Google’s Encryption Choices With Allo

Hamza Shaban, writing for BuzzFeed:

Google’s “smart” replies and virtual assistant improve with use, “learning” by analyzing conversations and context. But this kind of fine-tuned processing requires a record or “memory” of chats that take place in the normal settings. Similar to Google’s web browser, Chrome, which includes its own incognito mode, the normal settings offer a more intuitive experience to consumers, Google said. The option to turn on incognito mode in Allo and enable end-to-end encryption offers additional security, but with the choice to revert back to the fuller version, Google added.

But others are concerned with the broader ramifications of Allo’s design. “Google has given the FBI exactly what the agency has been calling for,” Christopher Soghoian, the ACLU’s principal technologist, told BuzzFeed News.

A live Google bot inside a chat stream is an interesting feature, and it can’t be done with end-to-end encryption. But this means law enforcement can require Google to hand over transcripts, and effectively wiretap your “normal” Allo chats. That’s a tradeoff many people will be willing to make. My beef is with using the words “normal” and “incognito”. Perhaps I’m spoiled by iMessage, but to me a “normal” chat is one with end-to-end encryption and no AI bot. Allo’s “normal” chats are the ones that are abnormal.

And “incognito” is absolutely the wrong word for Allo’s private chats. The word incognito means “having one’s true identity concealed”. That’s not what happens with Allo’s private chats. You’re still identified by your phone number. They should call this “private”, not “incognito”.

Monday, 23 May 2016