In a Reddit AMA on surveillance, Google has admitted that chats on its Hangouts messenger can be wiretapped as the service does not use end-to-end encryption. This means the company can tap into those sessions when it receives a government court order requiring it to do so.
Google’s director of law enforcement Richard Salgado responding to a query said that messages on Hangouts are encrypted in transit. Other Redditors in the discussion pointed out that Hangouts are only encrypted on their way between users’ computers and Google’s servers. Once they arrive at Google’s end, Google has full access. This is in contrast with services like Apple’s FaceTime and Facebook’s WhatsApp which cannot be tapped even by the company offering the service, as they use end-to-end encryption.
Motherboard followed up with the Google AMA and confirmed with Google that it does not use end-to-tend encryption and reported that even when users turn on the “off the record” feature, it only prevents the chat conversations from appearing in your history—it doesn’t provide extra encryption or security.
Motherboard added that Google received 19 requests to perform a wiretap from the US government, according to the company’s Transparency Report. In the first six months of 2014, Google received seven wiretap orders. The Indian government on the other hand made a total of 2,794 requests to Google seeking user data details from 5,002 accounts during January-June 2014, a significant increase from 2,513 requests seeking information from 4,401 accounts during the July-December 2013 period. However, Google’s compliance with these requests has dipped and the company complied with 61% of these requests as compared to 66% compliance during the July-December 2013 period.