Google Admits Hangouts Doesn’t Use End-To-End Encryption

Google admits that their Google+ Hangout messaging client does not use end-to-end encryption and the encryption is only during transit, meaning that once it arrives on Google’s servers, anyone can wiretap the conversations.

During a recent Reddit AMA, about government surveillance, Google’s director for law enforcement and information security Richard Salgado and Google’s senior privacy policy counsel David Lieber answered some questions, one of which addressed the question of how secure Hangouts is.

Richard Salgado replied that Hangout’s encryption is only during transit, meaning that once it arrives on Google’s servers, anyone can wiretap the conversations. This contrasts with the end-to-end encryption used by some services, like Apple’s FaceTime, which cannot be tapped even by the company offering the service.

Motherboard reached Google to clarify, or elaborate about this issue and a Google spokesperson confirmed that Hangouts does not use end-to-end encryption.

That makes it technically possible for Google to wiretap conversations at the request of law enforcement agents, even when you turn on the “off the record” feature, which actually only prevents the chat conversations from appearing in your history – it doesn’t provide extra encryption or security.

Google’s Transparency Report reveals that the company received 26 wiretap requests from the US government in the 18 months running from the beginning of 2013 to the middle of 2014, the most recent data available because the U.S. government requires a six-month waiting period. The company did not reveal how many of these, if any, were for Hangouts.

The situation is not going to change until Google receives a backlash from those who want more privacy from their Hangouts conversations.