Durov’s Arrest Details Released, Leaving More Questions Than Answers
from the still-concerning dept
Is the arrest of Pavel Durov, founder of Telegram, a justified move to combat illegal activities, or is it a case of dangerous overreach that threatens privacy and free speech online? We had hoped that when French law enforcement released the details of the charges we’d have a better picture of what happened. Instead, we’re actually just left with more questions and concerns.
Earlier today we wrote about the arrest and how it already raised a lot of questions that didn’t have easy answers. Soon after that post went out, the Tribunal Judiciaire de Paris released a press release with some more details about the investigation (in both French and English). All it does is leave most of the questions open, which might suggest they don’t have very good answers.
First, the report notes “the context of the judicial investigation” which may be different from what he is eventually charged with, though the issues are listed as “charges.”
I would bucket the list of charges into four categories, each of which raise concerns. If I had to put these in order of greatest concern to least, it would be as follows:
- Stuff about encryption. The last three charges are all variations on “providing a cryptology service/tool” without some sort of “prior declaration” or “certified declaration.” Apparently, France (like some other countries) has certain import/export controls on encryption. It appears they’re accusing Durov of violating those by not going through the official registration process. But, here, it’s hard not to see that as totally pretextual: an excuse to arrest Durov over other stuff they don’t like him doing.
- “Complicity” around a failure to moderate illegal materials. There are a number of charges around this. Complicity to “enable illegal transactions” for “possessing” and “distributing” CSAM, for selling illegal drugs, hacking tools, and organized fraud. But what is the standard for “complicity” here? This is where it gets worrisome. If it’s just a failure to proactively moderate, that seems very problematic. If it’s ignoring direct reports of illegal behavior, then it may be understandable. If it’s more directly and knowingly assisting criminal behavior, then things get more serious. But the lack of details here make me worry it’s the earlier options.
- Refusal to cooperate with law enforcement demands for info: This follows on from my final point in number two. There’s a suggestion in the charges (the second one) that Telegram potentially ignored demands from law enforcement. It says there was a “refusal to communicate, at the request of competent authorities, information or documents necessary for carrying out and operating interceptions allowed by law.” This could be about encryption, and a refusal to provide info they didn’t have, or about not putting in a backdoor. If it’s either of those, that would be very concerning. However, if it’s just “they didn’t respond to lawful subpoenas/warrants/etc.” that… could be something that’s more legitimate.
- Finally, money laundering. Again, this one is a bit unclear, but it says “laundering of the proceeds derived from organized group’s offences and crimes.” It’s difficult to know how serious any of this is, as that could represent something legitimate, or it could be French law enforcement saying “and they profited off all of this!” We’ve seen charges in other contexts where the laundering claims are kind of thrown in. Details could really matter here.
In the end, though, a lot of this does seem potentially very problematic. So far, there’s been no revelation of anything that makes me say “oh, well, that seems obviously illegal.” A lot of the things listed in the charge sheet are things that lots of websites and communications providers could be said to have done themselves, though perhaps to a different degree.
So we still don’t really have enough details to know if this is a ridiculous arrest, but it does seem to be trending towards that so far. Yes, some will argue that Durov somehow “deserves” this for hosting bad content, but it’s way more complicated than that.
I know from the report that Stanford put out earlier this year that Telegram does not report CSAM to NCMEC at all. That is very stupid. I would imagine Telegram would argue that as a non-US company it doesn’t have to abide by such laws. These charges are in France rather than the US, but it still seems bad that the company does not report any CSAM to the generally agreed-upon organization that handles such reports, and to which companies operating in the US have a legal requirement to report.
But, again, there are serious questions about where you draw these lines. CSAM is content that is outright illegal. But some other stuff may just be material that some people dislike. If the investigation is focused just on the outright illegal content that’s one thing. If it’s not, then this starts to look worse.
On top of that, as always, are the intermediary liability questions, where the question should be how much responsibility a platform has for its users’ use of the system. The list of “complicity” in various bad things worries me because every platform has some element of that kind of content going on, in part because it’s impossible to stop entirely.
And, finally, as I mentioned earlier today, it still feels like many of these issues would normally be worthy of a civil procedure, perhaps by the EU, rather than a criminal procedure by a local court in France.
So in the end, while it’s useful to see the details of this investigation, and it makes me lean ever so slightly in the direction of thinking these potential charges go too far, we’re still really missing many of the details. Nothing released today has calmed the concerns that this is overreach, but nothing has made it clear that it definitely is overreach either.
Filed Under: complicity, content moderation, csam, encryption, france, law enforcement, pavel durov
Companies: telegram
Comments on “Durov’s Arrest Details Released, Leaving More Questions Than Answers”
Does stuff like NCMEC fall under “proactive”?
While the bar for things can get very fuzzy, this alone is… concerning.
(Also, it’s worse than that. The Stanford study found Telegram wasn’t removing known matches to PhotoDNA.)
I would assume there’s some French equivalent? If it’s not doing it at all with NCMEC, it seems likely it’s being pretty cavalier overall. Also to quote the Stanford study: They further state that “To this day, we have disclosed 0 bytes of user data to third parties, including governments.”
Part of what makes this so concerning is that a lot of Telegram is public. Similar to e.g. Twitter. So it’s not the same as peer2peer communications.
Re:
Yeah, no! There isn’t. Which actually makes me wonder, what is the EU law around NCMEC.
That’s a big yes as to the “questions and answers” bit. Whatever they are doing, they’re hedging with the inability to name any specific charges, even for now, without an end to all investgations. But they certainly can claim “He could be sentenced up to 20 years in prison,” as if they are working backward from what they want, and can gin up charges later. And in most of the somewhat-reasonable world, you need some articulable charge in order to arrest someone at all.
