Snapchat Search Warrants Emphasize Data Vulnerability 105
Nerval's Lobster writes "This year's revelations about NSA surveillance have upended the idea that our data—any of it—is truly secure from prying eyes. That uncertainty has sparked the rise of several businesses with a simple proposition: you can send whatever you want via their online service (text, images, video), and that data will vaporize within seconds of the recipient opening it up. One of the most popular of those services is Snapchat, which allows users to take "Snaps" (i.e., videos or photos) that self-destruct a few seconds after the recipient opens them; that data also disappears from the company's servers. But is 'disappearing' data truly secure from prying eyes? Earlier this week, Snapchat admitted to a loophole in its schema that leaves Snaps open to viewing by law enforcement — provided the latter shows up at the company's front door with a warrant. Until a recipient opens a Snap, it's stored in the company's datacenter. In theory, law enforcement could request that Snapchat send it an unopened Snap. 'If we receive a search warrant from law enforcement for the contents of Snaps and those Snaps are still on our servers,' read an Oct. 14 posting on Snapchat's corporate blog, 'a federal law called the Electronic Communications Privacy Act (ECPA) obliges us to produce the Snaps to the requesting law enforcement agency.' Law-enforcement entities have hit Snapchat with 'about a dozen' search warrants for unopened Snaps since May 2013. 'Law enforcement requests sometimes require us to preserve Snaps for a time, like when law enforcement is determining whether to issue a search warrant for Snaps,' the blog continued. That surveillance could also go beyond unopened Snaps: Snapchat 'Stories,' or a cluster of Snaps, live on the company's servers for up to 24 hours and can be viewed multiple times, which broadens the window for law enforcement to poke its way in."
Re:Just use RSA (Score:5, Insightful)
Re:So basically... (Score:5, Insightful)
Snapchat hasn't been telling the truth to it's user base and stores private data longer than they claim to it's user base? That they do this so in case LE comes in with a warrant, they will have the info on tap for them?
No, they have been telling the truth. They store a picture until the recipient opens it. They have to, how else could they send the picture to the recipient? And the purpose is to be able to send the picture to the recipient when needed, not to preemptively gather information for the police.
And a search warrant is a search warrant. Same as fifty years ago. The police gets search warrants to look for evidence against people suspected of crimes. Are you saying that Snapchat should think about whether information it has could be evidence against a criminal and hide it if it is? I'd say absolutely not. They should protect users' data against illegal access, but giving the information to police with a search warrant is absolutely legal.
Re:Court Order (Score:5, Insightful)
Unfortunately, dragnets are wide and indiscriminate, and worse, definitions of wrongdoing are local and plastic.
Message security has to be end to end. (Score:5, Insightful)
From now on, all point-to-point message security has to be end to end. At no point in the middle can a message be plain text. The era of trusting service providers is over.
We really need is a good way for people to publish their public key, in a place where tampering with it will be detected. Somebody needs to solve that problem.
The wrong approach? (Score:5, Insightful)