Russia Wants to Make an Example of Telegram

The messaging app is under direct attack from Russian domestic intelligence. The real target may be Facebook and Twitter.

Every government involved in today’s cyberwars has some interest in surveilling the users of messenger apps; but more oppressive states don’t bother to hide it. Telegram, the encrypted messenger in Russia, recently received a letter from the country’s domestic intelligence service, the FSB that highlights this disparity — and the dangers of trusting tech companies’ privacy-related assurances.

 Pavel Durov, the founder of Telegram, published the FSB letter on Vkontakte, the popular Russian Facebook clone that he also founded but no longer controls. In the document, helpfully translated into broken English because the company behind Telegram is registered in the U.K., the intelligence service tells the messenger that it is obliged under a Russian law passed last year to hand over keys allowing the government to decrypt any communications transmitted over it — and is already in violation of the law for not having done so. This is the same law that threatens Facebook and Twitter with closure in Russia next year until they start storing Russians’ personal data inside the country; Twitter has promised to localize its operation by mid-2018, Facebook hasn’t told the Russian authorities anything yet.
 The FSB is taking the legal route, which is likely to lead to a court case against the quasi-Russian entity, as a warning for the likes of Facebook and Twitter. It must let them know they can’t get away with flaunting the draconian information security law. Telegram, with its claims of extra security and neutrality, is the ideal target for such a demonstration.
Durov, who set up Telegram with his brother Nikolai, is Russian, though he has lately also acquired the citizenship of St. Kitts and Nevis, which allows visa-free travel to most Western nations. He has taken pains to put a distance between Telegram and Russia; there’s the British company, Telegram LLP, and the messenger’s official FAQ says the service’s headquarters is in Berlin. “While the Durov brothers were born in Russia, as were some of the key developers, Telegram is not connected to Russia – legally or physically,” the FAQ says. But a disgruntled former employee recently asserted that much of the development work was being done out of a St. Petersburg office, a claim Durov has denied. If part of the team does work in Russia, the developers — and through them the company — are open to both legal and extrajudicial risks; they can come under heavy pressure to allow the FSB access to Telegram communications.
 That may not be the biggest threat to the security of its users’ messages; National Security Agency leaker Edward Snowden has warned that Telegram is less safe than rival WhatsApp because it stores most of its communications in the cloud, potentially giving third parties access to them. But the geography matters to users a lot; it has to do with trust.

Telegram, which has more than 100 million monthly active users, enjoys outsize popularity in the Middle East, where U.S. products are often distrusted. According to App Annie, it’s the most downloaded communication app on Android devices in Iran, while WhatsApp with its more than 1 billion users comes second. In a way, that’s understandable: it wasn’t so long ago that Iran tried to ban WhatsApp because of Mark Zuckerberg, calling the chief executive officer of WhatsApp owner Facebook “an American Zionist.” To many Iranians, a Russian connection is safer, but that doesn’t mean the Iranian government won’t go after Telegram as well: Tehran prosecutors have recently filed charges of child pornography and extremist propaganda against Durov.

To Americans or, for example, to protesters in Hong Kong, the probable compromise of China-based messengers such as WeChat and QQ (the Chinese government being the obvious culprit) is a strong reason not to use them. In 2014, now-impeached South Korean President Park Geun-hye had prosecutors trail the local messenger app, Kakao Talk, for insulting comments about her, inducing a mass migration to Telegram, which promised end-to-end encryption.

In Russia, the encryption promise without either a U.S. or any noticeable local presence has brought Telegram about 10 million users. The messenger’s “channel” capability, which allows a user to broadcast content to subscribers, has attracted anonymous commentators with inside knowledge of Russian politics, as well as talented entertainers; the most popular political and entertainment channels have followers in the tens of thousands, and they are widely quoted and discussed in the media. Channel owners sell ads, something Telegram itself doesn’t do, and some entrepreneurs have even sold their channels. This phenomenon probably wouldn’t have been possible without a perception of safety and neutrality.

People know by now not to put too much of their lives on social networks such as Facebook, Instagram or Twitter. These services are too easy for employers and governments to track; in Russia and other countries with authoritarian regimes, people have been jailed for comments on public social networks. The risks of putting too much on email is obvious to anyone who has followed the U.S. scandals during the 2016 election campaign. Messengers have projected a sense of greater security by claiming they use end-to-end encryption (which doesn’t necessarily mean they are much safer) and simply by not putting our interactions out in the open where everyone can read them, the way the social networks do. But the Russian security services’ interest in Telegram — like the WeChat case in China or the U.K. government’s persistent attempts to have a backdoor built into WhatsApp — is a sign that each of these systems is eventually likely to be penetrated. Spy services are persistent, and they have a lot of power to both demand entry and gain entry illegally.

This poses a danger for anyone using messenger apps developed by any corporate entity. These are easy targets for open and covert government pressure anywhere, but especially in authoritarian countries such as Russia. For the highest possible level of privacy and security, an app needs to be open-source and constantly watched over by an engaged, distributed developer community; Signal, the app Snowden recommends, fits that description most closely. For Telegram, the game may well be up soon.


Leave a Reply

Your email address will not be published. Required fields are marked *