Russian Court Says Telegram Must Hand Over Encryption Keys To State Intelligence Service

from the maybe-don't-hold-onto-all-of-the-keys-in-the-first-place dept

Here's an idea for the FBI, gift-wrapped and signed "From Russia, With Love."

Telegram, the encrypted messaging app that’s prized by those seeking privacy, lost a bid before Russia’s Supreme Court to block security services from getting access to users’ data, giving President Vladimir Putin a victory in his effort to keep tabs on electronic communications.

Supreme Court Judge Alla Nazarova on Tuesday rejected Telegram’s appeal against the Federal Security Service, the successor to the KGB spy agency which last year asked the company to share its encryption keys. Telegram declined to comply and was hit with a fine of $14,000. Communications regulator Roskomnadzor said Telegram now has 15 days to provide the encryption keys.

Who needs backdoors when messaging services are willing to keep their customers' front doors keys on hand for you? Sure, Telegram doesn't want to turn these over to the FSB, but its decision to hold onto encryption keys means they're available to be had. Telegram is appealing this decision, so customers' keys are safe for now, but there's zero chance the FSB is going to back down.

The FSB has also provided a ridiculous argument for the FBI to use when demanding companies retain keys for easy law enforcement access. According to the FSB's interpretation of the Russian constitution, no privacy violations occur when the government obtains citizens' encryption keys.

The security agency, known as the FSB, argued in court that obtaining the encryption keys doesn’t violate users’ privacy because the keys by themselves aren’t considered information of restricted access.

Clever. The keys are not restricted info. Everything accessible with the keys is. This isn't completely unlike judicial assertions that passwords are not evidence, even if relinquishing them then gives the government access to plenty of evidence. In this case, the FSB is collecting the keys to everyone's houses and promising not to open them up and take a look around whenever it feels the urge. The best way to protect users' privacy is to not hold the keys. The second best way is to take your business elsewhere (but in reverse, I guess) when local governments claim the only way you can do business locally is by placing users' communications directly in the government's hands.

If Telegram is forced to hand the keys over, it will be the last communications company in Russia to do so. All others have "registered" with the state communications agency, putting their users' communications directly in the Russian government's hands. If Telegram decides to pull out of the market, it will leave behind nearly 10 million users. Many of those will probably end up utilizing services the FSB has already tapped. Others may go overseas for uncompromised messaging services. But in the end, the FSB will get what it wants.

As for Telegram, it's facing a tough choice. With an initial coin offering in the works, it may not be willing to shed 10 million users and risk lowering its value. On the other hand, it may find standing up for 10 million users isn't something that matters to investors. Unfortunately, pushing back against the FSB on behalf of its users still may result in the loss of several million users once the Russian high court reaches its expected decision several months down the road. It still has the option of moving its operations out of the reach of the Russian government while still offering its services to Russian citizens. This may be the choice it has to make if it wants its millions of Russian users to avoid being stuck with compromised accounts.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: encryption, fsb, privacy, russia, surveillance
Companies: telegram


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    Ninja (profile), 21 Mar 2018 @ 12:58pm

    There's Signal as well. As for the "idea for the FBI" part, the US is well seasoned already. Remember Lavabit?

    link to this | view in thread ]

  2. identicon
    Jordan, 21 Mar 2018 @ 1:28pm

    Just say no

    Just say no, what are they gonna do about it?

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 21 Mar 2018 @ 1:29pm

    Re:

    looks like they are starting back up.


    the best way for a business to keep their stuff secure is to stop making keys and only make the locks.

    let the device users make the keys!

    link to this | view in thread ]

  4. identicon
    Anonymous Coward, 21 Mar 2018 @ 1:30pm

    Re: Just say no

    knowing Russia, put a hit out on you.

    link to this | view in thread ]

  5. identicon
    Anonymous Coward, 21 Mar 2018 @ 1:36pm

    Re: Re:

    Exactly, because if anybody other than the communicating parties have the keys, the system is de-facto compromised.

    link to this | view in thread ]

  6. icon
    Ninja (profile), 21 Mar 2018 @ 1:46pm

    Re: Re: Just say no

    Nerve agent or radioactive stuff? Polonium was it?

    link to this | view in thread ]

  7. identicon
    Anonymous Coward, 21 Mar 2018 @ 1:52pm

    Step 1) Grab the keys
    Step 2) Encrypt the keys
    Step 3) Grab 1 Bazillion additional unrelated keys
    Step 4) Encrypt the Bazillion keys with the original keys
    Step 5) Zip the entire file
    Step 6) Encrypt the Zip file
    Step 7) Print the file
    Step 8) Snail Mail
    Step 9) Middle finger??

    link to this | view in thread ]

  8. identicon
    Anonymous Coward, 21 Mar 2018 @ 1:56pm

    Re: Re: Re: Just say no

    At least its more selective than a hellfire missile; but why do presidents think that ordering executions is acceptable if they do it, but wrong if another president does it.

    link to this | view in thread ]

  9. identicon
    Anonymous Coward, 21 Mar 2018 @ 2:00pm

    Re: Re: Re: Re: Just say no

    hypocrisy is a nasty thing...

    okay when you do it... just bad when others do.

    link to this | view in thread ]

  10. identicon
    Anonymous Coward, 21 Mar 2018 @ 2:07pm

    It's rather depressing to see a major country like Russia, after many years of trying to establish a western-style liberal democracy, slowly reverting back to Soviet-style totalitarianism, while drifting away the US and Europe and becoming close allies (both militarily and ideologically) to the uber-repressive State of China.