So why not say what the current, concrete charges are, under which laws?
Think of the children...
They will all be safer today!
This comment has been flagged by the community. Click here to show it.
Re:
ok troll account
I hope whenever the procedures are done, we’ll have a clearer look at what exactly this is all about. Because right now it really looks like it could be both for good and bad reasons. (With plenty, sometimes conflicting evidence to both)
The question then becomes. If you offer any web service are you required to then have dedicated staff to go through all the legal hoops in every country.
If telegram ip banned France would they still have legal liability?
The problem with what France is doing is that even if it’s for good reasons it will push us towards a system where a minority of countries control content on the internet and only the largest and well funded platforms can exist.
What this sounds like to me is a negotiating tactic. “It’d be a terrible shame if something happened to your CEO if you didn’t backdoor your app for us. Even though most of the messages aren’t even encrypted. And even though we could get them from the phones of the people sending them.
Re:
Rumble CEO Chris Pavlovski has announced that he has fled Europe, and has been threatened by France in the past. It sounds like you’re spot on.
Re: Re:
France sure has a big issue with tech CEOs, huh.
Re:
Re: Re:
Is Signal also bad? Saying that there is a possibility that “Telegram was actively supporting Wagner troops” is substantiated at best. Telegram is a platform. Having private chats there, even if you have an option to read the messages on server it might be no easy task to just say that some of the group chats (of which there are millions) are from Wagner’s goons? Or linked to CSAM? One has to either scan literally everything, or employ some kind of an algorithm for this. And don’t really know what exactly is visible on the Telegram servers if anything.
Signal and WhatsApp currently boast e2e by default. Are they also supporting CSAM and terrorist? How can one be sure at all?
Re: Re: Re:
This is so incoherent that it’s difficult to even figure out what you’re attempting to say, let alone respond to it. But Signal et.al. are clearly irrelevant: we’re talking about Telegram right now, please try to focus.
I’m going to ignore most of what you said, except to point out that “scanning millions of messages” is not a difficult problem. Furthermore, it’s not a problem that necessarily needs to be addressed, because traffic analysis will reveal who’s communicating with who, and thus what subset of messages are actually of interest for any particular investigation (e.g. money laundering, CSAM, etc.) Let me note in passing that large financial institutions do this all day every day: they monitor incoming/outgoing traffic for security, privacy, regulatory, and legal violations, and part of that monitoring involves figuring out who’s talking to who and whether or not they should be. So let’s not pretend that Telegram couldn’t do this: one engineer working on their own could manage most of it.
Re: Re: Re:2
I don’t even know how to approach that as a said engineer. Yes, it is possible to implement scanning, but it is not as easy as you suggest. Large financial institutions are indeed large and can allocate significant resources. Telegram has only recently started implementing monetization techniques, and no, they wouldn’t have the resources to implement either manual or AI-supported automated scanning without significant budgets, while simultaneously adhering to data privacy laws. As someone also involved in the development of secure architectures to be adherent to ISO 27001 and SOC 2, I can’t fathom any easy way to do so.
I do see the possibility of replying to every request from law offices substantiated with a court order and specified targets for the search. However, I feel very uneasy even allowing the thought of my personal chats with my wife being scanned.
I apologize for rambling and never intended to shift the focus to Signal. I was simply curious about how protected other messengers are — the ones that have already forfeited any possibility of scanning users’ messages by implementing end-to-end encryption. Aren’t they proactively complicit? Yet, currently, only Telegram is under the spotlight.
Why do I het the feeling this has something to do with Ukraine…
Re:
Not sure. If you think of a reason, get back to us.
Are the charges a pretense?
Perhaps, but some are saying it’s because Durov’s maintaining close ties to Russian officials, and perhaps working with the FSB. Also that the Russian army depends on Telegram for a lot of communications, Wagner included.
If France has this list and is staying tight-lipped about it, while mentioning an investigation, this could be why, especially as it seems French forces have been fighting Wagner in Africa. That’s not exactly textbook, but “aiding and abetting” an enemy of France while being a French citizen is not an unreasonable reason to arrest and investigate him. It’s also not the sort of thing they’d want bandied about in the press, not without better supporting evidence.
Perhaps this is wrong, but we can’t simply assume it isn’t without proving he wasn’t meeting with Russian officials prior to this, as at least one claim goes.
Jumping to Conclusions leaves you stranded there, and the only way back is to swim through the Sea of Knowledge. People are mostly too embarrassed to do it, though.
Re:
so the real reason is becuase there the enemy of france?
Re: Re:
But France left. And also we don’t see this a a “charge” they’ve bothered to mention. (They don’t seem to have mentioned any formal charges under specific laws.)
Re:
“but “aiding and abetting” an enemy of France while being a French citizen is not an unreasonable reason to arrest and investigate him.”
Which is dodgy in itself – France is not openly at war with Russia, merely sanctioning it and its forces are fighting a semi-official Russian mercenary group in the parts of Africa that France used to possess and still attempts to run, through the back-door of course. So there’s not a lot of traction in that charge/interpretation.
This comment has been flagged by the community. Click here to show it.
Amazing how this site is will to defend a Russian child porn trafficker. Wow.
This comment has been flagged by the community. Click here to show it.
Re:
*willing
Re: Re:
Taps envelope to hat What is the thing none of your sexual partners were?
Re: Re: Re:
Adults?
Re:
Jealous that no one will talk to, much less defend you bruh?
Re:
When did you stop beating your wife?