Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Encryption

Telegram Founder's Indictment Thrusts Encryption Into the Spotlight (nytimes.com) 124

An anonymous reader shares a report: When French prosecutors charged Pavel Durov, the chief executive of the messaging app Telegram, with a litany of criminal offenses on Wednesday, one accusation stood out to Silicon Valley companies. Telegram, French authorities said in a statement, had provided cryptology services aimed at ensuring confidentiality without a license. In other words, the topic of encryption was being thrust into the spotlight.

The cryptology charge raised eyebrows at U.S. tech companies including Signal, Apple and Meta's WhatsApp, according to three people with knowledge of the companies. These companies provide end-to-end encrypted messaging services and often stand together when governments challenge their use of the technology, which keeps online conversations between users private and secure from outsiders.

But while Telegram is also often described as an encrypted messaging app, it tackles encryption differently than WhatsApp, Signal and others. So if Mr. Durov's indictment turned Telegram into a public exemplar of the technology, some Silicon Valley companies believe that could damage the credibility of encrypted messaging apps writ large, according to the people, putting them in a tricky position of whether to rally around their rival.

Encryption has been a long-running point of friction between governments and tech companies around the world. For years, tech companies have argued that encrypted messaging is crucial to maintain people's digital privacy, while law enforcement and governments have said that the technology enables illicit behaviors by hiding illegal activity. The debate has grown more heated as encrypted messaging apps have become mainstream. Signal has grown by tens of millions of users since its founding in 2018. Apple's iMessage is installed on the hundreds of millions of iPhones that the company sells each year. WhatsApp is used by more than two billion people globally.

This discussion has been archived. No new comments can be posted.

Telegram Founder's Indictment Thrusts Encryption Into the Spotlight

Comments Filter:
  • by Bruce66423 ( 1678196 ) on Friday August 30, 2024 @11:51AM (#64749014)

    'Telegram, French authorities said in a statement, had provided cryptology services aimed at ensuring confidentiality without a license.'

    So the debate comes down to whether encryption is a matter of free speech or something which the state has the power to regulate.

    The good news is that the accused has the money to get the best possible lawyers involved. The bad news that our lords and masters don't want us talking to each other unless they can eavesdrop...

    It'll be a good fight. I will be pleasantly surprised if our lords and masters don't win.

    • Re: (Score:3, Insightful)

      So the debate comes down to whether encryption is a matter of free speech or something which the state has the power to regulate.

      The state has the power to regulate whatever it wants. As we've seen, your own body isn't off limits to regulation.
      • by AleRunner ( 4556245 ) on Friday August 30, 2024 @12:19PM (#64749086)

        The state has the power to regulate whatever it wants. As we've seen, your own body isn't off limits to regulation.

        Never has been. In WWII all powers on all sides conscripted them and sent them into massive risk of death. States which fail to do that get replaced by states which are able to do it. The people are not always conserved in this process.

      • But the state can't reverse a trapdoor function. And if it tries to ban something that it can't regulate then it will only give advantage to criminals.
    • by Mordain ( 204988 )

      Encryption is fancy math. Does this mean the state should be able to regulate any level of math they desire?

      • That's like saying drugs are just fancy chemistry.

        • by Luckyo ( 1726890 )

          Fancy chemistry is fundamentally fancy math.

          • "All science is either physics or stamp collecting." -Ernest Rutherford
            • by Luckyo ( 1726890 )

              Physics is fundamentally fancy math too. He was wrong. Everything starts with math. Including physics.

              Except social sciences. But those are anti-scientific method in the first place.

          • Thought and the chemistry that drives it are not the same thing

            Conflating the two takes heroic levels of mental impairment. Or, apparently, the EU.

            • by Luckyo ( 1726890 )

              "Fundamentally" and "same thing" are not the same thing. Any more so than "red car" is fundamentally a "car" but not the same thing as "a car".