    Even worse is the thought that US "deep state" has almost exactly the same goals of destroying privacy and usurping extra-constitutional powers.

    link to this | view in thread ]

  11. identicon
    Anonymous Coward, 21 Mar 2018 @ 2:14pm

    Re: Re: Re: Re: Re: Just say no

    Let's not forget that Israel literally wrote the book on political assassinations. It seems that just about everyone who ever got on the wrong side of that tiny country ended up dying a mysterious death -- if not a very violent and bloody one.

    link to this | view in thread ]

  12. identicon
    Anonymous Coward, 21 Mar 2018 @ 2:17pm

    FBI did this 4 years ago

    Here's an idea for the FBI, gift-wrapped and signed "From Russia, With Love."

    Um... this is literally an idea from the FBI. They demanded the master key for Lavabit just to get at Snowden. Unlike Russia, they made the very unamerican move of going to a secret court and denying Levison his freedom of speech.

    link to this | view in thread ]

  13. identicon
    Baron von Robber, 21 Mar 2018 @ 2:25pm

    Send them a hard copy.

    "Ok here's the key"

    00OO000OOBB8BB8BB8I11I111III ect in Arial

    link to this | view in thread ]

  14. identicon
    Anonymous Coward, 21 Mar 2018 @ 2:35pm

    Re:

    link to this | view in thread ]

  15. identicon
    Coward Anonymous, 21 Mar 2018 @ 2:39pm

    Meh...

    One way or another, the FSB will obtain those keys. The power serfs think they have over their governments is an illusion and always has been. The powers that be will eventually get whatever it is they desire, in the end.

    link to this | view in thread ]

  16. identicon
    Anonymous Coward, 21 Mar 2018 @ 2:55pm

    best that Telegraph closes down in Russia, like Google did in Spain, but hope then that other countries dont follow what Russia is doing. although, in all honesty, every government in the world is doing the same thing. they are al so corrupt, they cant bear the thought that the people they are supposed to represent have any idea of what the 2 faced fuckers are up to, while, in reverse, every government wants to know every single thing about everybody!

    link to this | view in thread ]

  17. identicon
    Anonymous Coward, 21 Mar 2018 @ 4:37pm

    This kind of highlights the encryption back door issue. If such a door existed in encryption like the US Government seems to want, then it's only a matter of time until a foreign power like Russia demands the key and suddenly your entire system is compromised.

    Because if GOOD guys can get it, then BAD guy scan get it.

    link to this | view in thread ]

  18. identicon
    Anonymous Coward, 21 Mar 2018 @ 7:05pm

    This wouldn't be a problem if there was a backdoor like the FBI demanded. Then the company wouldn't have to hand over an encryption key.

    link to this | view in thread ]

  19. icon
    lars626 (profile), 21 Mar 2018 @ 8:37pm

    the Question

    Do the keys in question apply only to Russian users as a group, are there 10 million keys, or is it one set of keys for all users regardless of location?

    link to this | view in thread ]

  20. identicon
    Anonymous Coward, 21 Mar 2018 @ 11:22pm

    Re:

    Ever heard of a Merkle puzzle?

    link to this | view in thread ]

  21. icon
    Richard (profile), 22 Mar 2018 @ 4:22am

    Re:

    It's rather depressing to see a major country like Russia, after many years of trying to establish a western-style liberal democracy, slowly reverting back to Soviet-style totalitarianism

    To which you could add "driven in that direction by Western Politicians who actually prefer having Russia as an enemy."

    The fact is that during the Soviet era the west cultivated any group within the eastern bloc that was anti-soviet. They never enquired as to whether the group was actually anti-communist or really just anti-Russian.

    When the cold war ended they continued to support those groups, when rationally they should have re-assessed and been even handed between Russia and its historic (pre 20th century) enemies.

    What they actually did was absolutely guranteed to produce the result that we see.

    link to this | view in thread ]

  22. icon
    Richard (profile), 22 Mar 2018 @ 4:25am

    Re:

    Because if GOOD guys can get it, then BAD guys can get it.

    You mean:

    Because if our BAD guys can get it, then other peoples BAD guys can get it.

    link to this | view in thread ]

  23. icon
    The Wanderer (profile), 22 Mar 2018 @ 5:01am

    Re: Re:

    I don't think so, no; while that may be true, the original statement is at least equally true, and is a stronger point.

    link to this | view in thread ]

  24. identicon
    Anonymous Coward, 22 Mar 2018 @ 5:06am

    Re:

    it isn't us that need convincing, it's the selfish fuckers in charge of the likes of FBI,CIA HS etc! trouble is, they only see what they want, are completely ignoring the consequences and are extremely good at passing the blame when their little escapades go right down the Swanee!!

    link to this | view in thread ]

  25. icon
    Richard (profile), 22 Mar 2018 @ 5:29am

    Re: Re: Re:

    Can anyone who wants it under these conditions) reasonably be called a good guy?

    link to this | view in thread ]

  26. icon
    Not an Electronic Rodent (profile), 22 Mar 2018 @ 6:37am

    But...

    The security agency, known as the FSB, argued in court that obtaining the encryption keys doesn’t violate users’ privacy because the keys by themselves aren’t considered information of restricted access.

    Yeah, but that argument only works where the judges have been specifically chosen to agree with an authoritarian government and will ignore the rights and needs of the population at large and twist arguments to support the dictatorial desires of the government in its perceived need for total surveillance of its populace, whereas in America... Oh, wait... Never mind.

    link to this | view in thread ]

  27. icon
    BernardoVerda (profile), 22 Mar 2018 @ 10:54pm

    Re:

    Perhaps it's not foreign governments that really concern them?

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.