Following a Reddit AMA on government surveillance, Google has admitted that while it does encrypt Hangouts conversations, it does not use end-to-end encryption, meaning the company itself can tap into those sessions when it receives a government court order requiring it to do so. This contrasts with the end-to-end encryption used by some services, like Apple’s FaceTime, which cannot be tapped even by the company offering the service.
Motherboard noted that Google has always been vague about the level of encryption offered for Google Hangouts, and that when pressed by principal technologist at the American Civil Liberties Union Christopher Soghoian, the company would say only that messages were encrypted “in transit” …
Motherboard followed up with Google and received confirmation that the chat service does not use end-to-end encryption.
“A spokesperson confirmed that Hangouts doesn’t use end-to-end encryption. That makes it technically possible for Google to wiretap conversations at the request of law enforcement agents, even when you turn on the “off the record” feature, which actually only prevents the chat conversations from appearing in your history—it doesn’t provide extra encryption or security.”
Google’s Transparency Report reveals that the company received 26 wiretap requests from the US government in the 18 months running from the beginning of 2013 to the middle of last year. The company did not identify how many of these, if any, were for Hangouts.