Russian Court Says Telegram Must Hand Over Encryption Keys To State Intelligence Service

from the maybe-don't-hold-onto-all-of-the-keys-in-the-first-place dept

Here's an idea for the FBI, gift-wrapped and signed "From Russia, With Love."

Telegram, the encrypted messaging app that’s prized by those seeking privacy, lost a bid before Russia’s Supreme Court to block security services from getting access to users’ data, giving President Vladimir Putin a victory in his effort to keep tabs on electronic communications.

Supreme Court Judge Alla Nazarova on Tuesday rejected Telegram’s appeal against the Federal Security Service, the successor to the KGB spy agency which last year asked the company to share its encryption keys. Telegram declined to comply and was hit with a fine of $14,000. Communications regulator Roskomnadzor said Telegram now has 15 days to provide the encryption keys.

Who needs backdoors when messaging services are willing to keep their customers' front doors keys on hand for you? Sure, Telegram doesn't want to turn these over to the FSB, but its decision to hold onto encryption keys means they're available to be had. Telegram is appealing this decision, so customers' keys are safe for now, but there's zero chance the FSB is going to back down.

The FSB has also provided a ridiculous argument for the FBI to use when demanding companies retain keys for easy law enforcement access. According to the FSB's interpretation of the Russian constitution, no privacy violations occur when the government obtains citizens' encryption keys.

The security agency, known as the FSB, argued in court that obtaining the encryption keys doesn’t violate users’ privacy because the keys by themselves aren’t considered information of restricted access.

Clever. The keys are not restricted info. Everything accessible with the keys is. This isn't completely unlike judicial assertions that passwords are not evidence, even if relinquishing them then gives the government access to plenty of evidence. In this case, the FSB is collecting the keys to everyone's houses and promising not to open them up and take a look around whenever it feels the urge. The best way to protect users' privacy is to not hold the keys. The second best way is to take your business elsewhere (but in reverse, I guess) when local governments claim the only way you can do business locally is by placing users' communications directly in the government's hands.

If Telegram is forced to hand the keys over, it will be the last communications company in Russia to do so. All others have "registered" with the state communications agency, putting their users' communications directly in the Russian government's hands. If Telegram decides to pull out of the market, it will leave behind nearly 10 million users. Many of those will probably end up utilizing services the FSB has already tapped. Others may go overseas for uncompromised messaging services. But in the end, the FSB will get what it wants.

As for Telegram, it's facing a tough choice. With an initial coin offering in the works, it may not be willing to shed 10 million users and risk lowering its value. On the other hand, it may find standing up for 10 million users isn't something that matters to investors. Unfortunately, pushing back against the FSB on behalf of its users still may result in the loss of several million users once the Russian high court reaches its expected decision several months down the road. It still has the option of moving its operations out of the reach of the Russian government while still offering its services to Russian citizens. This may be the choice it has to make if it wants its millions of Russian users to avoid being stuck with compromised accounts.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Ninja (profile), 21 Mar 2018 @ 12:58pm

    There's Signal as well. As for the "idea for the FBI" part, the US is well seasoned already. Remember Lavabit?

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Mar 2018 @ 1:29pm

      Re:

      looks like they are starting back up.


      the best way for a business to keep their stuff secure is to stop making keys and only make the locks.

      let the device users make the keys!

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 21 Mar 2018 @ 1:36pm

        Re: Re:

        Exactly, because if anybody other than the communicating parties have the keys, the system is de-facto compromised.

        reply to this | link to this | view in chronology ]

  • identicon
    Jordan, 21 Mar 2018 @ 1:28pm

    Just say no

    Just say no, what are they gonna do about it?

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Mar 2018 @ 1:30pm

      Re: Just say no

      knowing Russia, put a hit out on you.

      reply to this | link to this | view in chronology ]

      • icon
        Ninja (profile), 21 Mar 2018 @ 1:46pm

        Re: Re: Just say no

        Nerve agent or radioactive stuff? Polonium was it?

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 21 Mar 2018 @ 1:56pm

          Re: Re: Re: Just say no

          At least its more selective than a hellfire missile; but why do presidents think that ordering executions is acceptable if they do it, but wrong if another president does it.

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 21 Mar 2018 @ 2:00pm

            Re: Re: Re: Re: Just say no

            hypocrisy is a nasty thing...

            okay when you do it... just bad when others do.

            reply to this | link to this | view in chronology ]

            • identicon
              Anonymous Coward, 21 Mar 2018 @ 2:14pm

              Re: Re: Re: Re: Re: Just say no

              Let's not forget that Israel literally wrote the book on political assassinations. It seems that just about everyone who ever got on the wrong side of that tiny country ended up dying a mysterious death -- if not a very violent and bloody one.

              reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Mar 2018 @ 1:52pm

    Step 1) Grab the keys
    Step 2) Encrypt the keys
    Step 3) Grab 1 Bazillion additional unrelated keys
    Step 4) Encrypt the Bazillion keys with the original keys
    Step 5) Zip the entire file
    Step 6) Encrypt the Zip file
    Step 7) Print the file
    Step 8) Snail Mail
    Step 9) Middle finger??

