Snap Employees ‘Abused Internal Tools To Spy On Users’

Snap, maker of the Snapchat messaging service, has internal tools that allow staff in multiple departments to access users’ personal data, including location information, saved messages, telephone numbers and emails, according to a report.

Snap has protections in place to combat the abuse of the tools by employees, but some individuals have nevertheless used them in the past to spy on users, some staff told industry website Motherboard this week.

The existence of data access tools is standard in the tech industry, where companies are obliged to be able to hand over certain types of data to law enforcement if the need should arise, with other legitimate uses including enforcing company policies.

Nevertheless, the existence of Snap’s tools, one of which is called SnapLion, may come as a surprise to some users, many of whom use Snapchat due to the perceived ephemerality of messaging on the platform.

Disappearing messages

Unless saved, Snap messages typically disappear after a recipient reads them.

The potential for data-gathering tools to be abused by insiders is a current concern at Snap as elsewhere, and the company has measures in place to prevent it from happening.

For instance, the company has improved its logging processes over time to ensure that tools such as SnapLion monitor what data is accessed by which employees, unnamed staff said in the report.

Nevertheless, several individuals have abused the tools in the past, with incidents occurring several years ago, staff said.  It wasn’t clear whether abuse had occurred more recently.

Snap said privacy is “paramount” at the company.

“Any perception that employees might be spying on our community is highly troubling, and wholly inaccurate,” the firm said in a statement.

Privacy

“We keep very little user data, and we have robust policies and controls to limit internal access to the data we do have, including data within tools designed to support law enforcement.

“Unauthorised access of any kind is a clear violation of the company’s standards of business conduct and, if detected, results in immediate termination.”

Companies including Facebook and Uber have introduced stricter privacy controls after staff were found to be misusing internal tools to spy on customers.

In 2014 Snap settled FTC charges that it “deceived” users over the disappearing nature of its messages, since “snaps” can be saved.

Regulators also reprimanded Snap for failing to disclose that it collects user data including location information.