        • by Mordain ( 204988 )

          There's a physical component to chemistry at least, and it's the results that are what is usually illegal (at least at the federal level). It's hard if not impossible to make knowledge of growing or making things illegal, though they certainly try. But with encryption, the results can't be proven illegal (or in most cases, proof of communication of wrongdoing) unless they break the encryption.

      • Obligatory XKCD:
        https://xkcd.com/435/ [xkcd.com]
    • by thegarbz ( 1787294 ) on Friday August 30, 2024 @12:25PM (#64749104)

      So the debate comes down to whether encryption is a matter of free speech or something which the state has the power to regulate.

      While France has free speech and the US has free speech, the idea that this freedom is linked to fundamental freedom of anonymity is a construct from judicial branch and not something most countries have codified in law. Even in the USA that freedom does not come with the requirement for a service to be offered, i.e. the government can for a whole litany of reasons shut down other services as well if they break another law. Free speech doesn't come into that.

      Even the USA tried to regulate encryption. Their problem wasn't a legal one, but a practical one, attempting to legislate something that wasn't possible in the modern world - export restrictions on math.

      • by Rujiel ( 1632063 )

        "While France has free speech"

        Lol, is that why they would ban an entire platform like Rumble? And now Telegram, depending on how that goes. But either way, it's for the public's protection, of course. /s

        • "While France has free speech"

          Lol, is that why they would ban an entire platform like Rumble? And now Telegram, depending on how that goes. But either way, it's for the public's protection, of course. /s

          Given that neither platform is banned I'm going to go with... yes. I just say yes because your post makes no sense in any context and I figure appeasing you is more productive than getting further involved in whatever bizarre ignorant argument you want to have.

    • What is an ECCN with regards to exporting cryptography to the US?

    • Cryptology is the study of ciphers. Is that really what Telegram was doing? I doubt that.
    • by AmiMoJo ( 196126 )

      TFA is a bit misleading. You don't need a licence, you need a declaration. You have to say you are doing it, not get permission. Other messaging apps have done so, e.g. WhatsApp.

      That's not the main reason they are after this guy though, it's just throwing everything they can at him because you only get one opportunity. Well, you can try to add stuff later, but the courts don't look very favourably on you piling on extra chargers when it looks like you are about to lose.

      The main thing is actually a lack of c

    • People only feel the need for E2E because government agencies have assumed the power to wire-tap anyone & everyone, effectively without a specific warrant. It's a problem of their own making. If they respected their own laws & civil & human rights, the vast majority of people could communicate with only massive IT corporations listening in & creating personal profiles about everyone. So that part needs regulating just as strongly as govt warrant-less surveillance.
    • by Zocalo ( 252965 )
      AFAICT, acquiring these licenses is pretty much a formality and it's more a registry of providers than anything else. I suspect it's a throwback to the days when things like SSH were classed as munitions by the US and exporting them to countries that were not friendly with the US was considered a much more serious offence. Of course, it's also a useful thing for the French authorities to have that list and implicit ability to revoke the licenses thereby crippling a company, just in case, so of course it's
      • it's still the law of the land and whether you agree with the law or not

        "Look. The law is frackin' stoopid and the legislators who crafted it are equally stoopid and ignorant , but by it's very definition it's beyond reproach"

        How about... no?

        Dumber than a shiat-covered stick is pretty much the defacto standard of anything coming out of the EU.

    • The laws about encryption in Europe and North America are not the same. In general, governments love to spy and dont like it if you interfere with that.
  • by jacks smirking reven ( 909048 ) on Friday August 30, 2024 @11:52AM (#64749020)

    But while Telegram is also often described as an encrypted messaging app

    There it is, Telegram is NOT an encrypted messaging app. It has an encrypted messaging feature but it is a social media platform. Simply because it became popular around the same time as Signal and the other alt-social-media sites in the Facebook/Twitter snapback a few years back doesn't mean both services are really alike in function or purpose at all.

