In a recent AUA (Ask Us Anything) session on Reddit, Google’s Director for Law Enforcement and Information Security, Mr. Richard Salgado looked to evade a question from a user about Google’s lack of transparency on whether it has the ability to wiretap conversations on Hangouts. The person who put forward that query was the Principal Technologist at the American Civil Liberties Union, Mr. Christopher Soghoian. Mr. Delgado, however, simply gave a vague reply by saying that Hangout chats are “encrypted in transit” and that Google was “continuing to extend and strengthen encryption across more services”. It was only later, when pressed on the issue, that Google issued a statement saying that Hangouts doesn’t use end-to-end encryption. What that admission means in essence, is that Google can eavesdrop on any Hangouts conversation either for their own purposes or at the behest of any government agency. It is important to note that even the “Off The Record” feature doesn’t do much to prevent a particular conversation from being accessed by Google either. It only prevents the conversation from appearing in the user’s chat history without providing any extra layer of encryption.
Through the 2014 edition of the Transparency Report, the internet giant had earlier stated that requests for user data from governments around the world have risen significantly over the past few years, even though only 26 wiretap requests came from the United States Federal Government in the 18 months from January 2013 till June 2014. Google, however, didn’t specify whether those were for Hangouts or for any other Google service. This lack of end-to-end encryption for Hangouts as per Google’s strategy is in direct contrast with Apples’s FaceTime, which does have end-to-end encryption, thereby preventing even Apple from eavesdropping.
In an era when end-to-end encryption (E2EE) has become a byword in security with reports coming out every other day about the NSA or some other Government agency snooping on private conversations of citizens, it is indeed a cause for concern that one of the more popular mainstream chat apps deems E2EE redundant and dispensable. It is likely that going forward, companies like Google will make the changes necessary to provide their customers with the sense of privacy and peace of mind that nobody’s listening in to their private interactions.