NRK (Norway) recently reported on the Snapchat hack and they started of with the following line (google translated):
If someone breaks into a young girl’s house, stealing nude photos of her and hang them up in the neighborhood, it’s her own fault?
Taking the statement on face value…it’s not like that.
Using the analogy:
- The house is the phone
- the package where the photos are kept is the application
- The delivery method (postal service) is the application sending the file to the cloud service
- The warehouse is a ‘cloud’/online service (SnapSaved)
- so… the photos are sent from home to a warehouse and redistributed to other houses and not someone breaking into the house.
So, the intruder is not breaking into the house, they are breaking into the warehouse.
You have very little control over the package once it leaves your house.
In theory, the house is safe as long as the photos are not sent to the warehouse.
As previously mentioned, the warehouse (application cloud/online service) and the delivery method (application) needs to be secured, who’s responsibility is that?
- No one broke into anyone’s the phone!
- It’s not the victims fault but just as any delivery service has a ‘items may be lost in transit policy’ or an ‘insurance’ service for valuable items, the application owners must communicate the equivalent risks to the victims (Snapchat was irresponsible for stating that their service is ‘safe’/’secure’! How can you guarantee a service when other services can ‘access their service’)
- Yes, another application issue
It is important to get the analogies right to properly understand and appeciate the issue at hand, lawmakers, speak to the professionals!