Russian Court Says Telegram Must Hand Over Encryption Keys To State Intelligence Service
from the maybe-don't-hold-onto-all-of-the-keys-in-the-first-place dept
Here's an idea for the FBI, gift-wrapped and signed "From Russia, With Love."
Telegram, the encrypted messaging app that’s prized by those seeking privacy, lost a bid before Russia’s Supreme Court to block security services from getting access to users’ data, giving President Vladimir Putin a victory in his effort to keep tabs on electronic communications.
Supreme Court Judge Alla Nazarova on Tuesday rejected Telegram’s appeal against the Federal Security Service, the successor to the KGB spy agency which last year asked the company to share its encryption keys. Telegram declined to comply and was hit with a fine of $14,000. Communications regulator Roskomnadzor said Telegram now has 15 days to provide the encryption keys.
Who needs backdoors when messaging services are willing to keep their customers' front doors keys on hand for you? Sure, Telegram doesn't want to turn these over to the FSB, but its decision to hold onto encryption keys means they're available to be had. Telegram is appealing this decision, so customers' keys are safe for now, but there's zero chance the FSB is going to back down.
The FSB has also provided a ridiculous argument for the FBI to use when demanding companies retain keys for easy law enforcement access. According to the FSB's interpretation of the Russian constitution, no privacy violations occur when the government obtains citizens' encryption keys.
The security agency, known as the FSB, argued in court that obtaining the encryption keys doesn’t violate users’ privacy because the keys by themselves aren’t considered information of restricted access.
Clever. The keys are not restricted info. Everything accessible with the keys is. This isn't completely unlike judicial assertions that passwords are not evidence, even if relinquishing them then gives the government access to plenty of evidence. In this case, the FSB is collecting the keys to everyone's houses and promising not to open them up and take a look around whenever it feels the urge. The best way to protect users' privacy is to not hold the keys. The second best way is to take your business elsewhere (but in reverse, I guess) when local governments claim the only way you can do business locally is by placing users' communications directly in the government's hands.
If Telegram is forced to hand the keys over, it will be the last communications company in Russia to do so. All others have "registered" with the state communications agency, putting their users' communications directly in the Russian government's hands. If Telegram decides to pull out of the market, it will leave behind nearly 10 million users. Many of those will probably end up utilizing services the FSB has already tapped. Others may go overseas for uncompromised messaging services. But in the end, the FSB will get what it wants.
As for Telegram, it's facing a tough choice. With an initial coin offering in the works, it may not be willing to shed 10 million users and risk lowering its value. On the other hand, it may find standing up for 10 million users isn't something that matters to investors. Unfortunately, pushing back against the FSB on behalf of its users still may result in the loss of several million users once the Russian high court reaches its expected decision several months down the road. It still has the option of moving its operations out of the reach of the Russian government while still offering its services to Russian citizens. This may be the choice it has to make if it wants its millions of Russian users to avoid being stuck with compromised accounts.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: encryption, fsb, privacy, russia, surveillance
Companies: telegram
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in thread ]
Just say no
[ link to this | view in thread ]
Re:
the best way for a business to keep their stuff secure is to stop making keys and only make the locks.
let the device users make the keys!
[ link to this | view in thread ]
Re: Just say no
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Re: Just say no
[ link to this | view in thread ]
Step 2) Encrypt the keys
Step 3) Grab 1 Bazillion additional unrelated keys
Step 4) Encrypt the Bazillion keys with the original keys
Step 5) Zip the entire file
Step 6) Encrypt the Zip file
Step 7) Print the file
Step 8) Snail Mail
Step 9) Middle finger??
[ link to this | view in thread ]
Re: Re: Re: Just say no
[ link to this | view in thread ]
Re: Re: Re: Re: Just say no
okay when you do it... just bad when others do.
[ link to this | view in thread ]
Even worse is the thought that US "deep state" has almost exactly the same goals of destroying privacy and usurping extra-constitutional powers.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Just say no
[ link to this | view in thread ]
FBI did this 4 years ago
Um... this is literally an idea from the FBI. They demanded the master key for Lavabit just to get at Snowden. Unlike Russia, they made the very unamerican move of going to a secret court and denying Levison his freedom of speech.
[ link to this | view in thread ]
"Ok here's the key"
00OO000OOBB8BB8BB8I11I111III ect in Arial
[ link to this | view in thread ]
Re:
Turns out they don't like that.
[ link to this | view in thread ]
Meh...
[ link to this | view in thread ]
[ link to this | view in thread ]
Because if GOOD guys can get it, then BAD guy scan get it.
[ link to this | view in thread ]
[ link to this | view in thread ]
the Question
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re:
It's rather depressing to see a major country like Russia, after many years of trying to establish a western-style liberal democracy, slowly reverting back to Soviet-style totalitarianism
To which you could add "driven in that direction by Western Politicians who actually prefer having Russia as an enemy."
The fact is that during the Soviet era the west cultivated any group within the eastern bloc that was anti-soviet. They never enquired as to whether the group was actually anti-communist or really just anti-Russian.
When the cold war ended they continued to support those groups, when rationally they should have re-assessed and been even handed between Russia and its historic (pre 20th century) enemies.
What they actually did was absolutely guranteed to produce the result that we see.
[ link to this | view in thread ]
Re:
Because if GOOD guys can get it, then BAD guys can get it.
You mean:
Because if our BAD guys can get it, then other peoples BAD guys can get it.
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
But...
Yeah, but that argument only works where the judges have been specifically chosen to agree with an authoritarian government and will ignore the rights and needs of the population at large and twist arguments to support the dictatorial desires of the government in its perceived need for total surveillance of its populace, whereas in America... Oh, wait... Never mind.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]