    Now whether Telegram advertised and singalled (heh) to it's users that it is an encrypted messaging app, sure, maybe something untoward is there but really if you were doing clandestine shit on Telegram, well, that's a bit on you if you are panicking today. PGP exists.

    • by echo123 ( 1266692 ) on Friday August 30, 2024 @01:21PM (#64749260)

      Not a Telegram user but from what I've read [telegram.org], Telegram actually hosts content on servers under its control. That's a major distinction between it and Signal both technically and legally. That makes Telegram a content provider as well as a messaging tool.

      Telegram is a cloud service. We store messages, photos, videos and documents from your cloud chats on our servers so that you can access your data from any of your devices anytime without having to rely on third-party backups.

      If the government gives you a subpoena, you must comply. Signal saw this coming long ago and engineered specifically for such an event, and there's nothing for them to surrender to the Feds. Signal really is P2P. I don't think Moxie Marlinspike of Signal is terribly concerned with getting hit up by the Feds the same way as what's happened to Telegram's Pavel Durov.

      = = = = = =

      Fun fact: Pavel Durov claims to have fathered over a hundred children.

      https://techcrunch.com/2024/08... [techcrunch.com]

      • Yeah everything i've seen and experienced with Signal seems to show the product is legit, it does what it says it does, money where mouth is as they say.

        As you said, it's actually not that complicated to create a system where the operators of that system have no access to the information traversing it, ultimate and true deniability. It's just usually there's not as much money to be made with such a service.

        • Do you believe folks that say Signal is controlled by the CIA and they've backdoored it?
          • Signal is secure so people use it to say absolutely whatever on their phones.

            Their phones are backdoored.

            Not technically a honeypot.

          • No to the former but that's only because of it's open source nature since I think that's pretty much the only way you can truly know if something is backdoored. The latter I think is always possible, a three letter does have potential to break something without anyones notice.

            Then again that assumes a certain degree of competency so whos to say.

  • by Pseudonymous Powers ( 4097097 ) on Friday August 30, 2024 @11:54AM (#64749026)

    This is why, a few years back, I just mailed everyone I care to talk to a pad of closely printed sheets of random numbers. If they want to communicate with me, they just convert each letter in their message to a number using a chart, then add that number to the number at the corresponding position on the pad, and, if it's greater than the total number of possible characters, subtract that out, then email me the result.

    I'm thinking of patenting it.

  • Fixed that for you. (Score:3, Informative)

    by Anonymous Coward on Friday August 30, 2024 @11:54AM (#64749030)

    These companies provide end-to-end encrypted messaging services and often stand together when governments challenge their use of the technology, which keeps online conversations between users private and secure from intrusive governments and criminals.

    Jami. https://jami.net/ [jami.net] Open source, E2EE, P2P.

  • Quoth wikipedia, https://en.wikipedia.org/wiki/... [wikipedia.org]

    "Loi no 2001-1062 du 15 novembre 2001 relative à la sécurité quotidienne, article 30 (Law #2001-1062 of 15 November 2001 on Community Safety) allows a judge or prosecutor to compel any qualified person to decrypt or surrender keys to make available any information encountered in the course of an investigation. Failure to comply incurs three years of jail time and a fine of â45,000; if the compliance would have prevented or mit

    • This is completely irrelevant. The French law only applies to services providing encryption on their end. It doesn't compel people to hand over something they don't have, nor does it ban end-to-end encryption that is handled by the client. That law is not the reason Telegram is in trouble.

  • by Anonymous Coward

    Keep a careful eye out for when people are talking about cryptographic (cryptologic? ok, I admit I don't know when to use which word) services, versus applications (i.e. code) versus protocols.

