Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Privacy Cloud

Snapchat Search Warrants Emphasize Data Vulnerability 105

Posted by Unknown Lamer
from the perils-of-centralization dept.
Nerval's Lobster writes "This year's revelations about NSA surveillance have upended the idea that our data—any of it—is truly secure from prying eyes. That uncertainty has sparked the rise of several businesses with a simple proposition: you can send whatever you want via their online service (text, images, video), and that data will vaporize within seconds of the recipient opening it up. One of the most popular of those services is Snapchat, which allows users to take "Snaps" (i.e., videos or photos) that self-destruct a few seconds after the recipient opens them; that data also disappears from the company's servers. But is 'disappearing' data truly secure from prying eyes? Earlier this week, Snapchat admitted to a loophole in its schema that leaves Snaps open to viewing by law enforcement — provided the latter shows up at the company's front door with a warrant. Until a recipient opens a Snap, it's stored in the company's datacenter. In theory, law enforcement could request that Snapchat send it an unopened Snap. 'If we receive a search warrant from law enforcement for the contents of Snaps and those Snaps are still on our servers,' read an Oct. 14 posting on Snapchat's corporate blog, 'a federal law called the Electronic Communications Privacy Act (ECPA) obliges us to produce the Snaps to the requesting law enforcement agency.' Law-enforcement entities have hit Snapchat with 'about a dozen' search warrants for unopened Snaps since May 2013. 'Law enforcement requests sometimes require us to preserve Snaps for a time, like when law enforcement is determining whether to issue a search warrant for Snaps,' the blog continued. That surveillance could also go beyond unopened Snaps: Snapchat 'Stories,' or a cluster of Snaps, live on the company's servers for up to 24 hours and can be viewed multiple times, which broadens the window for law enforcement to poke its way in."
This discussion has been archived. No new comments can be posted.

Snapchat Search Warrants Emphasize Data Vulnerability

Comments Filter:
  • by Anonymous Coward

    Have each client generate a public/private key pair, store the private locally, the public on the server, and encrypt each message using the recipient's public key. Stored snaps on the server could only be decrypted with the private key, which the server doesn't have.

    • Re:Just use RSA (Score:5, Insightful)

      by stewsters (1406737) on Wednesday October 16, 2013 @11:49AM (#45144555)
      Which sucks if you want to access it from your phone, your computer, and a computer at the library. I think that syncing the keys securely is somewhat challenging for your average user. Your browser would also need to be able decrypt with the key, and doing that from javascript in a secure way is challenging.
      • For snapchat at least it's only phone accesaable I believe, so it's a good strategy for that app.

    • The DOJ is arguing that such designs should be inherently illegal.
    • "Have each client generate a public/private key pair, store the private locally, the public on the server, and encrypt each message using the recipient's public key. Stored snaps on the server could only be decrypted with the private key, which the server doesn't have."

      I think this sidesteps a troubling point brought up in Snapchat's statement. Since when is anybody obligated to "preserve" anything while government decides to issue a warrant? I don't think any such authority exists.

      Either there is a warrant, or there is not. If there is no warrant, I'll do whatever the hell I please with the stuff I have. I am not aware of any authority on the part of the courts to force me to change my daily actions "in anticipation" of a warrant.

      • by lgw (121541)

        Well, a judge can order you to preserve electronic communication almost on a whim - but really, if there's a judge involved here I'd be shocked. Importantly, you have to deal with that for civil matters, where there will never be a warrant, but you're still on the hook.

        • Well, a judge can order you to preserve electronic communication almost on a whim - but really, if there's a judge involved here I'd be shocked.

          That's true, but I got the impression (wrong or not) that it was not a court order, but simply a "request" by government to preserve records "in anticipation" of a warrant. In a case like that, I'd be tempted to just burn the records even if they did not incriminate anybody. Of course, if it were a genuine court order, I might be obligated to comply, but I'd contest its validity both at the time, and later in court if necessary. As I say, the authority here seems questionable at best.

