Google acknowledged that though it encrypts Hangouts conversations, it does not use end-to-end encryption. This implies that if the internet giant has sufficient authority, it could itself tap into the sessions.
Google does not use end-to-end encryption
The revelation came on a Reddit thread which included the American Civil Liberties Union’s principal technologist, Christopher Soghoian, and Google’s director for law enforcement and information security, Richard Salgado. During the discussion thread, it became clear that the internet giant encrypts Hangouts only between computers and the Google servers, suggesting that once messages come to Google’s end, the company has full access to them.
Also a Google spokesperson confirmed the findings of the Reddit threads to Motherboard, which noted that Google can wiretap conversations even if a user does “turn on the ‘off the record’” feature, which actually only prevents chat conversations from appearing in your history—it doesn’t provide extra encryption or security.” Motherboard noted that the internet giant has always been unclear on the level of encryption it offers for Hangouts.
Who to trust?
In layman’s terms, end-to-end encryption means that when a user sends a message from a PC, it is encrypted from the moment it is sent until it is received. Google’s not using end-to-end encryption may come as a surprise to many, as other rival services do take such precautions. Apple uses end-to-end encryption for Face Time and iMessage and has been using it as one of its selling points. Mark Cuban-backed Cyber Dust also offers full encryption.
From 2013 to the middle of last year, the internet giant received 26 wiretap requests from the U.S. government, the company revealed in its Transparency Report. However, Google provided no information on how many of these, if any, were related to Hangouts.
The findings surely are startling as after Edward Snowden’s revelations, users have been pretty vocal about their privacy. The revelations also makes it clear that blocking only third parties is not enough, as government agencies work with the concerned technology firm to snoop on private details and collect data.