Snapchat Search Warrants Emphasize Data Vulnerability 105
Nerval's Lobster writes "This year's revelations about NSA surveillance have upended the idea that our data—any of it—is truly secure from prying eyes. That uncertainty has sparked the rise of several businesses with a simple proposition: you can send whatever you want via their online service (text, images, video), and that data will vaporize within seconds of the recipient opening it up. One of the most popular of those services is Snapchat, which allows users to take "Snaps" (i.e., videos or photos) that self-destruct a few seconds after the recipient opens them; that data also disappears from the company's servers. But is 'disappearing' data truly secure from prying eyes? Earlier this week, Snapchat admitted to a loophole in its schema that leaves Snaps open to viewing by law enforcement — provided the latter shows up at the company's front door with a warrant. Until a recipient opens a Snap, it's stored in the company's datacenter. In theory, law enforcement could request that Snapchat send it an unopened Snap. 'If we receive a search warrant from law enforcement for the contents of Snaps and those Snaps are still on our servers,' read an Oct. 14 posting on Snapchat's corporate blog, 'a federal law called the Electronic Communications Privacy Act (ECPA) obliges us to produce the Snaps to the requesting law enforcement agency.' Law-enforcement entities have hit Snapchat with 'about a dozen' search warrants for unopened Snaps since May 2013. 'Law enforcement requests sometimes require us to preserve Snaps for a time, like when law enforcement is determining whether to issue a search warrant for Snaps,' the blog continued. That surveillance could also go beyond unopened Snaps: Snapchat 'Stories,' or a cluster of Snaps, live on the company's servers for up to 24 hours and can be viewed multiple times, which broadens the window for law enforcement to poke its way in."
Re: (Score:2)
It could be worse. If a man in the middle intercepts the communications, they have it indefinately. One of the first things they teach in forensics is that younever work from the original so a copy will likely always be around once they have a copy of it.
Re: (Score:2)
It could be worse. If a man in the middle intercepts the communications, they have it indefinately. One of the first things they teach in forensics is that younever work from the original so a copy will likely always be around once they have a copy of it.
I suspect that it IS worse. No doubt it is being intercepted without a warrant anyway, and if the parties that be get caught they just say "oops" and nothing happens to them.
It's a big planet (Score:4, Interesting)
What I don't understand is why anyone runs any service with any sort of privacy angle from the U.S. There are freer countries with good Internet access. Pick one, and put all those U.S. subpoenas on the bottom of the birdcage, where they belong.
Re: (Score:1)
And how are you going to trust them? I sure as hell wouldn't. For the right price they'll cough up anything. Hell, they'll even make up shit if the cops want you that badly. Prosecutors have quite the history in that department. The best way to deliver a message after all these thousands of years is still through the classifieds or letters to the editor of a national or global daily periodical. Because even through Craigslist they can still track who reads the ad.
Re: (Score:2)
Outside the US the NSA pretty much has a free hand, not the mention the local law enforcement and intelligence agencies. Take your pick.
Or were you thinking of some countries that have both good internet and no law enforcement and intelligence agencies? Any names come to mind?
The internet makes for a very small planet. It is much more efficient to send a packet by internet than by plane.
Re: (Score:2)
Everyone has law enforcement, not everyone has no knock raids that go wrong so often it's a meme. And the NSA clearly has a free hand in the U.S. as well, so that's not much of an argument. I would consider setting up a service in Hong Kong, most Scandinavian countries, Canada, and a few countries in Latin America and the Caribbean before I would consider the U.S., the particulars of the situation would narrow it down.
Re: (Score:2)
Actually no, the NSA doesn't have a free hand in the US. That is what so many of the stories have been about - have they been properly abiding by the limits? But you're thinking about Hong Kong? That is too funny, really. You'll pass on the possibility of US surveillance for a practical guarantee of Chinese government surveillance? As to Scandinavia, both Sweden and Finland [yle.fi] have internet surveillance operations, not to mention Germany, France, UK, and plenty more in Europe. Canada does too. In fact t
Re: (Score:2)
If you really think the NSA has any meaningful domestic restraint, hey, that's your call. But that you imply that every country in Latin America is a police state is pretty much a conversation ender for me.