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Mar 2018 @ 2:07pm

    It's rather depressing to see a major country like Russia, after many years of trying to establish a western-style liberal democracy, slowly reverting back to Soviet-style totalitarianism, while drifting away the US and Europe and becoming close allies (both militarily and ideologically) to the uber-repressive State of China.

    Even worse is the thought that US "deep state" has almost exactly the same goals of destroying privacy and usurping extra-constitutional powers.

    reply to this | link to this | view in chronology ]

    • icon
      Richard (profile), 22 Mar 2018 @ 4:22am

      Re:

      It's rather depressing to see a major country like Russia, after many years of trying to establish a western-style liberal democracy, slowly reverting back to Soviet-style totalitarianism

      To which you could add "driven in that direction by Western Politicians who actually prefer having Russia as an enemy."

      The fact is that during the Soviet era the west cultivated any group within the eastern bloc that was anti-soviet. They never enquired as to whether the group was actually anti-communist or really just anti-Russian.

      When the cold war ended they continued to support those groups, when rationally they should have re-assessed and been even handed between Russia and its historic (pre 20th century) enemies.

      What they actually did was absolutely guranteed to produce the result that we see.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Mar 2018 @ 2:17pm

    FBI did this 4 years ago

    Here's an idea for the FBI, gift-wrapped and signed "From Russia, With Love."

    Um... this is literally an idea from the FBI. They demanded the master key for Lavabit just to get at Snowden. Unlike Russia, they made the very unamerican move of going to a secret court and denying Levison his freedom of speech.

    reply to this | link to this | view in chronology ]

  • identicon
    Baron von Robber, 21 Mar 2018 @ 2:25pm

    Send them a hard copy.

    "Ok here's the key"

    00OO000OOBB8BB8BB8I11I111III ect in Arial

    reply to this | link to this | view in chronology ]

  • identicon
    Coward Anonymous, 21 Mar 2018 @ 2:39pm

    Meh...

    One way or another, the FSB will obtain those keys. The power serfs think they have over their governments is an illusion and always has been. The powers that be will eventually get whatever it is they desire, in the end.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Mar 2018 @ 2:55pm

    best that Telegraph closes down in Russia, like Google did in Spain, but hope then that other countries dont follow what Russia is doing. although, in all honesty, every government in the world is doing the same thing. they are al so corrupt, they cant bear the thought that the people they are supposed to represent have any idea of what the 2 faced fuckers are up to, while, in reverse, every government wants to know every single thing about everybody!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Mar 2018 @ 4:37pm

    This kind of highlights the encryption back door issue. If such a door existed in encryption like the US Government seems to want, then it's only a matter of time until a foreign power like Russia demands the key and suddenly your entire system is compromised.

    Because if GOOD guys can get it, then BAD guy scan get it.

    reply to this | link to this | view in chronology ]

    • icon
      Richard (profile), 22 Mar 2018 @ 4:25am

      Re:

      Because if GOOD guys can get it, then BAD guys can get it.

      You mean:

      Because if our BAD guys can get it, then other peoples BAD guys can get it.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 22 Mar 2018 @ 5:06am

      Re:

      it isn't us that need convincing, it's the selfish fuckers in charge of the likes of FBI,CIA HS etc! trouble is, they only see what they want, are completely ignoring the consequences and are extremely good at passing the blame when their little escapades go right down the Swanee!!

      reply to this | link to this | view in chronology ]

    • icon
      BernardoVerda (profile), 22 Mar 2018 @ 10:54pm

      Re:

      Perhaps it's not foreign governments that really concern them?

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Mar 2018 @ 7:05pm

    This wouldn't be a problem if there was a backdoor like the FBI demanded. Then the company wouldn't have to hand over an encryption key.

    reply to this | link to this | view in chronology ]

  • icon
    lars626 (profile), 21 Mar 2018 @ 8:37pm

    the Question

    Do the keys in question apply only to Russian users as a group, are there 10 million keys, or is it one set of keys for all users regardless of location?

    reply to this | link to this | view in chronology ]

  • icon
    Not an Electronic Rodent (profile), 22 Mar 2018 @ 6:37am

    But...

    The security agency, known as the FSB, argued in court that obtaining the encryption keys doesn’t violate users’ privacy because the keys by themselves aren’t considered information of restricted access.

    Yeah, but that argument only works where the judges have been specifically chosen to agree with an authoritarian government and will ignore the rights and needs of the population at large and twist arguments to support the dictatorial desires of the government in its perceived need for total surveillance of its populace, whereas in America... Oh, wait... Never mind.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.