Snapchat has agreed to a settlement with the United States Federal Trade Commission to resolve privacy issues resulting from a hacker’s publication in January of data associated with 4.6 million of its users.
The company has not admitted any wrongdoing, but it has agreed to implement a comprehensive privacy program that will be audited by a third party for the next 20 years.
“This is pretty standard in settlement agreements like this,” Joseph Lorenzo Hall, chief technologist at the Center for Democracy & Technology, told TechNewsWorld.
“If Snapchat were to admit to wrongdoing, that would be essentially an admission of guilt with respect to the alleged acts, and there would be any number of additional legal implications, such as the possibility of class-action suits and legal actions from state-based enforcement entities like state attorneys general,” Hall explained.
The FTC’s Charges
Snapchat deceived consumers by promising that messages sent through its service would disappear after a user-selected period of time, the FTC charged.
Snapchat had marketed that vanishing act as the app’s central feature, the commission said. However, it turned out there were several simple ways that recipients could save those messages indefinitely.
The company continued making its promises despite having been warned by a security researcher that they were misrepresentations, the FTC maintained.
The commission also accused Snapchat of deceiving consumers over the amount of personal data it collected and the security measures it took to protect that data from misuse and unauthorized disclosure.
In particular, the commission charged Snapchat with failing to secure its “Find Friends” feature. That resulted in the security breach leading to the publishing of user names on the Web in January, the FTC said.
Was Justice Served?
The terms of the penalty do not sit well with Morgan Reed, executive director of ACT|The App Association, which represents more than 5,000 small and mid-sized companies developing mobile apps.
A 20-year audit period would mean nothing to start-ups like Snapchat because “they may well be acquired within three years,” Reed told TechNewsWorld.
Levying a fine might be more effective.
“Penalties involving checkbooks affect start-ups’ burn rate, and something that impacts cash flow is something they have to think about very seriously,” Reed pointed out.
“Writ large, Snapchat sold this product based on their promise to deliver privacy, and they did not,” he said. That “harms the industry’s ability to convince consumers to trust us as we move forward into big areas like financial services, enterprise apps and health apps — areas where consumers do feel affronted if their private information is not treated with respect.”
E-Messages Are Forever
Electronically transmitted messages can be cleared if users encrypt them and then securely erase the encryption key once the message’s viewing time is up, Hall said. Users also should securely delete the image itself as an added precaution.
However, the technically capable “aren’t big fans of disappearing data solutions like this, because there’s always the chance the image has been captured and/or copied during the time that it’s viewable by, for example, taking a photo of the decrypted picture,” Hall commented.
Privacy Policies Need FTC’s Muscle
“Policies cannot, in and of themselves, protect anything; they are words,” Hall pointed out.
However, they are potentially legally binding words that form a commitment by companies, and “that’s why the FTC’s role is so important,” he said.