Re: (Score:1)
A number of Latin American nations are police states, and since you apparently seek to be outside the reach of the NSA one has to assume you would go to hostile regimes such as Venezuela. Conversation ender? Ah, I see. One may denigrate the United States, but no part of Latin America. I get you. No loss to me. And if you post something silly in the future I will still feel free to respond to it as appropriate. Adios.
Re:RetroShare (Score:4, Informative)
RetroShare baby.
I like retroshare. I have installed in my computers. the problem is; get everyone to use it call me when you have that one figured out.
All the people I have talked to trying to get them to use it fall into one a of a couple of camps.
1. they think that all encryption is somehow back-doored by the NSA/CIA/FBI/DOD/$InsertThreeLetterAgency anyway so it is a exercise in futility.
2. they think they are too boring or have nothing to hide
3. they think your tinfoil hat wearing paranoid.
The media constantly actively attacks Snowden and Assange for being horrible "narcissistic treasonous traitor" and smear Manning for being Gay. Or plain Ignore the leaks.
The politicians don't care or support spying.
The spys lie to congress and nothing happens and worse get put in charge of their own oversight.
The courts are conspiring with the spys. see fisa courts
The corperations compete to see who can bend over the farthest, those that don't get destroyed see lavabit.
And finally the people are either to apathetic ignorant or paranoid to do anything.
whats a cryptogeek to do?
Re: (Score:2)
whats a cryptogeek to do?
Steganography. Hide your message in various misuses of you're/your, to/too, and capitalization!
It has the side effect of enraging the classically schooled cryptoanalysts. Win-win.
Re: (Score:2)
whats a cryptogeek to do?
Steganography. Hide your message in various misuses of you're/your, to/too, and capitalization!
It has the side effect of enraging the classically schooled cryptoanalysts. Win-win.
My point was how do you get people to be proactive and use encryption not the type to use.
If Bob won't read Alice’s message because reading an encrypted message requires two more clicks, then Alice is forced to either be a social pariah or let the government spooks eavesdrop.
It does not matter what for of cryptography is used be it PGP retro-share or stenography also long a the receiving party is lazy and apathetic.
Just use RSA (Score:1)
Have each client generate a public/private key pair, store the private locally, the public on the server, and encrypt each message using the recipient's public key. Stored snaps on the server could only be decrypted with the private key, which the server doesn't have.
Re:Just use RSA (Score:5, Insightful)
Re: (Score:2)
You have to give up the Cloud ideas for real privacy.
This is not true [wikipedia.org].
This is not true [www.aui.ma].
This is not true [hcrypt.com].
It will, however, require a rethinking of the way we handle data and computation and the hardware which performs those tasks. Luckily, it's not too difficult to build a CPU which performs fully homomorphic operations. The math isn't even beyond high-school level (it's about on par with RSA). The primary issue right now is speed.
Re: (Score:2)
Luckily, it's not too difficult to build a CPU which performs fully homomorphic operations. The math isn't even beyond high-school level (it's about on par with RSA). The primary issue right now is speed.
The primary issue with homomorphic encryption is speed, in the same way that the primary issue with running Quake 4 on EDSAC is speed. No one has come up with a general-purpose homomorphic encryption scheme that doesn't also come with a slowdown that is so many orders of magnitude that you would get faster results doing the work on your mobile phone than in Amazon's cloud with homomorphic encryption. There are some special-purpose schemes for simple database queries, but each primitive operation you need
Re: Just use RSA (Score:1)
For snapchat at least it's only phone accesaable I believe, so it's a good strategy for that app.
Re: (Score:2)
Re: (Score:2)
The DOJ can go pound sand, as far as I'm concerned.
Re: (Score:2)
"Have each client generate a public/private key pair, store the private locally, the public on the server, and encrypt each message using the recipient's public key. Stored snaps on the server could only be decrypted with the private key, which the server doesn't have."
I think this sidesteps a troubling point brought up in Snapchat's statement. Since when is anybody obligated to "preserve" anything while government decides to issue a warrant? I don't think any such authority exists.
Either there is a warrant, or there is not. If there is no warrant, I'll do whatever the hell I please with the stuff I have. I am not aware of any authority on the part of the courts to force me to change my daily actions "in anticipation" of a warrant.
Re: (Score:2)
Well, a judge can order you to preserve electronic communication almost on a whim - but really, if there's a judge involved here I'd be shocked. Importantly, you have to deal with that for civil matters, where there will never be a warrant, but you're still on the hook.
Re: (Score:2)
Well, a judge can order you to preserve electronic communication almost on a whim - but really, if there's a judge involved here I'd be shocked.
That's true, but I got the impression (wrong or not) that it was not a court order, but simply a "request" by government to preserve records "in anticipation" of a warrant. In a case like that, I'd be tempted to just burn the records even if they did not incriminate anybody. Of course, if it were a genuine court order, I might be obligated to comply, but I'd contest its validity both at the time, and later in court if necessary. As I say, the authority here seems questionable at best.
I am not obligated t
Re: (Score:2)
"The judge immediately issues "keep this for 2 days" court order."
The problem with this whole scenario is this first step. On what authority does this order to "keep this material" arise? It isn't a warrant. It isn't a subpoena.
See, the error here is that a WARRANT is something used to SEARCH, in order to find illegal material. A warrant means there is probable cause -- but not yet strong evidence -- that something illegal is there. Before a warrant issues, there is no reason to believe there is anything illegal, and therefore no authority for a judge to order you to k
So basically... (Score:3)
Is this a surprise to anybody anymore?
Re:So basically... (Score:5, Insightful)
Snapchat hasn't been telling the truth to it's user base and stores private data longer than they claim to it's user base? That they do this so in case LE comes in with a warrant, they will have the info on tap for them?
No, they have been telling the truth. They store a picture until the recipient opens it. They have to, how else could they send the picture to the recipient? And the purpose is to be able to send the picture to the recipient when needed, not to preemptively gather information for the police.
And a search warrant is a search warrant. Same as fifty years ago. The police gets search warrants to look for evidence against people suspected of crimes. Are you saying that Snapchat should think about whether information it has could be evidence against a criminal and hide it if it is? I'd say absolutely not. They should protect users' data against illegal access, but giving the information to police with a search warrant is absolutely legal.
Re: (Score:2)
I have relatively limited issues with properly obtained search warrants, provided they adhere to a level of requiring material proof of reasonable suspicion (physical evidence is mandatory here).
Even if I might disagree with the sometimes extreme tenacity of the government prosecutors to obtain a guilty plea at all cost, I don't totally believe that law enforcement and things like proper warrants, are inherently evil.
That said, a search of an otherwise secure service should be able to search the service.
It
Re: (Score:2)
not to preemptively gather information for the police.
That's an assumption. If the NSA comes knocking on their door with legal papers like they did with Lavabit, you may never know about it.
Re: (Score:2)
well snapchat just now in his said that if they get served with such a thing then they save the data.
actually snapchat seems like it's the most honest cloud company about this. if they haven't been served and you use the one time read portion of it then it's gone after loading. but even that practice cannot go over (secret) court papers which tell them to save certain snapchat users messages.
Re: (Score:2)
By sending the picture (or video) encrypted with a unique key, and only sending the key when the recipient opens it.
They would still have to keep the decryption key, of course, but that won't do law enforcement, hackers, etc. any good without the data.
They are generally honest with their users, though - they do point out that any 'snaps' you send could be screenshot, that their 'screenshot!
