Date: 02/09/2024
Where:
France
Who’s involved:
Pavel Durov (Telegram CEO/Founder)
French Authorities
The broader intelligence community
What happened?
Pavel Durov, the founder and CEO of the social media and messaging platform, Telegram, is currently facing significant legal challenges in France.
Durov was initially detained at Le Bourget Airport near Paris on August 24, 2024.
On August 28, 2024, he was formally charged with several serious offenses, including complicity in illegal activities facilitated through Telegram.
The specific charges against Durov include:
Complicity in Managing an Online Platform for Illegal Activities: This includes accusations that Telegram has been used to facilitate the distribution of child sexual abuse material and drug trafficking.
Refusal to Comply with Legal Requests: Durov has been charged with refusing to share information or documents with French authorities when required by law, which is seen as obstructing justice.
Money Laundering: This charge relates to allegations that Telegram has been involved in financial transactions that may have violated money laundering regulations.
Criminal Association: This charge suggests that Durov is being implicated in a broader network of criminal activities facilitated through the platform.
Providing Cryptology Services Without Prior Declaration: Durov is also charged with offering encryption services through Telegram without adhering to the necessary legal declarations required by French law.
He is required to remain in France and posted a €5 million bail under the condition that he must report to a police station twice a week.
The case has been highly controversial throughout multiple domains of the security industry, and has led to discourse of mixed productivity, but also a massive spread of misinformation and disinformation.
Telegram is utilized heavily by criminal elements, law enforcement, military personnel, and investigators in most security fields.
Analysis
Telegram is a messaging service that functions very similarly to WhatsApp, with a greater emphasis on users being able to broadcast announcements to publicly visible channels. It is globally the third most popular of such services, just behind Facebook Messenger, with nearly 1 billion users.
Telegram is extremely popular in eastern Europe. It has arguably become the most important line of communication between the public and combatants in Ukraine.
Telegram distinguishes itself by having an option to engage in “secret chats” that are allegedly end-to-end encrypted while still using the same account as one’s broadcast channel. This means that the Telegram service itself is not supposed to be able to see what’s discussed between users in “secret chats”. WhatsApp, Facebook Messenger, and Signal have this option enabled by default in Europe. Telegram does not have end-to-end encryption enabled by default.
Being able to pivot from these private chats to public channels is part of the appeal for groups that want to maintain a level of privacy while still attracting a public audience.
This is why Telegram is the preferred messaging service for criminal and paramilitary organizations.
Intelligence professionals routinely monitor Telegram, as it offers unique insight into military, criminal, and extremist activity.
Competitor, Signal, is strictly end-to-end encrypted, and therefore cannot be found criminally liable in similar situations. Concerns have been raised that this could be threatened based on precedent set during Durov’s upcoming trial.
The arrest has prompted an extremely strong backlash within the intelligence and security communities, with many in favor of Durov’s arrest, and others decrying it as a point of major privacy and civil liberties concern.
Others are cautious of threats to Telegram’s existence, as it would remove a major primary intelligence source.
Some defenders of Durov argue that his arrest could set a dangerous precedent where platform operators are held criminally responsible for user-generated content, potentially stifling freedom of expression by forcing platforms to over-censor to avoid liability. This argument has been taken up by Elon Musk, whose own platform, X, was recently banned in Brazil for related reasons.
Many of the arguments have ignored the fact that the evidence being presented by the French government have come from the unencrypted public chat rooms hosted by various threat actors. Under current regulations in most EU countries, these are not protected, and are subject to cooperation by the platform owner, as they can access the unencrypted information.
Telegram has refused its opportunity to join the Child Sexual Abuse Material (CSAM) reporting agreement known as the Tech Coalition. It’s a subset of the WePROTECT Global Alliance, which includes platform owners Google, Microsoft, Meta (Facebook, WhatsApp), X corp (Twitter), Apple, Amazon, Snap Inc. (Snapchat), TikTok, and LinkedIn.
Durov’s rights since his arrest have also curiously been championed by the Russian government, who Durov, himself has been fleeing since 2014. In 2018, Russia attempted to block Telegram after Durov refused to comply with demands to hand over encryption keys. Despite the ban, Telegram continued to function in Russia due to the platform’s use of various technical workarounds, and the ban was unexpectedly lifted in 2020. Durov has publicly stated that no concessions had been made to the government.
Conclusion
Despite the concerns voiced by the intelligence and security communities, Pavel Durov’s situation is grounded in serious allegations that, for the time being, don’t have to put the government’s actions at odds with privacy rights or the legality of end-to-end encryption.
While Durov’s stated stance regarding the management of Telegram is one of “privacy first”, it’s also led to accusations of negligence, particularly in not taking adequate measures to prevent the misuse of the platform for criminal purposes. The French government’s actions appear to be legally justified under current laws, particularly concerning unencrypted public channels.
The bigger civil rights question demanded of this case is whether or not platform owners should be liable for what is posted on their platform. If the cases go to trial, it will be crucial to watch for its potential influence on other platforms and the broader tech landscape.