Forgot your password?
typodupeerror
Privacy Cloud

Snapchat Search Warrants Emphasize Data Vulnerability 105

Posted by Unknown Lamer
from the perils-of-centralization dept.
Nerval's Lobster writes "This year's revelations about NSA surveillance have upended the idea that our data—any of it—is truly secure from prying eyes. That uncertainty has sparked the rise of several businesses with a simple proposition: you can send whatever you want via their online service (text, images, video), and that data will vaporize within seconds of the recipient opening it up. One of the most popular of those services is Snapchat, which allows users to take "Snaps" (i.e., videos or photos) that self-destruct a few seconds after the recipient opens them; that data also disappears from the company's servers. But is 'disappearing' data truly secure from prying eyes? Earlier this week, Snapchat admitted to a loophole in its schema that leaves Snaps open to viewing by law enforcement — provided the latter shows up at the company's front door with a warrant. Until a recipient opens a Snap, it's stored in the company's datacenter. In theory, law enforcement could request that Snapchat send it an unopened Snap. 'If we receive a search warrant from law enforcement for the contents of Snaps and those Snaps are still on our servers,' read an Oct. 14 posting on Snapchat's corporate blog, 'a federal law called the Electronic Communications Privacy Act (ECPA) obliges us to produce the Snaps to the requesting law enforcement agency.' Law-enforcement entities have hit Snapchat with 'about a dozen' search warrants for unopened Snaps since May 2013. 'Law enforcement requests sometimes require us to preserve Snaps for a time, like when law enforcement is determining whether to issue a search warrant for Snaps,' the blog continued. That surveillance could also go beyond unopened Snaps: Snapchat 'Stories,' or a cluster of Snaps, live on the company's servers for up to 24 hours and can be viewed multiple times, which broadens the window for law enforcement to poke its way in."
This discussion has been archived. No new comments can be posted.

Snapchat Search Warrants Emphasize Data Vulnerability

Comments Filter:
  • Re:Just use RSA (Score:5, Insightful)

    by stewsters (1406737) on Wednesday October 16, 2013 @12:49PM (#45144555)
    Which sucks if you want to access it from your phone, your computer, and a computer at the library. I think that syncing the keys securely is somewhat challenging for your average user. Your browser would also need to be able decrypt with the key, and doing that from javascript in a secure way is challenging.
  • Re:So basically... (Score:5, Insightful)

    by gnasher719 (869701) on Wednesday October 16, 2013 @12:51PM (#45144587)

    Snapchat hasn't been telling the truth to it's user base and stores private data longer than they claim to it's user base? That they do this so in case LE comes in with a warrant, they will have the info on tap for them?

    No, they have been telling the truth. They store a picture until the recipient opens it. They have to, how else could they send the picture to the recipient? And the purpose is to be able to send the picture to the recipient when needed, not to preemptively gather information for the police.

    And a search warrant is a search warrant. Same as fifty years ago. The police gets search warrants to look for evidence against people suspected of crimes. Are you saying that Snapchat should think about whether information it has could be evidence against a criminal and hide it if it is? I'd say absolutely not. They should protect users' data against illegal access, but giving the information to police with a search warrant is absolutely legal.

  • Re:Court Order (Score:5, Insightful)

    by disposable60 (735022) on Wednesday October 16, 2013 @01:06PM (#45144801) Journal

    Unfortunately, dragnets are wide and indiscriminate, and worse, definitions of wrongdoing are local and plastic.

  • by Animats (122034) on Wednesday October 16, 2013 @01:06PM (#45144803) Homepage

    From now on, all point-to-point message security has to be end to end. At no point in the middle can a message be plain text. The era of trusting service providers is over.

    We really need is a good way for people to publish their public key, in a place where tampering with it will be detected. Somebody needs to solve that problem.

  • by Rigel47 (2991727) on Wednesday October 16, 2013 @01:19PM (#45144957)
    How about instead of trying to duck and weave around the NSA we do it right and demand they dismantle their illegitimate spying apparatus? Remember the part about where the government is supposed to answer to the people?

"Regardless of the legal speed limit, your Buick must be operated at speeds faster than 85 MPH (140kph)." -- 1987 Buick Grand National owners manual.

Working...