    In the US, we have CALEA and it only regulates services: it requires services to be completely insecure, so if someone says they have a secure messaging service, you know they're either lying or they aren't operating in the US. And if you use an app which depends on that service, then you know it can't possibly be sec

    • At least in its original incarnation, CALEA was real-time "lawful intercept", but only covered wiretaps of raw data. Although it was passed around the same time as the Clipper chip was attempted, there were no key escrow or other such requirements, and as such no specific breakage of E2EE systems, nor of things analogous to an STU-III/STE phone [although there's a good chance that STU-III had key escrow, it was a military system].

      It has been subsequently expanded to include VoIP, SMS and "broadband" traffic

  • > For years, tech companies have argued that encrypted messaging is crucial to maintain people's digital privacy, while law enforcement and governments have said that the technology enables illicit behaviors by hiding illegal activity.

    The question comes down to do you trust the government? How much harm (to minors, those being exploited, those harmed by the crimes enabled by true privacy, etc) is worth protecting it. Then again on the other side, how much do you trust government (which can give almo

    • Seems like a long time ago there was a war fought about invasive government and why we shouldn't trust government...

      2003, Iraq

      The revolution was not fought for something so simplstic as "do not not trust the government" and we know that because the first thing after the revolution the newly formed states did was... attempt to form a government and first one which was far looser and ill defined as the Constitution today was a failure, something those same founding figures realized and why we have a much stronger federated system today.

      Also the Ben Frankling quote is not about privacy, or distrust of government, in fact in

      • Leave it to NPR to try and weaken a quote by a founding father on privacy. Of course they did. Here are some better quotes from notable folks on privacy that your Commie pals can't weaken in the same whiny/condescending "ackshully" way.

        Tim Berners-Lee - "The right to privacy is crucial for democracy. Without privacy, individuals cannot speak freely, think freely, or assemble freely."

        Bruce Schneier - "Privacy is an inherent human right, and a requirement for maintaining the human condition with dignity
        • Why would the quotes of 2 technology academics, 1 hack reporter and his hack whistleblower matter to anyone about anything? 4 out of 5 have as much validity as I do (and the both of us actually deserve more standing than fucking Greenwald).

          Also none of them are arguing the context of the quote so NPR is right until shown otherwise.

          The founders probably would agree in spirit with that but that does not mean they supported the idea of "do not trust the government". The founders were institutionlists, Frankli

    • i wonder how much intellectual property was stolen by corrupt government because they has access to messaging that should have been encrypted???
      • Probably zero. They don't need to do this. They can just refuse your patent or steal it from you after you do all the work.
  • by PubJeezy ( 10299395 ) on Friday August 30, 2024 @12:24PM (#64749098)
    Encryption is absolutely obviously not the issue with Telegram. Tim Cook isn't facing indictment for iMessage's encryption. There isn't a warrant out for the arrest for Mark Zuckerberg because of WhatsApp's encryption. And no one is calling Moxie Marlinspike a terrorist because Signal uses encryption.

    Telegram became a marketing and sales platform for transnational criminal organizations and guess what, it couldn't have been an accident. Honest folks that want privacy don't need the same things that a drug cartel or human trafficker needs. The fact that they've integrated mass-marketing and payment processing on their platform is a massive red-flag that this wasn't about free speech and privacy.

    Moxie Marlinspike is a hero and Pavel Durov is a villain and it makes perfect sense for one of 'em to be indicted. This is actually an example of the system seeing a complex issue and arriving at the correct conclusion.
    • Encryption absolutely is the issue according to the charge and report. Selective enforcement of laws is even worse than bad laws, and some would call that corruption. You can't just call one person a hero and the other a villain and then apply the law differently while using the act of someone being accused as proof of their villainy. The government wants to read private messages of criminals - they don't understand how exceptionally easy it is to encrypt something. Any criminal organization could create th
    • by Rujiel ( 1632063 ) on Friday August 30, 2024 @01:28PM (#64749300)

      Firsr paragraph: correct
      Second paragraph: as incorrect as the first was correct

      You went from incredulity and back to "think of the children" in 100 words or less.

