The Arrest Of Telegram’s Pavel Durov: What’s Encryption Got To Do With It?
Mallory Knodel / Aug 28, 2024Last weekend, Pavel Durov, the cofounder and CEO of Telegram, found himself detained after his private jet landed in France from Azerbaijan. Durov, who holds multiple passports but is originally of Russian descent, now faces scrutiny under French law. The circumstances of his detention – the details of which are still emerging – raise critical questions about Europe’s approach to content moderation, especially as it pertains to platforms like Telegram.
Telegram, often labeled as a messaging app, functions more like a social media platform due to its widespread use in organizing large group chats. Over the years, governments, human rights organizations, and civil society have repeatedly tried to engage with Telegram regarding its content moderation practices and its global governance policies. Despite this, the platform has been known to cooperate only selectively with governments, including those of Saudi Arabia and Russia, often leaving critics questioning its commitment to broader human rights beyond its stalwart front to protect privacy. Telegram has repeatedly refused to provide a duty of care to its users, including taking on board notice of harms and criminal activity from governments, hotlines and human rights groups.
A key issue with Telegram is the persistent misconception that it is a fully encrypted messaging service. While popular platforms like WhatsApp, iMessage, and Signal have embraced a high-bar standard for end-to-end encryption, Telegram has lagged behind. The platform's encryption practices are not as robust as its competitors, both in terms of end-to-end confidentiality and user privacy protections. This gap in encryption is crucial to understanding the broader implications of Durov's arrest.
So, what does Durov's arrest have to do with encryption? At first glance, it might seem like a direct indictment of encrypted messaging services. However, Telegram, by most measures, does not meet the standards of true end-to-end encryption. According to the press release from French authorities, the charges against Durov only tangentially involve encryption in invoking an arcane law that requires the import of cryptographic tools to be certified by the French Prime Minister.
The selective enforcement of these laws raises concerns about the broader application of such regulations in France. Is this law being applied uniformly across all online services that use cryptography, or is it being selectively enforced against certain individuals and platforms? The opacity surrounding these questions only deepens the unease.
If we treat Telegram as a purely social media platform, there are even more concerns about the way content moderation and abuse mitigation happens on the platform, but also how Europe envisions enforcing its own regulations on the same.
More importantly, Durov’s arrest should serve as a wake-up call for Telegram users themselves. It underscores the need for greater transparency about what the platform can and cannot see. Telegram has, to some extent, misled users into believing it is a fully encrypted service when it is not. If Telegram had implemented true end-to-end encryption, it would not have access to the content that authorities are now seeking.
This incident highlights the broader issue at stake: the necessity for more services to implement robust encryption, not fewer. Users deserve to know when their communications are truly confidential and when they are not. Encryption is not just a technical feature; it is a fundamental right that protects the privacy and security of individuals against unwarranted surveillance and intrusion.
As we move forward, the challenge will be ensuring that platforms like Telegram are held accountable for their encryption practices as much as they are for mitigating platform abuse and that users are given the tools to make informed choices about their safety on social media as well as their digital security.
Durov's case is more than just a legal issue; it is a reflection of the broader struggles over privacy, encryption, and state power in the digital age. It raises pressing questions about how Europe—and indeed the world—will balance the need for security with the protection of fundamental rights.