Cybercrime , Encryption & Key Management , Fraud Management & Cybercrime
French Prosecutors Detail Motives for Telegram CEO Arrest
Activists Raise Concerns Over Privacy and Hostility to End-to-End EncryptionThe Saturday evening arrest of Telegram CEO Pavel Durov by French law enforcement agencies thrust the already controversial social media platform further into the international spotlight as Paris authorities said the Russian billionaire will likely remain in custody at least through Wednesday.
See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk
French authorities including OFMIN, a recently-constituted police agency dedicated to the protection of minors, arrested Durov after he landed in his private plane in an airport located in the Paris outskirts. Durov is a Russia national who additionally holds citizenship in the United Arab Emirates and France (see: French Police Arrest Telegram CEO and Owner).
Paris Prosecutor Laure Beccuau said Monday the cybercrime section of her office in July opened an investigation "against person unnamed" for complicity in hacking, possession and distribution of child sexual abuse material, narcotics sales, and refusal to act on law enforcement requests to intercept communications. Beccuau's office also said her office is looking into the provision of cryptographic services "without certified declaration."
"It is within this procedural framework in which Pavel Durov was questioned by the investigators," she said. A magistrate approved custody for Durov through Wednesday.
OFIM chief Jean-Michel Berniguad said on LinkedIn Monday that main issue behind Durov's arrest is "the lack of moderation and cooperation of the platform (which has nearly 1 billion users), particularly in the fight against pedophilia." Durov in July posted on his Telegram channel that the platform has reached 950 million monthly active users. The company - which reportedly employees around 60 individuals - is based in Dubai, where Durov also lives.
The arrest has provoked criticism, including from conservative opponents of social media content moderation. Elon Musk, owner of social media platform X - formerly Twitter - tweeted "#FreePavel." Right-wing pundit Tucker Carlson wrote that Durov is "a living warning to any platform owner who refuses to censor the truth at the behest of governments and intel agencies." The Russian government in 2018 attempted to block domestic access to Telegram but rescinded the formal ban in 2020, stating that the company had proved its willingness to cooperate on measures combating "terrorism and extremism."
French President Emmanuel Macron played down criticism Monday, stating that "it is up to the judiciary, in full independence, to enforce the law."
Durov's arrest "on French soil took place as part of an ongoing judicial investigation. It is in no way a political decision. It is up to the judges to rule on the matter," Macron added. Telegram is blocked in China and Iran. A Brazilian court temporarily blocked it in 2023 for failing to cooperate with an investigation into neo-Nazi activities.
Telegram Encryption Is Weak But Still Potentially A Target
Although Telegram touts its use of end-to-end encryption for direct messages, the platform has faced a decade of criticism for cryptographic shortcomings. Direct messages are not encrypted by default, and as John Hopkins applied cryptography Associate Professor Matt Green observed Sunday, turning on end-to-end encryption requires going through a number of counter-intuitive app setting options.
Many of Telegram's most notorious accounts - among them, self-declared Russian hacktivists, cybercriminal groups, Kremlin apologists and conspiracy theorists - use it as a broadcasting platform that by definition doesn't need end-to-end encryption.
Still, "my strong suspicion is that many people who join Telegram for its social media features also end up using it to communicate privately," Green wrote - and do so without understanding that turning on end-to-end encryption requires additional steps. "Many of those users may not even realize they have to turn encryption on manually, and think they’re already using it."
Telegram's potential trove of messages composed by senders who thought they did do in secret but in fact are accessible to platform employees is reason to worry, some privacy advocates said. "There is certainly a huge concern among civil society and privacy advocates that French authorities may try to force Durov to provide Telegram messenger encryption keys to decrypt the private messages," said Natalia Krapiva, senior tech-legal counsel at digital rights group Access Now.
Some advocates are calling Durov's arrest part of a larger effort to undermine end-to-end encryption. Law enforcement, homeland security officials and prosecutors in Europe and North America have decried since their inception the growth of end-to-end encrypted chat apps in a longstanding policy fight that shows little sign of abating. Cryptographers say any effort to create a technical means for police to access end-to-end encrypted communication would create vulnerabilities inevitably exploited by hackers.
Tech companies, worried about decreased user confidence in online communications, have mostly refused to accommodate law enforcement.
British security activist Alec Muffett theorized Monday that Telegram's unsavory reputation made Durov a good candidate for a takedown by a government hostile to end-to-end encryption.
"Being such a weak platform, such a bad value offer, but with a brand reputation for (supposed) encryption and no serious, demonstrable pretense of delivering an anti-abuse, anti-extremist, pro-trust-and-safety agenda, makes Telegram ripe for plucking and being made an example-of by state authorities who want to undermine public demand for the entire field of secure messaging," he wrote.