. What happens to all the companies and products being built upon the Twitter foundation if it goes away, or even if it changes its model and ceases supporting the API? More to the point, how many of those firms and their investors (or customers) are considering those risks? Since most or all of them were down and unable to restore their services until Twitter managed to fix its problems (and since they go down each time the well-known "fail whale" appears on the Twitter site, indicating a system or overcapacity failure), they are probably thinking about them now.

Almost every business depends on others, from suppliers to landlords to corporate customers, and one's poor fortunes can impact on those with whom it is linked. For that matter, even when a business doesn't rely on other companies, the employers of its customers can cause it problems; just ask any restaurant or other shop located near a shuttered automobile plant. Entrepreneurs in particular are vulnerable to this problem, since newer businesses have less of a cushion of either suppliers or customers on which to rely. The lesson of the Twitter attack, though, is that relying on a single company, no matter how popular or well-funded, for one's entire business, is like having a portfolio of a single stock. Just as you should diversify your portfolio, you should also diversify the elements on which your organization depends.