One programmer is calling bull on Snapchat’s attempt to get him to shut down what it terms an “unlawful” bit of code that provides access to Snapchat’s application programming interface.
“The fact is we spend so much time on Snapchat … contributing to their success, and they don’t even have the balls to give us an API to get [data] back out,” said programmer Thomas Lackner in an interview with VentureBeat.
Snapchat takes a photo or six-second video and lets you send it to a friend with the understanding that it will “self destruct” after a certain period of time. Lackner is under Snapchat’s microscope for building a PHP library called Snaphax. That library gives developers access to Snapchat’s API — even though Snapchat doesn’t otherwise permit this.
Lackner explained that he wanted to build a program that could send out a “snap of the day” to your followers, but he found that there was no easy way to mass-distribute a Snapchat. So Lackner went to work reverse-engineering Snapchat in order to get access to its API and thereby build the mass-sending capability.
His app does not forward someone else’s photo or video, nor does it circumvent the auto-deleting function that is core to Snapchat’s app. Instead, he published a way to get access to Snapchat’s API so you can send out Snapchats to many followers without having to send it to each one manually.
Another use he discovered was for a friend’s television program. She wanted to be able to send out a daily six-second video segment to her followers and develop a storyline over multiple Snapchats. His published API access would have enabled her to do that.
“I think that all APIs should be open,” Lackner said. “I think it’s a fundamental right that if you contribute data to a system, you should be able to get it back out.”
Lackner posted his problem to Hacker News this morning looking for advice on the notice he received from Snapchat. It reads:
I’m writing to ask that you remove Snaphax from Github and no longer publish or distribute it. Snapchat does not permit third party software to access our API and we consider Snaphax to be an unlawful circumvention device under 17 U.S.C. § 1201(a)(1).
Please confirm that it has been removed by end of day Monday, July 22nd.
Snapchat has not responded to VentureBeat’s request for comment.
Corynne McSherry, the Electronic Frontier Foundation intellectual property director, explained in an interview with VentureBeat that while reverse engineering is a “classic fair use,” Section 1201 of the Digital Millennial Copyright Act often stifles that add-on innovation.
“Section 1201 is a really unfortunate part of DMCA law and I’d love to see it reformed,” said McSherry in an interview with VentureBeat. “It’s a very dangerous law. It’s a very pernicious law. Over time it’s done a lot more harm than good.”
McSherry explained Section 1201, saying it’s like the person who wants to rip their DVD in order to make a fan video. The creation of the fan video itself is completely fair use, but if you need to circumvent any encryption on the DVD in order to make a copy of it, that act of circumvention is illegal according to Section 1201. The law was originally intended to stop criminals from commercially pirating software and videos, but McSherry says she’s seen it used to intimidate ordinary people.
“In practice it’s been used to target all kinds of security researchers and people who just want to tinker with the stuff they’ve lawfully bought,” said McSherry. “It’s unfortunate to see Snapchat trying to shut this down. It might be nicer to see them ask, ‘How can we work together.'”
The EFF put together a white paper collecting all of the Section 1201 requests it feels are overreaching.
In some cases, however, companies can stop reverse engineering simply by a terms of service. In many cases when you “buy software,” you’re actually just licensing it, which means you’re subject to a licensing agreement. That agreement, which comes in the form of a TOS, may state that you cannot access certain parts of the code, or really, forbid you from doing anything the company wants.
McSherry says she’s frustrated by these as well because while the TOS today is often treated like a contract — you give up something in order to gain something else — everyone knows that user agreements are long, complicated, and often left unread.
Of course, there are reasons why companies may not want you tinkering and tampering with their software. Poking holes in the system certainly endangers user privacy, and that may be why Snapchat want to suppress Lackner’s code.
VB's research team is studying web-personalization... Chime in here, and we’ll share the results.