Live

Watch CBSN Live

Snapchat, Skype put users' "human rights at risk," Amnesty Int'l reports

Snapchat and Skype are falling short in protecting users’ privacy — a failure that puts users’ “human rights at risk,” according to a report by the organization Amnesty International.

Snapchat and Skype received dismal grades in a new set of rankings released by Amnesty that specifically evaluate how popular messaging apps use encryption to protect users’ private communications. 

WhatsApp rolls out encryption across all platforms

In the report, Amnesty is trying to elevate encryption as a human rights necessity, due to concerns that activists, opposition politicians and journalists in some countries could be put in grave danger if their communications on popular messaging apps were compromised.

“Activists around the world rely on encryption to protect themselves from spying by authorities, and it is unacceptable for technology companies to expose them to danger by failing to adequately respond to the human rights risks,” Sherif Elsayed-Ali, head of Amnesty’s technology and human rights team, said in a statement. “The future of privacy and free speech online depends to a very large extent on whether tech companies provide services that protect our communications, or serve them up on a plate for prying eyes.”

He adds, “Young people, the most prolific sharers of personal details and photos over apps like Snapchat, are especially at risk.”

Amnesty’s metrics ranked apps on a scale of one to 100, factoring in how they recognize potential threats to their users, apply end-to-end encryption, inform users of their rights and of security measures in place, and share details of government requests for user data.

Amnesty views end-to-end encryption as a minimum requirement for messaging apps to protect users’ information. The technology scrambles messages so they can’t be read by anyone except the sender and recipient with a digital key to unlock access. Though end-to-end encryption is not foolproof, it significantly bolsters security. 

It is “critical” in today’s security climate, security expert and Viollis Group CEO Paul Viollis explained. 

“Think of a tunnel. From the moment you walk in and walk out, you’re not going to get wet. End-to-end encryption allows a message from inception to delivery to have safe passage,” Viollis told CBS News. The technology insulates messages from the “millions of machines” that could, theoretically, disrupt them en route to their destinations, he said. 

BlackBerry, Snapchat and China’s Tencent received Amnesty’s worst grades, all scoring less than 30 out of 100. None of these companies use end-to-end encryption.

Amnesty specifically admonished Snapchat for not adequately informing its 100 million daily users about its encryption levels. Contacted by CBS News, Snapchat declined to respond to Amnesty’s report. 

In general, the company’s security philosophy is based around deleting content; the phrase “Delete is our default” figures prominently on Snapchat’s website. Most messages sent through Snapchat automatically delete themselves once they’ve been viewed or have expired (although they can be captured and saved in screenshots).

Viollis, who does not use Snapchat, urges users not to be lulled by the app’s “false sense of security.”

“There’s no electronic eraser. You can’t press retrieve. Whatever is on the internet will live there forever,” he said.

Microsoft’s Skype also fared poorly, receiving 40 out of 100. Skype uses encryption, but not end-to-end encryption for its instant messaging, according to Amnesty.

Microsoft defended its security protocols with Skype in a statement to CBS News. 

“We agree with Amnesty International about the importance of encryption,” a Microsoft spokesperson said. “At the same time, this report does not accurately reflect Skype’s comprehensive work to protect people’s privacy and security. Skype uses encryption and a range of other technical security measures, and we protect people’s privacy through legal challenges, advocacy, and strong policies to notify customers when we receive government requests for their data or detect attempted third party intrusions.”

Encryption "cannot be secure just for some people"

Facebook, which operates Facebook Messenger and WhatsApp, came out on top, with the highest score of 73 out of 100. Apple scored 67 out of 100 for its iMessage and FaceTime communications. 

Encryption has become an all-out battleground between governments, law enforcement, consumers and consumer protection groups. U.S. federal law enforcement has long argued that tech companies’ data encryption practices are making it harder for them to weed out pedophiles and terrorist suspects, and that consumers’ right to privacy must be weighed against public-safety interests.

Awareness of the issue has grown significantly in recent years, as apps like WhatsApp have publicly championed end-to-end encryption. In general, the pressure for tech companies to be transparent about their security decisions — such as where users’ information lives and what the company can do with that information — is greater than ever. 

For Viollis, it’s time for a new era of security thinking now that cyber crime has ballooned to a massive, $512 billion industry.

“Who cares about your Social Security number now? We’re far past that. Now people are assuming your life,” he said. “The marketability for personal information today is significant.”

View CBS News In