Snapchat Search Warrants Suggest All Data is Vulnerable

At this point, the truly paranoid might as well take a rock to their smartphone.

This year’s revelations about NSA surveillance have upended the idea that our data—any of it—is truly secure from prying eyes. That uncertainty has sparked the rise of several businesses with a simple proposition: you can send whatever you want via their online service (text, images, video), and that data will vaporize within seconds of the recipient opening it up.

Silent Circle, for example, offers Silent Text, an encrypted text-messaging service that deletes images, text, and video within a set time period. Facebook Poke does something similar, limiting a message’s “life” to 10 seconds. And of course there’s Snapchat, the popular app that allows users to take “Snaps” (i.e., videos or photos) that self-destruct a few seconds after the recipient opens them; that data also disappears from the company’s servers.

But is “disappearing” data truly secure from prying eyes? Earlier this week, Snapchat admitted to a loophole in its schema that leaves Snaps open to viewing by law enforcement—provided the latter shows up at the company’s front door with a warrant.

Until a recipient opens a Snap, it’s stored in the company’s datacenter. In theory, law enforcement could request that Snapchat send it an unopened Snap. “If we receive a search warrant from law enforcement for the contents of Snaps and those Snaps are still on our servers,” read an Oct. 14 posting on Snapchat’s corporate blog, “a federal law called the Electronic Communications Privacy Act (ECPA) obliges us to produce the Snaps to the requesting law enforcement agency.”

Law-enforcement entities have hit Snapchat with “about a dozen” search warrants for unopened Snaps since May 2013. “Law enforcement requests sometimes require us to preserve Snaps for a time, like when law enforcement is determining whether to issue a search warrant for Snaps,” the blog continued. Only Micah Schaffer, in charge of Snapchat’s Trust & Safety, and CTO Bobby Murphy have access to the tool that can retrieve unopened Snaps.

That surveillance could also go beyond unopened Snaps: Snapchat “Stories,” or a cluster of Snaps, live on the company’s servers for up to 24 hours and can be viewed multiple times, which broadens the window for law enforcement to poke its way in.

Other services that offer self-vaporizing messages are, presumably, subject to the exact same stipulations as Snapchat: if the information is stored in a datacenter somewhere, law enforcement can access it with a warrant.

At this point, perhaps its best if you send truly sensitive information via carrier pigeon.

 

Image: Oleksandr Berezko/Shutterstock.com

Post a Comment

Your email address will not be published.