Russian Court Says Telegram Must Hand Over Encryption Keys To State Intelligence Service
from the maybe-don't-hold-onto-all-of-the-keys-in-the-first-place dept
Here's an idea for the FBI, gift-wrapped and signed "From Russia, With Love."
Telegram, the encrypted messaging app that’s prized by those seeking privacy, lost a bid before Russia’s Supreme Court to block security services from getting access to users’ data, giving President Vladimir Putin a victory in his effort to keep tabs on electronic communications.
Supreme Court Judge Alla Nazarova on Tuesday rejected Telegram’s appeal against the Federal Security Service, the successor to the KGB spy agency which last year asked the company to share its encryption keys. Telegram declined to comply and was hit with a fine of $14,000. Communications regulator Roskomnadzor said Telegram now has 15 days to provide the encryption keys.
Who needs backdoors when messaging services are willing to keep their customers' front doors keys on hand for you? Sure, Telegram doesn't want to turn these over to the FSB, but its decision to hold onto encryption keys means they're available to be had. Telegram is appealing this decision, so customers' keys are safe for now, but there's zero chance the FSB is going to back down.
The FSB has also provided a ridiculous argument for the FBI to use when demanding companies retain keys for easy law enforcement access. According to the FSB's interpretation of the Russian constitution, no privacy violations occur when the government obtains citizens' encryption keys.
The security agency, known as the FSB, argued in court that obtaining the encryption keys doesn’t violate users’ privacy because the keys by themselves aren’t considered information of restricted access.
Clever. The keys are not restricted info. Everything accessible with the keys is. This isn't completely unlike judicial assertions that passwords are not evidence, even if relinquishing them then gives the government access to plenty of evidence. In this case, the FSB is collecting the keys to everyone's houses and promising not to open them up and take a look around whenever it feels the urge. The best way to protect users' privacy is to not hold the keys. The second best way is to take your business elsewhere (but in reverse, I guess) when local governments claim the only way you can do business locally is by placing users' communications directly in the government's hands.
If Telegram is forced to hand the keys over, it will be the last communications company in Russia to do so. All others have "registered" with the state communications agency, putting their users' communications directly in the Russian government's hands. If Telegram decides to pull out of the market, it will leave behind nearly 10 million users. Many of those will probably end up utilizing services the FSB has already tapped. Others may go overseas for uncompromised messaging services. But in the end, the FSB will get what it wants.
As for Telegram, it's facing a tough choice. With an initial coin offering in the works, it may not be willing to shed 10 million users and risk lowering its value. On the other hand, it may find standing up for 10 million users isn't something that matters to investors. Unfortunately, pushing back against the FSB on behalf of its users still may result in the loss of several million users once the Russian high court reaches its expected decision several months down the road. It still has the option of moving its operations out of the reach of the Russian government while still offering its services to Russian citizens. This may be the choice it has to make if it wants its millions of Russian users to avoid being stuck with compromised accounts.
Filed Under: encryption, fsb, privacy, russia, surveillance
Companies: telegram