Farewell to Allo? Why Snowden and Others Don't Trust Google's New AI-Backed Messaging App

520_google
Erik Kay, engineering director at Google, introduces Allo and Duo on stage during the Google I/O 2016 developers conference in Mountain View, California, on May 18. Stephen Lam/REUTERS

Google's newest messaging app Allo is not coming until later this summer, but the verdict seems to be already in from privacy advocates on social media, notably from National Security Agency whistleblower Edward Snowden: don't download it and stay far from it.

The outcry is probably not the reaction Google's head of engineering Erik Kay was expecting when he announced Allo during his keynote speech on Wednesday at the I/O developers conference. Allo was supposed to a groundbreaking messaging app that would use artificial intelligence to make texting easier by suggesting replies and recognizing photos.

Allo is Google's answer to Facebook Messenger and Facebook-owned Whatsapp vying for texting supremacy. But Google did not include a key ingredient to a messaging app in 2016: default end-to-end encryption. In light of the Apple-FBI feud over the role of encryption in face of government surveillance, popular texting apps like Whatsapp, Telegram and Signal all moved to end-to-end encryption to make sure governments and hackers cannot eavesdrop.

Allo so far just provides end-to-end encryption on its Incognito mode and offers an option to make it default. (Oddly enough, Allo's video chat compliment app called Duo comes with default end-to-end encryption from launch.) But Google's route of making encryption opt-in alarmed Snowden and other privacy experts, like ACLU attorney Christopher Soghoian, advised users not to use the new app.

Electronic Frontier Foundation (EFF) staff technologist Jeremy Gillula tells Newsweek that Google could be making encryption optional for technological, rather than business or political, reasons. With default end-to-end encryption on, Google may have no way of tracking whether any of the smart reply suggestions work properly.

"I can understand from a technological stance, especially for its first rollout," Gillula says. "I'm disappointed, but I understand."

Thai Duong, a leader of Google's product security team, wrote a blog saying he would push for default end-to-encryption on Allo down the line—before deleting the two paragraphs mentioning it.

"I wish it's the default (because it's my feature haha :), but even if it is not default all is not lost," reads a part of the the deleted section. "I can't promise anything now, but I'm pushing for a setting where users can opt out of cleartext messaging."

In the amended blog post, Duong writes a disclaimer saying "this post is solely my personal opinion, as someone from outside the team who consulted on security for Allo." Snowden accused Google of censorship after the post was deleted.

In the current blog, Duong asserts that auto-deleting messages in Allo's Incognito mode—like how messages disappear on Snapchat—is the "best privacy feature," and even more important than end-to-end encryption.

In a conversation with Newsweek, EFF attorney Nate Cardozo sharply disagreed with Duong's argument that auto-deleting texts can supplant encryption in ensuring privacy on Allo, saying

Duong "may know a lot about the messaging technologies but not on the people's need for secure messaging."

Echoing Snowden's opinions on Allo, Cardozo concludes that Google's decision to leave end-to-end encryption as an option is at best "really uncool" and at worst "dangerous in its irresponsibility."

Farewell to Allo? Why Snowden and Others Don't Trust Google's New AI-Backed Messaging App | Tech & Science