Snapchat amd <a href="http://www.shutterstock.com/pic-245505340/stock-vector-binoculars-icon.html?src=dt_last_search-2">T-Cot</a>/Shutterstock
Snapchat is supposed to have figured out how to live up to its hype. Last year the app for sending “disappearing” photos and messages made sweeping changes in response to a Federal Trade Commission complaint that it had lost user data to hackers, oversold its content’s “disappearing” qualities, and violated its own privacy policy. But it seems Snapchat may not be as secure as its 30 million active users imagine. According to a report released last week by the Electronic Frontier Foundation (EFF), the company, unlike most of its peers, does not promise to notify users when the federal government requests data on them.
Those requests are not uncommon. Over six months, according to Snapchat’s first transparency report, published in April, it received 375 criminal legal requests for the United States. It complied 92 percent of the time—a rate higher than Yahoo, Twitter, Facebook, and Google. (Snapchat did not respond to specific questions I sent through its channel for media queries.)
What could the government possibly hope to get from an app that quickly deletes all of its content? A lot, it turns out. In addition to address book contacts, usernames, and phone numbers, Snapchat retains, for up to 30 days, content that hasn’t yet been read by the intended recipients. That gives investigators plenty of time to obtain a warrant and start digging. They can also serve Snapchat with a preservation order, forcing it to maintain the data. And because Snapchat doesn’t promise to alert users to government requests, the feds may be able to tap into Snapchat feeds undetected.
To be fair, Snapchat has improved markedly since EFF’s last report, in 2014, in which it earned one out of six possible stars. This year’s report looked at five categories, including the use of industry best practices, data-retention transparency, and support for user-friendly public policies. Snapchat’s four-out-of-five score beat that of messaging competitors WhatsApp and Google, but the EFF gave five stars to Adobe, Apple, Credo Mobile, Dropbox, Sonic, Wikimedia, WordPress, Yahoo, and others.
A company whose raison d’être is privacy and security ought to have a perfect score, says Rainey Reitman, a co-author of the report. “We use Snapchat for the types of things that we would not want to see, for example, on a LinkedIn profile,” she notes. “So I do think there are expectations that Snapchat will have the best security and privacy possible. I expect them to be a leader on these types of issues.”