Re: (Score:2)
By sending the picture (or video) encrypted with a unique key, and only sending the key when the recipient opens it.
Everything is perfectly fine if they send the picture encrypted, and keep both hackers and insiders away from all stored pictures. There is no reasonable requirement to keep law enforcement from executing search warrants.
Re: (Score:2)
The problem with that is that both the encrypted data and the key would reside with them. To clarify, let's say a hacker gets access to an e-mail-and-password list, but it's all weak MD5 hashes - running that across a rainbow table and further dictionary attacking will easily yield the passwords.
So what any good site would do is add a salt. Unless it's a salt that everybody in t
Re: (Score:2)
The problem with that is that both the encrypted data and the key would reside with them.
They could encrypt the photo, send the key to the recipient and then delete the key from the server. The recepient's SnapChat client would have the encryption key so all of the functionality would remain in place.
Re: (Score:2)
That would be functionally the same thing as I (and others) mentioned further up - except that we proposed sending the encrypted image/video and deleting that from the server.
Both have their pros/cons for the server/user, but sending the image/video seems the better option - less storage space required on the server, user gets the picture/video to pop up sooner (downloaded in the background, only have to wait for the key download and the decryption (fast even on budget smartphones)), and without the data on
Re: (Score:2)
You can't do one without the other. If you give legitimate users the means to avoid illegal access, you give criminals the means to avoid legal access.
Re: (Score:2)
No, they have been telling the truth. They store a picture until the recipient opens it. They have to, how else could they send the picture to the recipient?
Gee, maybe they could encrypt it [gnupg.org] and just fucking send it [ietf.org]?
Oh, right. Even something "simple" like PGP is beyond users at large. Shameful.
Re: (Score:2)
All well and good except for this:
"Law enforcement requests sometimes require us to preserve Snaps for a time, like when law enforcement is determining whether to issue a search warrant for Snaps"
Which pretty clearly indicates that they will log snaps for the purposes of sharing with the authorities provided the authorities have a warrant when they come to collect the data. I'd say that quite exactly is "preemptively gather[ing] information for the police", though I suppose that depends on how you're defin
Re: (Score:3)
Re: (Score:2)
They have to, how else could they send the picture to the recipient?
Push. It doesn't always work. If a device is powered off, then push fails. But for security purposes where the data is being stored on the server, push is superior to pull. P2P is probably ideal. Cut out the middleman. Send directly via an encrypted channel.
It doesn't really matter though. If the courts mandate Snapchat give up their encryption keys (like LavaBit), the only thing that could possibly stand between the data and a LE agent would be client-side encryption.
Re: (Score:1)
Although I agree with you in the case of snap chat, normal people just don't think things through like that. I for one didn't know its not pushed to your phone until you read it.
The other thing is its not just police search warrants you have to look out for.
In many states a lawyer involved in a lawsuit (for example a divorce or child custody hearing) can issue their own subpoena for electronic records *without* law enforcement or the courts reviewing it. In this case its not evidence of a crime... but your
Re:So basically... (Score:5, Informative)
So basically the COURTS sign the warrants because of LEGISLATION that allows them to have this authority, and you should take issue with the Legistatures and Judicial bodies who exercise authority to tell companies what to do.
It is all well and good that a company says they will do what they can, but all this authority comes from the laws and lawyers, not the server admins, not even the cops.
Court Order (Score:2)
How does one protect oneself from a court order? I guarantee that if Snapchat gets an order to log information that they will do so. The best you can hope for is that another party couldn't get information that predates the order, but if you never know if and when an order is in place, you can never be sure who has seen your data.
Re:Court Order (Score:5, Informative)
1) don't put yourself in a situation where someone wants a court order for something you have
2) ignoring 1, don't send incriminating evidence electronically
3) Ever
4) If you're stupid enough to ignore 1-3, pass one time, strong passwords in person, then encrypt your files locally and send them by any means you aren't supposed to be using based on 1-3, above. Then destroy your copy of the password and the entire computer you used to create, encrypt, or send the message.
