Go ahead, hack away

Feds issue final order over Snapchat privacy incidents, but no fine

What do regulators do when a popular app deceives users about photos that “disappear forever” and scrapes their contact list without permission? Not much.

On Wednesday morning, the Federal Trade Commission announced the approval of a final order against Snapchat, a popular messaging app that lets people send text and images that disappear after a few seconds.

The service, which initially gained notoriety as a teen sexting app, landed in hot water this spring after it became apparent that users could deploy easy workarounds to capture permanent copies of the photos that were supposed to “disappear forever.”

According to an FTC complaint published this spring, Snapchat not only deceived users with such false marketing promises, but it also collected information from iPhone contact lists without permission, and employed lax security measures that exposed 4.6 million users to a data breach.

This week’s order serves to formally implement the terms of the settlement that were announced in March. Notably, the terms do not include any sort of financial repercussions for the company or its executives.

Instead, Snapchat’s punishment consists of a 20-year consent decree, which requires the company to comply with a series of obligations, including the implementation of a privacy program.

Such decrees, which the FTC also has in force against tech companies like Facebook and Google, provide the agency with a means to slap down harsher penalties, including multimillion dollar fines, in the event of future privacy breaches.

The downside of the Snapchat consent decree, however, is that it may reinforce perceptions among Silicon Valley startups that it’s okay to blow off privacy precautions, since little of consequence happens to first-time violators. Indeed, earlier this year, the maker of an Android flashlight app secretly recorded the location of 50 million people, but faced no fine from the FTC.

The original headline of this story used the word “breach.” That word has been changed to “incidents” in light of the fact that the primary issue in the FTC case — the capturing of photos — was facilitated by third party apps, rather than by overcoming Snapchat’s security measures.