          I am not obligated t

  • by DiEx-15 (959602) on Wednesday October 16, 2013 @11:43AM (#45144483)
    Snapchat hasn't been telling the truth to it's user base and stores private data longer than they claim to it's user base? That they do this so in case LE comes in with a warrant, they will have the info on tap for them?

    Is this a surprise to anybody anymore?
    • Re:So basically... (Score:5, Insightful)

      by gnasher719 (869701) on Wednesday October 16, 2013 @11:51AM (#45144587)

      Snapchat hasn't been telling the truth to it's user base and stores private data longer than they claim to it's user base? That they do this so in case LE comes in with a warrant, they will have the info on tap for them?

      No, they have been telling the truth. They store a picture until the recipient opens it. They have to, how else could they send the picture to the recipient? And the purpose is to be able to send the picture to the recipient when needed, not to preemptively gather information for the police.

      And a search warrant is a search warrant. Same as fifty years ago. The police gets search warrants to look for evidence against people suspected of crimes. Are you saying that Snapchat should think about whether information it has could be evidence against a criminal and hide it if it is? I'd say absolutely not. They should protect users' data against illegal access, but giving the information to police with a search warrant is absolutely legal.

      • I have relatively limited issues with properly obtained search warrants, provided they adhere to a level of requiring material proof of reasonable suspicion (physical evidence is mandatory here).

        Even if I might disagree with the sometimes extreme tenacity of the government prosecutors to obtain a guilty plea at all cost, I don't totally believe that law enforcement and things like proper warrants, are inherently evil.

        That said, a search of an otherwise secure service should be able to search the service.

        It

      • by sl4shd0rk (755837)

        not to preemptively gather information for the police.

        That's an assumption. If the NSA comes knocking on their door with legal papers like they did with Lavabit, you may never know about it.

        • by gl4ss (559668)

          well snapchat just now in his said that if they get served with such a thing then they save the data.

          actually snapchat seems like it's the most honest cloud company about this. if they haven't been served and you use the one time read portion of it then it's gone after loading. but even that practice cannot go over (secret) court papers which tell them to save certain snapchat users messages.

      • They store a picture until the recipient opens it. They have to, how else could they send the picture to the recipient?

        By sending the picture (or video) encrypted with a unique key, and only sending the key when the recipient opens it.

        They would still have to keep the decryption key, of course, but that won't do law enforcement, hackers, etc. any good without the data.

        They are generally honest with their users, though - they do point out that any 'snaps' you send could be screenshot, that their 'screenshot!

        • By sending the picture (or video) encrypted with a unique key, and only sending the key when the recipient opens it.

          Everything is perfectly fine if they send the picture encrypted, and keep both hackers and insiders away from all stored pictures. There is no reasonable requirement to keep law enforcement from executing search warrants.

          • Everything is perfectly fine if they send the picture encrypted, and keep both hackers and insiders away from all stored pictures

            The problem with that is that both the encrypted data and the key would reside with them. To clarify, let's say a hacker gets access to an e-mail-and-password list, but it's all weak MD5 hashes - running that across a rainbow table and further dictionary attacking will easily yield the passwords.

            So what any good site would do is add a salt. Unless it's a salt that everybody in t

            • by JeffAtl (1737988)

              Everything is perfectly fine if they send the picture encrypted, and keep both hackers and insiders away from all stored pictures

              The problem with that is that both the encrypted data and the key would reside with them.

              They could encrypt the photo, send the key to the recipient and then delete the key from the server. The recepient's SnapChat client would have the encryption key so all of the functionality would remain in place.

              • That would be functionally the same thing as I (and others) mentioned further up - except that we proposed sending the encrypted image/video and deleting that from the server.

                Both have their pros/cons for the server/user, but sending the image/video seems the better option - less storage space required on the server, user gets the picture/video to pop up sooner (downloaded in the background, only have to wait for the key download and the decryption (fast even on budget smartphones)), and without the data on

      • by Hatta (162192)

        You can't do one without the other. If you give legitimate users the means to avoid illegal access, you give criminals the means to avoid legal access.

      • by X0563511 (793323)

        No, they have been telling the truth. They store a picture until the recipient opens it. They have to, how else could they send the picture to the recipient?

