Wednesday, May 15, 2013
Undeleted Snapchat Photos – Privacy Scandal, or Ho-Hum?
If you were intrigued by this blog's previous post about Snapchat, you may recall that it described the preferred teenage sexting application (150 Million photos uploaded per day, a few of which may not be sexually explicit or potentially incriminating) as a system that “allows the user to send photos to friends that automatically delete after a specified period of time.” While the post went on to speculate about how the application might leave a “digital trail,” and how this evidence might be discovered for litigation, the presumption seemed to be that the images were, in fact, deleted from both user devices and Snapchat's servers after they had been viewed.
Well, earlier this week, digital forensics firm Decipher Forensics announced its discovery that the photographs are not permanently deleted from users' phones, and that they can be retrieved, at least from Android devices, by anyone who has 'root' access to the phones. Although most users do not intentionally root or jailbreak their phones, this discovery presents a substantial concern for those who do, or whose devices are compromised by malware or other surveillance or forensic tools. The allure of Snapchat is that images sent via the service are supposed to be ephemeral, and the company promotes this as the key advantage of the application, stating: “[t]hey'll have that long to view your message and then it disappears forever.” But that sentence is immediately followed by the disclaimer “We'll let you know if they take a screenshot!” Does this constitute an enforceable promise that the messages will be permanently deleted, or does it plainly disclaim perfect confidentiality by warning users that Snapchat does not guarantee that the images will not be retained by their recipients?
The question is complicated by several factors. First, it is not clear from media reports whether the images are “deleted” by the operating system, as the company suggests they are, or merely renamed with a “.NOMEDIA” file extension that prevents users from accessing the images via the Android user interface. What is clear is that the images are not encrypted, and that they are not securely deleted, or “wiped,” from user devices after they expire. These technical differences reflect a spectrum of meanings of “deleted,” ranging from the least secure, in which a hypothetical application might retain all messages but exclude them from the user interface of the application so that they “disappear” from the user's perspective but remain accessible to digital experts, to the most secure, in which messages are encrypted at the endpoint devices using a nonce or one-time pad, and both the encrypted image data and the keys are securely deleted after a single use.
While there is no perfectly secure solution, surely, enforcement of privacy promises must reflect the common interpretation of those promises, not merely the porous, technical interpretations that service providers might prefer. Snapchat makes it clear that message recipients can “capture” images by taking screenshots while the images are being viewed, but this seems to suggest that it is the only way that the images can be retained, and that Snapchat will notify users if their images are retained in this manner. In fact, the images are easily accessible to anyone with either an advanced understanding of file storage or money to spend on file-retrieval applications and services. While this might not surprise many people in our privacy class, do you think that the company has misled ordinary consumers about the security and confidentiality of messages that they send via the service, or do Snapchat users have ample notice and knowledge of the risks of sending images to third parties? Can a carefully-crafted privacy policy cure any potentially misleading statements made in other, more user-accessible contexts? Do the following screenshots from the Google Play store affect your opinion?
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment