Google admits Hangouts doesn't use end-to-end encryption, opening the door for government wiretaps

Google admits Hangouts doesn't use end-to-end encryption, opening the door for government wiretaps

If you’re really worried the government may be keeping tabs on your conversations, then you’d best avoid Hangouts.

According to Motherboard, a Google representative confirmed that Hangouts conversations are only encrypted “in transit,” meaning after the message arrives at the intended recipient Google could access it if forced to do so by a government wiretap.

The question arose from a Reddit AMA with two senior members of Google’s public policy and legal team. An ACLU representative pinned them down about encryption, but wasn’t able to get them to detail if all messages were encrypted from end-to-end.

Richard Salgado, Google’s director for law enforcement and information security, and David Lieber, the senior privacy policy counsel, would only confirm the in-transit encryption. Salgado reaffirmed the government’s prerogative to order such surveillance: “There are legal authorities that allow the government to wiretap communications.”

In reality, such wiretaps are rare. Google’s transparency report details only seven wiretap orders for nine accounts in the first half of 2014, the most recent data available because the U.S. government requires a six-month waiting period.

Why this matters: Apple has touted the privacy of iMessage as another advantage to the security conscious over Android. Other messaging platforms, like the Mark Cuban-backed Cyber Dust, also promise secrecy. Google may not see this extra step as necessary until a backlash arises from those who want more privacy from their Hangouts conversations.


Google engineer says he'll push for default end-to-end encryption in Allo

After Google’s decision not to provide end-to-end encryption by default in its new chat app, Allo, raised questions about the balance of security and effective artificial intelligence, one of the company’s top security engineers said he’d push for end-to-end encryption to become the default in future versions of Allo. Allo debuted with an option to ...

Google Hangouts doesn't use end-to-end encryption

If you're using Google Hangouts as your main messaging service, you might want to know that Hangouts doesn't use end-to-end encryption (E2EE), a must-have feature for messaging services in the post-Snowden world. This was recently confirmed during a Reddit Ask Us Anything (AUA) session by Google's Richard Salgado, Director for Law Enforcement and Information Security, ...

Google finally adds HSTS encryption to

Google, known for its security practices, has finally brought HTTP Strict Transport Security (HSTS) to to strengthen its data encryption. HSTS helps protect against eavesdroppers, man-in-the-middle attacks, and hijackers who attempt to spoof a trusted website. Chrome, Safari, and Internet Explorer all support HSTS. "HSTS prevents people from accidentally navigating to HTTP URLs by ...

Is Facebook making end-to-end encryption on Messenger opt-in only?

Facebook’s native chat is due to be silenced: Facebook’s reportedly going to kill it off, forcing users to instead use Messenger. Rumor has it that Facebook Messenger will also offer the option of end-to-end encryption sometime in the next few months. The Guardian, relying on input from three unnamed sources close to the project, earlier ...