        Gee, maybe they could encrypt it [gnupg.org] and just fucking send it [ietf.org]?

        Oh, right. Even something "simple" like PGP is beyond users at large. Shameful.

      • by Artraze (600366)

        All well and good except for this:
        "Law enforcement requests sometimes require us to preserve Snaps for a time, like when law enforcement is determining whether to issue a search warrant for Snaps"

        Which pretty clearly indicates that they will log snaps for the purposes of sharing with the authorities provided the authorities have a warrant when they come to collect the data. I'd say that quite exactly is "preemptively gather[ing] information for the police", though I suppose that depends on how you're defin

        • by suutar (1860506)
          sounds more like "If LE gets here with a warrant before we delete it, we have to give it to them. If they give us proper legal notice that they're working on getting a warrant, we have to keep it around until they get one. In absence of any notice from LE, it goes poof once the recipient has gotten it."
      • by steelfood (895457)

        They have to, how else could they send the picture to the recipient?

        Push. It doesn't always work. If a device is powered off, then push fails. But for security purposes where the data is being stored on the server, push is superior to pull. P2P is probably ideal. Cut out the middleman. Send directly via an encrypted channel.

        It doesn't really matter though. If the courts mandate Snapchat give up their encryption keys (like LavaBit), the only thing that could possibly stand between the data and a LE agent would be client-side encryption.

      • by simonreid (811410)

        Although I agree with you in the case of snap chat, normal people just don't think things through like that. I for one didn't know its not pushed to your phone until you read it.

        The other thing is its not just police search warrants you have to look out for.

        In many states a lawyer involved in a lawsuit (for example a divorce or child custody hearing) can issue their own subpoena for electronic records *without* law enforcement or the courts reviewing it. In this case its not evidence of a crime... but your

    • Re:So basically... (Score:5, Informative)

      by gandhi_2 (1108023) on Wednesday October 16, 2013 @11:52AM (#45144597) Homepage

      So basically the COURTS sign the warrants because of LEGISLATION that allows them to have this authority, and you should take issue with the Legistatures and Judicial bodies who exercise authority to tell companies what to do.

      It is all well and good that a company says they will do what they can, but all this authority comes from the laws and lawyers, not the server admins, not even the cops.

  • How does one protect oneself from a court order? I guarantee that if Snapchat gets an order to log information that they will do so. The best you can hope for is that another party couldn't get information that predates the order, but if you never know if and when an order is in place, you can never be sure who has seen your data.

    • Re:Court Order (Score:5, Informative)

      by Overzeetop (214511) on Wednesday October 16, 2013 @11:52AM (#45144605) Journal

      1) don't put yourself in a situation where someone wants a court order for something you have
      2) ignoring 1, don't send incriminating evidence electronically
      3) Ever
      4) If you're stupid enough to ignore 1-3, pass one time, strong passwords in person, then encrypt your files locally and send them by any means you aren't supposed to be using based on 1-3, above. Then destroy your copy of the password and the entire computer you used to create, encrypt, or send the message.

      Though, really, sticking with 1 and 2 is your best bet.

      • by Anonymous Coward

        Right because surveillance has never been done against innocent people or against someone for political reasons either. No, you only get surveillance on you by doing something bad.

        • by PRMan (959735)
          He didn't say that. He said don't do something they won't like.
          • by Desler (1608317)

            Which could be anything or nothing.

          • by SeaFox (739806)

            He didn't say that. He said don't do something they won't like.

            "They" could be any individual in a position of power abusing his authority for personal reasons, sort of like those NSA agents spying on their crushes [cnn.com]. It's impossible for someone to avoid that because their actions are not based on the laws and protocols they are supposed to be following.

        • Right because surveillance has never been done against innocent people or against someone for political reasons either. No, you only get surveillance on you by doing something bad.

          I think this company is in the USA, so you are saying the police can get search warrants signed for political reasons?

          • Yes, they have. It's also illegal, and if they get caught the evidence must be excluded from the court. Usually those cases are more about intimidation for political purposes, not day-to-day stuff. It happens in exceedingly rare cases. Here's an analogy: Do you have you had a child which had it's spinal cord formed outside of the vertibrae? It's rare like that. IT scares the living shit out of paranoid people, but 99.99999% of us will never run into it.