Though, really, sticking with 1 and 2 is your best bet.
Re: (Score:1)
Right because surveillance has never been done against innocent people or against someone for political reasons either. No, you only get surveillance on you by doing something bad.
Re: (Score:3)
Re: (Score:1)
Which could be anything or nothing.
Re: (Score:2)
He didn't say that. He said don't do something they won't like.
"They" could be any individual in a position of power abusing his authority for personal reasons, sort of like those NSA agents spying on their crushes [cnn.com]. It's impossible for someone to avoid that because their actions are not based on the laws and protocols they are supposed to be following.
Re: (Score:2)
Right because surveillance has never been done against innocent people or against someone for political reasons either. No, you only get surveillance on you by doing something bad.
I think this company is in the USA, so you are saying the police can get search warrants signed for political reasons?
Re: (Score:2)
Yes, they have. It's also illegal, and if they get caught the evidence must be excluded from the court. Usually those cases are more about intimidation for political purposes, not day-to-day stuff. It happens in exceedingly rare cases. Here's an analogy: Do you have you had a child which had it's spinal cord formed outside of the vertibrae? It's rare like that. IT scares the living shit out of paranoid people, but 99.99999% of us will never run into it.
Re:Court Order (Score:5, Insightful)
Unfortunately, dragnets are wide and indiscriminate, and worse, definitions of wrongdoing are local and plastic.
Re: (Score:2)
Indeed they are, which is why you probably shouldn't be discussing items of a sensitive nature - something you absolutely don't want anyone to know about - using regular digital communication. The idea that you should never put in writing what you wouldn't say out loud is as valid today as it was 300 years ago. If you quit believing the fallacy that electronic communication is perfectly private, you can go forward properly.
The OP asked how to avoid having items be the subject of subpoena. The answer is "wha
Re: (Score:1)
You assume that you have to do anything illegal for someone to want to spy on you. There are plenty of legal things that the powers that be doesn't like.
Re: (Score:2)
Host your data is a hostile country. You think Iran cares about a US court order?
Re: (Score:2)
How does one protect oneself from a court order?
From TFA: "leaves Snaps open to viewing by law enforcement -- provided the latter shows up at the company's front door with a warrant."
There is no front door. Please deposit an electronic copy of all warrants and national security letters in our /pub subdirectory.
Where the world can see it. So, you aren't protected against a search. But at least the gov't can't hide it from your customers.
Useless product (Score:1)
Earlier this week, Snapchat admitted to a loophole in its schema that leaves Snaps open to viewing by law enforcement
In other words, these companies are selling snake oil. Their systems provide no extra benefit other than quick deletion of messages. Nothing prevents the NSA from showing up with a FISA order to store and forward all messages from an individual. They are still just as vulnerable to NSA spying as any who came before.
Re: (Score:2)
Barring multiple companies that messages pass through in multiple countries (likely countries that don't like each other so multi-national warrants won't go through), the only place one can really be assured of security would be the endpoints. One has to assume that every point a message goes through, be it a router or a mailbox, the message is saved off permanently.
Self-destructing messages are a joke. I've read some ways of trying to implement it through having a number of places that store a piece of t
why is this so hard? (Score:1)
Re: (Score:2)
Yes. The problem? Most people suck at working with encryption - They either can't handle it at all, or they do something phenomenally stupid that exposes their private keys to the whole world.
Realistically, if not for the underlying need (for most people) that any encryption works completely transparently, we would have no need of specialty encrypted cloud storage in the fi
So what key words will alert security agencies? (Score:2)
Re: (Score:1)
So what key words will alert security agencies?
@ [schneier.com] seems to be all you need.
Wickr seems good (Score:1)
Wickr [mywickr.com] claims a zero knowledge policy, encryption/decryption is done on the devices.
