Snapchat just joined the FTC club.
The company that makes the popular messaging app agreed Thursday to a settlement with the Federal Trade Commission of charges that it deceived users when it said photos on the service would "disappear forever" after recipients viewed them.
In fact, the agency determined, access could be obtained to Snapchat's photos through a set of relatively simple workarounds. Under the terms of the deal, Snapchat agreed to be monitored by an independent privacy auditor for the next 20 years.
Such agreements have become something of a rite of passage for tech companies. In 2010, the agency struck an audit deal with Twitter, which had come into the agency's cross hairs after its employees' weak passwords led to a hacking incident.
In 2011, the agency signed 20-year audit deals with Google and Facebook. In 2012, there was an agreement with Myspace. In 2013, there was one with Path.
But there is little evidence that these agreements have led to a wholesale shift in how tech companies handle private data. While the FTC deals might push the companies to be more careful about privacy changes, being careful is not the same as being private. It's possible - and seems likely - that agreements with the government serve mainly to add a veneer of legitimacy over whatever moves the companies planned to make anyway.
It's true that both Google and Facebook have become more careful about privacy since their FTC decrees. Both companies have told me they now run most major changes to their products through privacy experts, including lawyers.
Before the agreements, the companies seemed to make changes more quickly. The attitude toward privacy at Facebook, especially, seemed to be to ask for forgiveness after overstepping users' concerns instead of asking for permission before doing so.
Yet just because tech companies now think about the legalities of privacy does not mean their actions always improve users' privacy. For example, in 2012, after it had signed the FTC deal, Google altered its privacy policy to allow itself to merge data that it had collected about users from across its services. Before the change, information collected in one Google service, like Gmail, was kept more separate from information collected in other services.
The change set off widespread concern among privacy advocates. But it presumably did not amount to any kind of violation under the company's agreement with the agency.
And even when the agency does step in, it is not clear that its efforts really make much of a difference at tech companies. In 2012, The Wall Street Journal reported that Google was installing tracking cookies on iPhone users' Web browsers, even though the iPhone blocked such code by default.
Google denied any wrongdoing, but the agency's investigators found that the code violated the 2011 consent decree, and the agency imposed a "record" fine against Google.
How much was that record-setting fine? $22.5 million. Note that in 2012, Google made a profit of $10.7 billion, most of it through advertising that was based in some way on data it collected from users. If you do the math, the agency's fine represented about 0 percent of Google's income that year.
Could the agency's agreement with Snapchat have some deeper effect on the startup? It's possible, because Snapchat's entire premise is privacy. The company claims that the fact that its messages are designed to disappear after people receive them leads to more carefree, authentic conversations on the service.
I agree with that premise. Snapchat's widespread popularity suggests that we are becoming more sophisticated about how we think about the digital trails that our phones generate.
One possible outcome of the FTC agreement is that Snapchat could renew its commitment to privacy. It could institute tougher data security measures, and when it learns about possible vulnerabilities in its system, perhaps the company will move more quickly to address them. This would represent a change from recent behavior. Last year, after a security firm found that Snapchat's service allowed hackers to get hold of users' phone numbers, the company dithered in issuing a fix. Eventually millions of users' phone numbers were made public.
"I hope that what happens is that they change their technology to fit their promise," said Julia Horwitz, a lawyer at the Electronic Privacy Information Center, a watchdog group that complained to the agency last year over Snapchat's privacy record.
She added that her group was optimistic that the government's 20-year audit agreements were beginning to improve how companies handle users' data.
"I think Facebook, for example, is kind of learning," Horwitz said. She pointed to Nearby Friends, a new, optional feature that lets users share their location information with friends. "We were startled and pleased that it had a lot of pro-privacy features about it," she said. "This looked like progress to us. And to the extent that being under a consent order influenced that, I think that Facebook is learning about the value of privacy."
Assessing the utility of these consent orders overall, Horwitz said: "I think the answer is that this is a new tool, and for a new tool, it's starting to work very well."
"Very well - really?" I asked her.
Horwitz paused, and then said, "Sure."
© 2014, The New York Times News Service
For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.