Users of the photo-sharing app Snapchat should not have any assumptions that their images are not being shared with law enforcement.
On Monday, the company admitted in a blog post that it will, and already has, handed photos over to US law enforcement agencies:
Since May 2013, about a dozen of the search warrants we've received have resulted in us producing unopened snaps to law enforcement. That's out of 350 million snaps sent every day.
The basic premise of Snapchat is that recipients of images (“snaps”) can only view those pictures for up to ten seconds before they are permanently deleted from the device on which they were received.
Given the short period of time that images are available to the recipient it might seem remarkable that they could be intercepted by third parties.
It is, however, entirely possible – Snapchat’s head of trust and safety, Micah Schaffer, explained in the blog post that forensic examination of a handset that has received a snap is not the only means by which investigators could gain access to photos.
Schaffer says that in some instances it is possible to grab the images from the servers before the recipient(s) open them. This can be achieved by using an in-house tool, subject to a valid request from investigators:
For example, there are times when we, like other electronic communication service providers, are permitted and sometimes compelled by law to access and disclose information.
For example if we receive a search warrant from law enforcement for the contents of snaps and those snaps are still on our servers, a federal law called the Electronic Communications Privacy Act (ECPA) obliges us to produce the snaps to the requesting law enforcement agency.
The blog posting also makes it clear that the US company may hold onto some snaps for longer periods of time. It would do this in cases where law enforcement was considering whether or not to make a formal request to access the images via the search warrant procedure.
The company’s ability to hold onto snaps and access them isn’t something that law abiding users of the service should be overly concerned about though.
Unlike some organisations where a great many people have access to sensitive data, Snapchat only allows two people to use the tool for manually retrieving snaps – Micah Schaffer and the company’s CTO and co-founder, Bobby Murphy.
Outside of the company’s control, things may be different though. If someone accesses an image under the 10 second rule then they may be able to save it for themselves.
Savvy users can take screenshots of their devices when the image is displayed but apps such as Snaphack Pro circumvent the auto-destruction of previously viewed photos and allows users to post images directly to social media sites.
Given that Snapchat and its auto-deletion of images lends itself to “sexting”, knowledge of such apps may encourage users of the service to think twice before sending explicit images of their bits to their significant others.
While having sexy photos of yourself appear on social media sites may be incredibly embarrassing, having images of questionable legality may prove far more troublesome.
So, when using Snapchat, think very, very carefully indeed about what you are sending. If the content of your photo is private then keep it that way – don’t send it!Follow @NakedSecurity