On Bloomberg West today, Christopher Soghoian, a former privacy advisor to the Federal Trade Commission, said that after its recent security breach Snapchat better lawyer up because a federal investigation and class action lawsuits are undoubtedly coming its way.
Soghoian told Bloomberg's Emily Chang:
I think Snapchat, if they haven't already done, so are going to need to hire some really good lawyers. I would expect to see an investigation by the Federal Trade Commission, by several state attorneys general, and probably a few class action lawsuits as well. They're going to need to up their security game and they're also gonna need to seek the expensive advice of highly qualified legal counsel.
Snapchat is hardly the only tech company to contend with a security issue. We've dealt with our fair share. Snapchat isn't even the only company to face a massive breach this year. The difference is that Snapchat recklessly ignored warnings, even as it cultivates a reputation as safe way to send private images, explains Soghoian, who currently serves as principal technologist and senior policy analyst at the ACLU.
This is a bad incident primarily because Snapchat's users are using the service because they think the company protects their privacy and security and what they've learned in fact is that Snapchat has taken a very cavalier approach to the privacy and security of their users data. This should cause every Snapchat users to really question them—the entire purpose of the service.
When Chang asked how Snapchat's security compared to companies like Twitter, Facebook, and Google, Soghoian made the company sound willfully ignorant:
Those other companies that you named, they all respond to the requests of security researchers, they respond to disclosures. Many of them even pay bounties. They pay fees to researchers who report things in the right way. In contrast, Snapchat just ignored a report by security researchers and didn't fix the flaw when they were notified about it.
To contact the author of this post, please email firstname.lastname@example.org.
[Image via Bloomberg]