Messaging Apps Like Tango, WhatsApp and Skype Not Immune To Government Reach

Website pages from Facebook Inc., right, and Skype Technologies SA are displayed on a computer monitor in London, U.K., on Fr
Website pages from Facebook Inc., right, and Skype Technologies SA are displayed on a computer monitor in London, U.K., on Friday, Oct. 15, 2010. Facebook, the social-networking site, and Skype, which provides Internet telephone services, are in talks over a deal to allow Facebook users easy access to Skype's text, voice and video links. Photographer: Chris Ratcliffe/Bloomberg via Getty Images

How can we communicate with one another free of federal eyes and ears? As word spread this week that agencies from the National Security Administration to the FBI have for years been tapping into the servers of some of the largest Internet and telephone companies, surveilling millions of email, chat and Web surfing accounts, some people are eagerly pursuing surveillance-free alternatives.

Good luck with that. Even specialized apps that enable people to speak, video chat and text free of any tether to cellular networks or traditional landlines are far from impervious to the reach of the government, experts say.

Major services, including Skype, Tango, WhatsApp and Facebook Messenger, have policies that commit them to cooperating with government agencies when presented with sufficient legal justification.

Tango, a text and video messaging service that claims more than 50 million American members, complies several times a month with federal law enforcement requests for information related to users' activity, according to the company’s co-founder and Chief Technology Officer Eric Setton.

"Our privacy policy for our service informs our members that if we do receive a court order asking for specific information that we may keep on our servers, then we may provide that to the courts," Setton told The Huffington Post.

The Guardian was first to report that the NSA has been collecting information known as metadata from millions of Verizon customers in the U.S. Metadata can include the length of phone calls, the phone numbers of the caller and the recipient, the serial numbers of the devices used and sometimes the locations of those who made the call.

Then on Thursday, the Washington Post reported that Facebook and Microsoft, the company that owns Skype, are among several of the biggest Internet companies that participate in PRISM, a government program that allows the National Security Agency and the FBI broad access to the companies' servers. Both companies have denied they participate in any such program.

Messaging apps have become immensely popular in recent years. More than 1.3 billion social and communications smartphone apps were downloaded in the United States last year, and that number is expected to reach 1.6 billion in 2013, according to IHS, a research and consulting firm. However, industry experts say these services are just as vulnerable to being surveilled by federal agencies as traditional telecommunications carriers.

"From a technical (rather than legal) perspective, these apps could likely still be open to the type of monitoring that has been reported with Verizon," Jack Kent, principal analyst in mobile media at IHS, said in an email. "Should a group want to monitor this type of communication, technically they should be able to do it.”

Kent emphasized that because of inherent differences between the types of services that messaging apps and telecommunications firms provide, the two sets of companies collect different types of data about their users.

And the data that messaging companies store on their servers varies between companies.

Tango's Setton said that in order for Tango to work, the company's servers must temporarily collect information about who made the call to whom, as well as the duration of the call. He did emphasize, however, that when someone makes a call using Tango, a direct connection is established between the two phones, and the conversation does not go over their servers.

WhatsApp, a popular SMS-like messaging service that accounts for over 10 billion messages each day, says that it does not archive chat history on its servers. A WhatsApp spokesperson did not answer an email asking about its policy with regard to law enforcement agencies seeking data for users, but in its terms of service, the company notes it "may retain date and time stamp information associated with successfully delivered messages and the mobile phone numbers involved in the messages," and it "may collect and release Personally Identifiable Information and/or non-personally-identifiable information if required to do so by law."

WhatsApp did not say how often it is approached by law enforcement agencies or the type of information it would be able to provide.

Facebook and Skype, which the Washington Post says cooperate in the government's PRISM operation -- allegations that both companies deny -- nevertheless provide customer data when they're required to do so by law.

Microsoft said that last year about 135,000 Microsoft and Skype accounts, or .02 percent, were "impacted" by law enforcement requests. A spokesperson did not return an email asking to elaborate on the meaning of the term "impacted."

Facebook, for its part, says that it will not disclose "the stored contents of any account, which may include messages, photos, videos, wall posts, and location information," without a warrant. A spokesperson for Facebook said that if a message or call log information is deleted by both parties, then it's no longer on its servers and, even with a warrant, it wouldn't be available.

Facebook would not disclose how many times it has cooperated with or has been approached by federal law enforcement agencies.

AOL, which owns The Huffington Post, was named in the Washington Post as being among the companies tapped by federal authorities under the PRISM program. On Friday, AOL said it was unaware of any such activities.

"We do not have any knowledge of the Prism program,” AOL said in a statement. “We do not disclose user information to government agencies without a court order, subpoena or formal legal process, nor do we provide any government agency with access to our servers.

So what can a concerned citizen do to keep conversations totally private? Chris Silva, an analyst at Altimeter Group who specializes in mobile strategy and security, said that the only way to truly avoid the possibility of having communications monitored is to simply stay off networks.

"The truth of the matter is, when you're using a network-connected device -- whether it's a laptop or smartphone -- it's very hard to remain anonymous," Silva told The Huffington Post. "The information propagates so quickly and gets stored so many places en route to its destination that the only sure way to prevent the problem is abstinence."