NSA whistleblower Snowden: Google Allo without default encryption is 'dangerous'

While NSA whistleblower Edward Snowden weighs into Allo controversy, Google 'cyber overlord' Thai Duong argues end-to-encryption is nice but what people really want is disappearing messages.
Written by Liam Tung, Contributing Writer

NSA whistleblower Edward Snowden: 'Google's decision to disable end-to-end encryption by default in its new Allo chat app is dangerous.'

Image: CBS News

NSA whistleblower Edward Snowden has joined a number of privacy experts in calling on Google to enable end-to-end encryption by default in its new Allo messaging app.

In a tweet, Snowden said Google's decision has made the app "dangerous" to use and warned his followers to avoid it for now.

Google announced Allo at the I/O conference this week, offering it up as its answer to Facebook Messenger and WhatsApp.

Like WhatsApp, Allo relies on Open Whisper System's Signal protocol for end-to-end encryption. However, in Allo the feature is only active when users opt for incognito mode.

And once incognito mode is enabled, Allo loses some of its distinguishing bot features, such as Smart Reply, and Google's artificial intelligence-powered recommendations.

With end-to-end encryption, only the sender and recipient should be able to view the content of a message.

Thai Duong, Google's 'cyber overlord' and co-lead of its product security team, yesterday said in a blogpost that he would push for a feature to let users choose once for encryption to be on all the time in Allo. But as Tech Crunch noted, he quickly removed the statement.

The now deleted passage reads: "I can't promise anything now, but I'm pushing for a setting where users can opt out of cleartext messaging. Basically with one touch you can tell Allo that you want to, "Always chat in incognito mode going forward," and from that moment on all your messages will be end-to-end encrypted and auto-deleted."

Stressing that the views are his own rather than Google's, Duong, who consulted to the Allo team for app's security, argues that end-to-end encryption as a privacy feature comes second to time-limited messages.

He goes on to argue most people don't worry about government surveillance and that end-to-end encryption is really just a means to having disappearing messages.

"I think end-to-end encryption is not an end in itself, but rather a means to a real end which is disappearing messages. End-to-end encryption without disappearing messages doesn't cover all the risks a normal user could face, but disappearing messages without end-to-end encryption is an illusion. Users need both to have privacy in a way that matters to them," he notes.

But his explanation of 'normal mode' offers some insight into what Google would sacrifice in Allo if end-to-end encryption was on by default.

"In normal mode, an artificial intelligence run by Google, but no humans including the Allo team or anyone at Google, can read your messages. This AI will use machine learning to analyze your messages, understand what you want to do, and give you timely and useful suggestions. For example, if you want to have dinner, it'll recommend restaurants or book tables. If you want to watch movies, it can buy you tickets.

"Like it or not, this AI will be super useful. It's like having a personal assistant that can run a lot of errands for you right in your pocket. Of course, to help it help you you'll have to entrust it with your chat messages. I really think that this is fine, because your chat messages are used to help you and you only, and contrary to popular beliefs Google never sells your personal information to anyone."

Editorial standards