      The new heat on Telegram is all about censorship. Israel had documents leak on Telegram in at August, and now August isn't even done and Telegram has been designated Satanic crimelord hellapp level 9000.

      https://www.haaretz.com/israel... [haaretz.com]

      • What about Level 9001? That’s when Telegram becomes the "Demon Kingpin’s Lair of Infinite Secrets." Once you hit that level, you're basically one encrypted message away from summoning a digital apocalypse.
    • by sfcat ( 872532 )
      Ahem, you know that Ukrainian troops use Telegram too right? You know that both sides of several conflicts use them right? Your efforts to paint Telegram as Russia are exactly what the French government is doing. It is also why it isn't working and the media is having to backpedal. If you were an actual international criminal, you wouldn't use Telegram or you would use it in a way that most people don't. This is about payback for the riots in Paris a few months ago. It has nothing to do with what you
    • > The fact that they've integrated mass-marketing and
      > payment processing on their platform is a massive
      > red-flag that this wasn't about free speech and
      > privacy.

      Huh? I'm pretty sure no one wants or needs mass-marketing; except perhaps for the sort of shitbirds that do the mass-marketing in the first place. But payment processing? Particularly secure, private, and anonymous payment processing? Basically payment processing that's equivalent to a cash transaction? I'm not sure about "need" p

    • by Sark666 ( 756464 )

      can you expand on that? what did telegram do that directly benefited a drug cartel? even if that's the case, my concern is encryption is the issue, and they'll use this 'bad actor' for new legislation.

      • Telegram's added two things that no privacy platform should ever implement, groups/channels and payment processing. Both are the antithesis of private but great for folks trying to sell illegal stuff.

        Groups are persistent and open other anonymous users, which means they're not secure. Honestly, I'm not even sure anyone is selling anything illegal on telegram as opposed to simply engaging in widespread fraud. If you make a comment on certain cannabis related subreddits you'll get invites to telegram groups
    • I think the difference is that the Telegram encryption actually works and the others dont.
  • Meta's WhatsApp...these companies provide end-to-end encrypted messaging services and often stand together when governments challenge their use of the technology

    Wrong, for this specific app.

  • Only outlaws will mS6 0qVcW1vkUUF

  • "These companies... often stand together when governments challenge their use of the technology"

    Apple and Whatsapp? Do they now?

    https://www.justsecurity.org/7... [justsecurity.org]

    "True, E2EE renders usersâ(TM) messages inaccessible to law enforcement in transit, but itâ(TM)s a different story for cloud storage. If an iMessage user has iCloud backups turned on, a copy of the encryption keyÂis backed upÂalong with the messages (for recovery purposes) and will be disclosed as part of Appleâ(TM)s warrant

  • A few days ago:

    "Telegram is bad because all data is stored on the servers unencrypted. It's obviously a Russian honeypot. Don't go there".

    Today: ...

    Yeah. Shills did a 180. As usual. But "thing you need to hate is bad" narrative just keeps going.

  • This particular case is interesting becuase it plays into what most people think. Encrypted messages is completely private right? Yes.

    But look at that flying elephant over there ! Did you see that!
    I made you look at the encrypted nature of your messaging app.

    In reality what you said or typed to the other criminal (we'll assume you're up to dastardly deeds for the sake of this argument) is nearly irrelevant. YOU think it's incredibly important because you're an egocentric monster.

    But what is relevant, what t
    • by Rujiel ( 1632063 )

      "But what is relevant, what the service provider gets and shares with national intelligence by law, is the metadata."

      With this metadata talk, tou're giving me flashback to the Snowden revelations, or even the Bush administration's granting of retroactive immunity to telecoms that enabled its extensive spying. All media takes were talking about the metadata when (at minimum with the NSA) it was well known that they had a lot more than just that.