      • Re:Court Order (Score:5, Insightful)

        by disposable60 (735022) on Wednesday October 16, 2013 @12:06PM (#45144801) Journal

        Unfortunately, dragnets are wide and indiscriminate, and worse, definitions of wrongdoing are local and plastic.

        • Indeed they are, which is why you probably shouldn't be discussing items of a sensitive nature - something you absolutely don't want anyone to know about - using regular digital communication. The idea that you should never put in writing what you wouldn't say out loud is as valid today as it was 300 years ago. If you quit believing the fallacy that electronic communication is perfectly private, you can go forward properly.

          The OP asked how to avoid having items be the subject of subpoena. The answer is "wha

      • by Anonymous Coward

        You assume that you have to do anything illegal for someone to want to spy on you. There are plenty of legal things that the powers that be doesn't like.

    • Host your data is a hostile country. You think Iran cares about a US court order?

    • by PPH (736903)

      How does one protect oneself from a court order?

      From TFA: "leaves Snaps open to viewing by law enforcement -- provided the latter shows up at the company's front door with a warrant."

      There is no front door. Please deposit an electronic copy of all warrants and national security letters in our /pub subdirectory.

      Where the world can see it. So, you aren't protected against a search. But at least the gov't can't hide it from your customers.

  • Earlier this week, Snapchat admitted to a loophole in its schema that leaves Snaps open to viewing by law enforcement

    In other words, these companies are selling snake oil. Their systems provide no extra benefit other than quick deletion of messages. Nothing prevents the NSA from showing up with a FISA order to store and forward all messages from an individual. They are still just as vulnerable to NSA spying as any who came before.

    • by mlts (1038732) *

      Barring multiple companies that messages pass through in multiple countries (likely countries that don't like each other so multi-national warrants won't go through), the only place one can really be assured of security would be the endpoints. One has to assume that every point a message goes through, be it a router or a mailbox, the message is saved off permanently.

      Self-destructing messages are a joke. I've read some ways of trying to implement it through having a number of places that store a piece of t

  • I honestly don't get it. Couldn't a proper service generate key pairs on the user's device and then just charge (or not if you prefer) for KB transmitted. The recipient has the private key to decrypt it. Or not. If you show up with a search warrant (or a gun) I give you the encrypted data and wish you a happy summer decyrpting it. Problem solved - as much as it will ever be solved in an open network where messages are not transported by human couriers. Yes given time and resources anything can be broke
    • by pla (258480)
      Couldn't a proper service generate key pairs on the user's device and then just charge (or not if you prefer) for KB transmitted.

      Yes. The problem? Most people suck at working with encryption - They either can't handle it at all, or they do something phenomenally stupid that exposes their private keys to the whole world.

      Realistically, if not for the underlying need (for most people) that any encryption works completely transparently, we would have no need of specialty encrypted cloud storage in the fi
  • If I could get all the security agencies to read my Blogs [blogspot.com] posts, I'd probably have a big enough audience to make a living!
    • by Anonymous Coward

      So what key words will alert security agencies?

      @ [schneier.com] seems to be all you need.


  • Wickr [mywickr.com] claims a zero knowledge policy, encryption/decryption is done on the devices.
  • the MITM attacks being performed.
    http://en.wikipedia.org/wiki/Room_641A [wikipedia.org]

    Until you own all the copper and connected devices you aren't secure.
    Even then, you better trust everyone performing mainenance on said resources.

  • by Animats (122034) on Wednesday October 16, 2013 @12:06PM (#45144803) Homepage

    From now on, all point-to-point message security has to be end to end. At no point in the middle can a message be plain text. The era of trusting service providers is over.

    We really need is a good way for people to publish their public key, in a place where tampering with it will be detected. Somebody needs to solve that problem.

