If you’re looking to plan a heist, you’d probably best stay clear of Hangouts: Google has inadvertently confirmed that its chat platform is susceptible to police and government monitoring.
While the tech giant usually keeps quiet about Hangouts’ security features, the revelation (of sorts) came out of an “Ask Me Anything” session Friday on Reddit that included members of Google’s public policy department and legal team. Its proposed topic was “the current status of U.S. government surveillance law reform and how Google thinks about these issues,” but the questions were less about laws or reform and more about Google’s practices.
Early in the session, the American Civil Liberties Union’s principal technologist Christopher Soghoian posted:
Hi,
Google has repeatedly refused to acknowledge whether or not it is capable of wiretapping Hangouts for government agencies. In contrast, Apple’s FaceTime product uses end-to-end encryption and the company says it is not able to wiretap this service.
Why has Google refused to be transparent about its ability to provide wiretaps for Hangouts? Given Google’s rather impressive track record regarding surveillance transparency, the total secrecy regarding the company’s surveillance capabilities for this product is quite unusual.
The reply from Richard Salgado, Google’s director for law enforcement and information security, cited the company’s record of disclosing wiretap requests (“There were a total of seven wiretap orders in the first half of 2014, covering nine accounts”), but the following part is what set Reddit ablaze. “Hangouts are encrypted in transit,” Salgado said, linking to Google’s official help document.
Readers were quick to point out that “in transit” is not the same as the end-to-end encryption that Apple boasts for its iMessage and FaceTime programs. As Reddit user reddit_poly pointed out, “This means that Hangouts are only encrypted on their way between your computer and Google’s servers. Once they arrive at Google’s end, Google has full access.”
This does not mean that Johnny Law can just tap into your discussion of last week’s Game of Thrones shenanigans all willy-nilly. The government still needs Google’s permission to access the servers and read Hangouts data, which the company readily admits it has given. It posts summaries of these and similar actions in its online transparency report, which shows that it has received wiretap orders at least since June 2013.
The term “in transit” doesn’t appear on Google’s official document; it only says that “your information will be encrypted so that it’s secure.” The Reddit discussion has served to clarify what exactly that means, and while the company has tools in place to let users know what it is and is not sharing, exactly how Google accesses and secures Hangouts data has been a long time coming.
Via: Motherboard
Evan Killham is a freelance writer who lives in Nebraska and isn’t interested in football, so he has plenty of time to play and think about video games. He has written for Bitmob and GamesBeat and sometimes, he even goes outside. But not too often because he’s heard there are bees out there. Occasionally, companies send free units for review. Evan subscribes to Cult of Mac’s Reviews Policy and also does not keep the items he receives for possible coverage.
9 responses to “Yes, Google can wiretap your Hangouts for the government”
I wonder how much Google charges the NSA for your data?
If your up to no good then worry, if your not doing anything that would be seen as untoward or being watched by some government secret agency then why worry as your Hangouts will be irrelevant to agencies who target specific people
I’m sorry, but the argument of “if you’re not doing anything wrong” never ceases to amaze me. It shows a really flawed understanding of the point of privacy laws in the preservation of freedom and the enforcement of real justice, a major failing in education I think.
However, in this case, it is apparent that judicial oversight is still involved and so I have less concern about it. I only really get concerned when government agencies are doing this without any checks or balances against it. That is when freedom becomes jeopardized.
Gotta protect the privacy of the bad guys too you know…. smh
The point of the system that we enjoy in North America is that no one arm of the government should make an arbitrary decision to spy on, or detain, a private individual without the oversight of another arm. This is called a check and balance and it is the cornerstone of our freedom.
You are correct. No matter what encryption or privacy you are using, if you are doing something wrong, the government will get you in one way or another. FaceTime’s encryption is not going to even slow down the NSA when they are after you…
The do this for a reason…. so that they can run AI against your conversation. This allows them to do things like offering to share your location, adding/backup up photos, and they will surely add more features in line with these later on.
Those services are merely incentives to allow them to continue data mining you, since you are the product @ Google. Some are cool with this, some are not.
Bottom line is anything you do using a google service is going to be tracked or listenable or hijackable. They are never going going to offer you a clean communications channel that can’t be tapped for free, they have no incentive to since they do not make hardware, etc.
I tend to prefer pivacy so I often seek alternative services others are cool with it and use google. Not judging, just saying.
As a Google user I also prefer privacy and have zero issues with Google improving their services to fit my needs better. They don’t share without law enforcement providing warrants which is fair game and it’s something Apple does as well. If Apple gets a warrant from the NSA they aren’t allowed to even mention it.. There’s no definite proof that Apple doesn’t/can’t also read iMessage other than just what they say publically. The fact that Apple doesn’t go into full details as to how it works makes me wonder if they’re being fully honest.