      Don't be naiive, they want it all. The end of privacy is a stat

  • In a long line of people who think they can throw up a file-sharing server, declare it “free speech” like a sovereign-citizen with a clearly misfiring frontal cortex, allow CSAM to be freely distributed, and expect zero consequences.

    That sh&t’s fine in Russia, but this guy stepped foot in France.
  • by account_deleted ( 4530225 ) on Friday August 30, 2024 @01:48PM (#64749344)
    Comment removed based on user account deletion
    • This is making a comeback... In France ofc.
      Sometimes we have to deal with French customers, and on multiple occasions we've had to fill out export control forms specifying the cryptographic capabilities of our software.
      The best interaction with legal was "the fuck we know? We link the system openssl, whatever the system's cryptographic capacity is, those are ours."

      • Comment removed based on user account deletion
        • Don't worry, we basically copied the capabilities of openssl into that form...
          I mean what is an organization supposed to do if the end-user replaces the dynamic library on their system? Statically link everything? That would at least triple our releases.

        • ITAR primarily focuses on military-specific encryption and other defense-related technologies. For most civilian and commercial encryption technologies, EAR is the relevant regulation. Under these restrictions encryption that exceeds 56-bit DES or 128-bit RSA may need a license for export (including just publishing on the web). Thus, most authors make sure that any net-new algos don't emerge in the US initially. Also, open source has specific conditions for exemptions to the license requriement, but that al
  • by serafean ( 4896143 ) on Friday August 30, 2024 @02:07PM (#64749400)

    Most of us here knew/suspected already that Telegram wasn't encrypted in any meaningful way. So lets put that to the side.

    The question burning me is : Why now? What happened that now came the time to strike?
    Is it because Telegram has been piggy-backed on by russian military when their own (non-existent) network failed?
    Was France just waiting for him to land there for months/years?
    Is it simply that only now they feel they have a case?
    Is it a political PR stunt to show that "encrypted apps" aren't really encrypted, by going at the intersection of popular/technically bad?

    • by Rujiel ( 1632063 )

      Telegram refused to censor sputnik and the EU will not have it. From an NYTimes summary 3 days ago:

      "Mr. Durov made himself a target with an anti-authority ethos that governments should not restrict what people say and do online.."

  • Don't believe for a moment that any encrypted data is secure. I'm sure every major government around the world has the ability to quickly and easily decrypt anything they like. Crying wolf that they can't is just a smokescreen to keep the deception going. If you're sending encrypted data across the public Internet your data is being analyzed ... period.

    • Comment removed based on user account deletion
    • This is the best way to operate. We know that most broken encrypted communications applications are broken via their implementation methods or by circumvention (key logging and spying) not by breaking the encryption. Thus, no matter if you believe encryption is truly a magic black box or not, you still have to approach that box some way, some how. That's where they are going to snatch your cleartext. Why bother trying to break encryption when breaking the implementation is so much easier?
  • Comment removed based on user account deletion
  • As the French govt is heavily invested in Matrix https://element.io/case-studie... [element.io] , a federated IM andere group messaging service on which any and all communications and files are E2EE, am I the only one seeing the irony of the court bringing up encryption?

    No, I do not believe it's the encryption they don't like, but as a regular there, I believe it's rather
    1) how TG has never given out details about its users
    2) how TG seems like the wild wild west, where any reporting of scambots, catfish or dopescammers

  • French prosecutors charged Pavel Durov, the chief executive of the messaging app Telegram, with a litany of criminal offenses on Wednesday

    Sounds like french magistrates have learned from US justice playbook.

  • Remember the 90's, 40-bit web browser encryption limit (actually 128-bit, but 88 bits were in the clear in order to pass US export laws but also French encryption regulations)? Then French citizens got screwed (hacked, spied on, etc), some of their businesses allegedly lost a lot of money due to data leaks (Airbus?), so they started allowing stronger encryption.

While money can't buy happiness, it certainly lets you choose your own form of misery.

Working...