    • by weilawei (897823)
      There's a better way [wikipedia.org]. For a recent summary of the state of the art, see http://www.aui.ma/africacrypt2012/images/africacrypt2012/fully%20homomorphic%20encryption.pdf [www.aui.ma].
    • by mlts (1038732) *

      We have this technology... keyservers that replicate among each other. Someone's key that is deleted from one will remain on the others, and eventually gets propagated back. Keyservers are designed to copy and add data, never delete/remove items. So, a key that gets on there will remain there forever.

      Of course, if every keyserver gets compromised at the same time, that is an attack, but if one is left that still has the key on it, it will propagate the next replication session.

  • by Rigel47 (2991727) on Wednesday October 16, 2013 @12:19PM (#45144957)
    How about instead of trying to duck and weave around the NSA we do it right and demand they dismantle their illegitimate spying apparatus? Remember the part about where the government is supposed to answer to the people?
    • While we definitely must do this, it is a basic rule of security not to trust any part of a system.  We should have gotten serious about that a long time ago.
    • How about instead of trying to duck and weave around the NSA we do it right and demand they dismantle their illegitimate spying apparatus? Remember the part about where the government is supposed to answer to the people?

      This discussion isn't about NSA. It is about a company providing information when they are required to do so by a legal search warrant and when they have the information, and about the company telling the customers what they are doing.

      You can come up with all kinds of things that the company could be doing theoretically without telling anyone, but that is obviously pure speculation. And the exact same speculations can be made about any company that ever comes into contact with any customer data.

  • by nimbius (983462) on Wednesday October 16, 2013 @12:21PM (#45144983) Homepage
    SaaS and PaaS are utterly useless for private citizens and will continue to be so long as their providers are willing to fellate even the most casual government agencies upon request for your personal data. To think this company has a solution that wipes data off their servers and off the client once the data is viewed, yet gladly withholds it until $agency can get its shit together and convince a judge to rubberstamp a warrant, is pretty damning as a business model.

    in the face of Everything as a Service, the constitution ends when you pick up your device. fifth amendment? thats certainly gone. first and second? only so far as theyre employed to ensure the rope is long enough to hang you. dont use one of these services? expect to be 'detained' randomly at an airport, train station, or bus terminal. And if you have the outright audacity to use any data encryption to protect yourself, expect your inquisitors to react much the same as they did to people like Moxie Marlinspike.
  • Newspeak (Score:5, Interesting)

    by dcollins117 (1267462) on Wednesday October 16, 2013 @12:25PM (#45145027)

    a federal law called the Electronic Communications Privacy Act (ECPA) obliges us to produce the Snaps to the requesting law enforcement agency.

    Is it a rule now that every law has to be named to imply it does the exact opposite of what it actually does?

    • by jader3rd (2222716)

      Is it a rule now that every law has to be named to imply it does the exact opposite of what it actually does?

      The laws would never pass if they didn't.

    • by Anonymous Coward

      a federal law called the Electronic Communications Privacy Act (ECPA) obliges us to produce the Snaps to the requesting law enforcement agency.

      Is it a rule now that every law has to be named to imply it does the exact opposite of what it actually does?

      There is, in fact; it is called the Federal Legislation Transparency Act.

    • by idontgno (624372)

      The process of naming laws has pretty much destroyed irony.

    • by steelfood (895457)

      No, it is just 1984 happening right before your eyes.

  • Have the servers only monitor client online status,store the pictures to send on the senders device until the server repots the recipient can receive.
  • When I first read this several days ago (nice job, /.) I was actually surprised they were that good. I'd always expected when push came to shove it would turn out they were keeping copies of all the images 'for security' or something. I'm kind of amazed the NSA can only get at ones that haven't been read yet...

  • All your Microsoft email and Yahoo email is scanned for keywords and the result sets are sent to Bing, identifying you.

    Privacy - oh come on, you're Serfs, stop pretending you are Citizens.

  • This proves it to me. The NSA is really only concerned with collecting all the titties. They have the nude scanners at the airport to catch anyone who travels. Systematically they have infiltrated every possible way people use to share nude photos. Snapchat is a goldmine. All their dreams come true. Tits with every warrant. Now, with their unrivaled collection of nudie pictures they will rule the world with a strong masturbation hand.

Advertising may be described as the science of arresting the human intelligence long enough to get money from it.

Working...