Snapchat cleared up any doubts users may have had about the privacy surrounding images sent back and forth on its photo messaging service when the company confirmed this week that it has shared some images with law enforcement.

Snapchat, started in 2011, has gained popularity over the last year – especially among teenagers – by allowing users to send each other images that disappear from devices after a set amount of time.

350 million snaps, or images, are exchanged on the service daily.

In a blog entry on Monday, Micah Schaffer of Snapchat’s Trust and Safety team wrote that on certain occasions the company has had to forward users’ unopened images to law enforcement.

This probably won’t come as a surprise to privacy-minded folks, especially in light of recent NSA surveillance revelations and the litany of requests for data that have been sent to companies in charge of managing user information like LinkedIn, Google and Yahoo.

Schaffer acknowledges that the Electronic Communications Privacy Act of 1986 “obliges” the company to disclose users’ information.

Schaffer also confirmed that since May of this year at least a dozen of the search warrants Snapchat has received have led the company to produce unopened snaps for law enforcement. Schaffer writes that in some cases, like when law enforcement is deciding whether it wants to issue a search warrant, Snapchat has been forced to hold on to users’ images longer than they may have requested.

From a security standpoint, the main gist of Snapchat is that the company deletes images users sent from their servers, or really Google’s cloud service App Engine, after users open them. Images that aren’t opened by users will remain on the server until they’re deleted after 30 days.

A debate erupted earlier this year over whether Snapchat really deletes their users’ images and whether it’s possible to rebuild expired snaps using metadata stored on devices. Mobile researcher Alan Hickman argued in May that images aren’t really deleted, they’re just hidden. While Snapchat didn’t exactly agree with Hickman’s claims, it did assert that “it’s not impossible to circumvent the Snapchat app and access the files directly,” adding that users should keep in mind data retention “before putting any state secrets in your selfies.”

Schaffer tried to assuage user concerns this week by reiterating that while it has sent users’ unopened images to law enforcement, only two people, himself and application co-founder Bobby Murphy, have access to the tool that can retrieve the images.

For a company still relatively in its infancy, this is probably the closest to a transparency report users are going to get from Snapchat. If nothing else, it’s probably a step in the right direction that the company is providing clarity to users that Snapchat is not above the law and  for all intents and purposes, content that is meant to be kept private isn’t always.

Categories: Privacy, Web Security