The recent arrest of Telegram’s CEO Pavel Durov is a declaration of war on our privacy. Millions use his innovative, not-for-profit encrypted messaging app to organize against authoritarian regimes. This is likely one of the most important legal cases of “the decade of privacy,” for better or worse. Everyday, apps like Telegram save the lives of Hong Kong protestors and Iranian dissidents.
The future of privacy is being decided in a French courtroom right now. Our freedom to hold politicians accountable and protect marginalized voices. To understand what’s at stake, and why Durov is being singled out, we must dive into what’s going on. And it all starts with Durov’s rather contentious relationship with his home country. Here’s a quick recap of events.
Who is this guy anyway?
In 2006, Durov and his brother Nikolai created Russia’s Facebook, VKontakte. Just over a decade ago in 2014, Durov left the company. According to him, VK had been taken over by Vladimir Putin’s political faction. Durov also left Russia, stating no desire to return.
Shortly before all that mess, Durov had begun working on Telegram. As a privacy advocate who deems it a human right, he was at odds with Russia’s oppressive regime. To ensure no single point of failure, he decentralized Telegram’s servers across the world. His brother Nikolai created the MTProto encryption protocol, the backbone of Telegram’s privacy.
But I heard Telegram wasn’t really secure?
Now, Telegram is often dismissed by privacy purists for not being 100% open-source. Specifically, they decided to keep MTProto to themselves. This is the main argument against Telegram. Additionally, messages (while encrypted) are not end-to-end encrypted by default.
End-to-end encryption (E2EE) prevents Telegram itself from accessing your messages. Without E2EE, you have to trust them not to spy on you. That is, of course, unless you use secret messages. Telegram’s secret messages are E2EE, but those miss out on the best features. At the end of the day, it’s a matter of where you decide to draw the line between convenience and security. People don’t realize that Telegram pioneered most features we take for granted in messaging apps today. And it continues to be an innovator in the space.
Speaking of security, Telegram has a bounty program, offering up to $100,000 for the discovery of any security flaws. Telegram has never been hacked or provided data to any government. Protestors in oppressive regimes have trusted Telegram for over a decade. In fact, Durov’s recent arrest is a sign of his continued commitment to privacy. He wouldn’t have gotten arrested had he cooperated with law enforcement.
So what’s going on now?
Finally, we’re at the present. The EU is considered a beacon for privacy and consumer rights in recent years. This made his arrest by French authorities seem contradictory. The charges have not been publicly disclosed, but that hasn’t stopped the rumor mill. This rumor mill is being driven by none other than the French prosecutor’s office, which stated that Durov is being investigated for “complicity in the offenses of making available without legitimate reason a program or data designed for… organized gang distribution of images of minors presenting child pornography, drug trafficking, and refusal to communicate, at the request of competent authorities, information or documents necessary for carrying out and operating interceptions allowed by law.”
Would somebody please think of the children?
Your ears might have perked up there. This situation is eerily similar to the SESTA-FOSTA bill passed in 2018. SESTA-FOSTA claimed to protect children from sex trafficking, and who would oppose that? In reality, it only affected sex workers. It also led to the repeal of Section 230 of the Communications Decency Act. Section 230 had shielded sex work websites like Backpage.com from liability for user-generated content. Backpage frequently collaborated with law enforcement to identify and arrest child traffickers. But after SESTA-FOSTA and facing government lawsuits, Backpage was forced offline. The result? A victory for those who seek to censor and criminalize sex work. But a blow to sex workers’ safety, and to law enforcement’s ability to combat trafficking.
At the end of the day, SESTA-FOSTA was a trojan horse that used “protect the children” to combat sex work. Sadly it seems that history is repeating itself once again. Some argue that the charges against Durov were withheld to “prevent swaying public opinion on the investigation.” In reality, the withholding of information does precisely that. It makes it seem like Durov is protecting predators, which is the easiest way to turn people against him.
Why is Telegram being singled out?
Now you might be wondering why only Telegram is under fire when CSAM can be found on all platforms. Why not Twitter, Facebook, and YouTube? Because they cooperate with law enforcement. Despite claims of E2EE, these platforms share user data with law enforcement. Telegram, however, does not. Telegram claims to regulate itself, which opens it up to arguments that it’s “not doing enough.”
That’s also the case for other encrypted chat services, though, like Signal and Threema. So why aren’t their CEOs getting arrested? And that’s where Telegram’s controversial decision to keep MTProto proprietary comes back around. Not being open-source makes it possible for Telegram to have access to user messages. Signal and Threema aren’t worried about governments asking for data because they can’t access the data themselves. Telegram, on the other hand, arguably does have access to the data. This means that they are actively choosing not to cooperate with law enforcement. Great for privacy, bad for legal compliance.
Ok, but child exploitation is bad
We must also address the elephant in the room, though. Since the dawn of the internet, anonymity has allowed criminals to get away with heinous acts. And governments have always used that excuse to spy on their citizens. Who can forget the infamous Patriot Act? Which, in case you’re unaware, is still alive and well.
Like the balance between privacy and convenience, the balance between security and freedom is also very delicate. How much convenience are you willing to sacrifice in return for how much privacy? And how much freedom are you willing to sacrifice for how much security? It’s very much a subjective choice. What isn’t subjective is FBI Director James Comey’s own words from 2017. He stated that the Patriot Act had “not prevented a single attack” on American soil. Now, I’m far from a conspiracy theorist, but this perhaps begs the question. Why do governments love mass surveillance so much if it doesn’t improve security?
Anti-privacy laws
This case highlights the concerning global trend of demonizing encryption in recent years. The UK, for example, passed the Investigatory Powers Act in 2016. It allows intelligence agencies to demand decryption keys from companies. Likewise, Australia’s Assistance and Access Act of 2018 compels companies to concede access to encrypted data, even if it means building backdoors into their systems. India and the United States have similar laws. These laws pressure companies to weaken security measures, or risk persecution. They make privacy illegal, and caring about it mean that you have something to hide.
While not explicitly targeting encryption, other countries with mass surveillance laws include China, Russia, South Korea, Japan, and more. In fact, the default government stance currently is pro-surveillance and anti-privacy. This is even in countries that codify the right to privacy in their constitution, like Russia.
France ramped up its surveillance laws with the 2015 Intelligence Act. This provides context to Durov’s arrest. It also helps explain the contrast with the EU’s generally positive stance on privacy. French authorities seem to be making an example out of Telegram to communicate their commitment to cracking down on privacy-protecting platforms.
What can we do about it?
This serves as a reminder of how governments justify eroding our civil rights using fear. But manipulating public opinion is only possible when people are distracted. When we neglect to engage in the political process and hold power accountable, we create a vacuum that allows these abuses to flourish.
The arrest of Pavel Durov should serve as a wakeup call that we cannot afford to be complacent. The fight for online privacy and internet freedom is far from over, and we’re losing. While we argue over which encrypted app is more private, we’re losing the freedom to use encryption at all. Privacy is about the ability to speak truth to power, and fight for what we believe in. When governments can spy on our communications without consequence, freedom becomes impossible. Without dissent critiquing power, the very foundations of democracy begin to crumble.