There is still nothing stopping... (Score:1)
the MITM attacks being performed.
http://en.wikipedia.org/wiki/Room_641A [wikipedia.org]
Until you own all the copper and connected devices you aren't secure.
Even then, you better trust everyone performing mainenance on said resources.
Message security has to be end to end. (Score:5, Insightful)
From now on, all point-to-point message security has to be end to end. At no point in the middle can a message be plain text. The era of trusting service providers is over.
We really need is a good way for people to publish their public key, in a place where tampering with it will be detected. Somebody needs to solve that problem.
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
We have this technology... keyservers that replicate among each other. Someone's key that is deleted from one will remain on the others, and eventually gets propagated back. Keyservers are designed to copy and add data, never delete/remove items. So, a key that gets on there will remain there forever.
Of course, if every keyserver gets compromised at the same time, that is an attack, but if one is left that still has the key on it, it will propagate the next replication session.
Re: (Score:2)
Each key has an ID. If someone plops a key with the same key ID, the server will keep and propagate both. This is actually an attack one can do. To deter it, that is why keys are signed, so that a key belonging to prz@acm.com with a page of signatures from old school USENET people is likely to be the right one, while a prz@acm.com with 1-2 bogus signatures and the same key ID (but a different fingerprint) isn't likely to be Phil's key.
The wrong approach? (Score:5, Insightful)
Re: (Score:2)
Re: (Score:2)
How about instead of trying to duck and weave around the NSA we do it right and demand they dismantle their illegitimate spying apparatus? Remember the part about where the government is supposed to answer to the people?
This discussion isn't about NSA. It is about a company providing information when they are required to do so by a legal search warrant and when they have the information, and about the company telling the customers what they are doing.
You can come up with all kinds of things that the company could be doing theoretically without telling anyone, but that is obviously pure speculation. And the exact same speculations can be made about any company that ever comes into contact with any customer data.
Comment removed (Score:3)
Newspeak (Score:5, Interesting)
a federal law called the Electronic Communications Privacy Act (ECPA) obliges us to produce the Snaps to the requesting law enforcement agency.
Is it a rule now that every law has to be named to imply it does the exact opposite of what it actually does?
Re: (Score:2)
Is it a rule now that every law has to be named to imply it does the exact opposite of what it actually does?
The laws would never pass if they didn't.
Re: (Score:1)
a federal law called the Electronic Communications Privacy Act (ECPA) obliges us to produce the Snaps to the requesting law enforcement agency.
Is it a rule now that every law has to be named to imply it does the exact opposite of what it actually does?
There is, in fact; it is called the Federal Legislation Transparency Act.
Re: (Score:2)
The process of naming laws has pretty much destroyed irony.
Re: (Score:2)
No, it is just 1984 happening right before your eyes.
Re: (Score:2)
I'll just drag this off-topic-train right off the rails.
Did I miss the part of the ACA that outlawed private insurance? Why can't you continue with your same insurance provider? If they've chosen to increase their rates, then that's just a private company making a business decision.
Also, $500 makes you drop 2 employees? If they're only costing you $250/month each then they're probably better off without your "employment".
a solution (Score:2)
Actually quite good (Score:2)
When I first read this several days ago (nice job, /.) I was actually surprised they were that good. I'd always expected when push came to shove it would turn out they were keeping copies of all the images 'for security' or something. I'm kind of amazed the NSA can only get at ones that haven't been read yet...
You think that's bad (Score:1)
All your Microsoft email and Yahoo email is scanned for keywords and the result sets are sent to Bing, identifying you.
Privacy - oh come on, you're Serfs, stop pretending you are Citizens.
The truth comes out (Score:2)
This proves it to me. The NSA is really only concerned with collecting all the titties. They have the nude scanners at the airport to catch anyone who travels. Systematically they have infiltrated every possible way people use to share nude photos. Snapchat is a goldmine. All their dreams come true. Tits with every warrant. Now, with their unrivaled collection of nudie pictures they will rule the world with a strong masturbation hand.