Slashdot Mirror
Telegram Loses Supreme Court Appeal In Russia, Must Hand Over Encryption Keys (bloomberg.com)
Telegram has lost a bid before Russia's Supreme Court to block security services from getting access to users' data, giving President Vladimir Putin a victory in his effort to keep tabs on electronic communications. Bloomberg reports: Supreme Court Judge Alla Nazarova on Tuesday rejected Telegram's appeal against the Federal Security Service, the successor to the KGB spy agency which last year asked the company to share its encryption keys. Telegram declined to comply and was hit with a fine of $14,000. Communications regulator Roskomnadzor said Telegram now has 15 days to provide the encryption keys. Telegram, which is in the middle of an initial coin offering of as much as $2.55 billion, plans to appeal the ruling in a process that may last into the summer, according to the company's lawyer, Ramil Akhmetgaliev. Any decision to block the service would require a separate court ruling, the lawyer said.
Putin signed laws in 2016 on fighting terrorism, which included a requirement for messaging services to provide the authorities with means to decrypt user correspondence. Telegram challenged an auxiliary order by the Federal Security Service, claiming that the procedure doesn't involve a court order and breaches constitutional rights for privacy, according to documents. The security agency, known as the FSB, argued in court that obtaining the encryption keys doesn't violate users' privacy because the keys by themselves aren't considered information of restricted access. Collecting data on particular suspects using the encryption would still require a court order, the agency said.
Putin signed laws in 2016 on fighting terrorism, which included a requirement for messaging services to provide the authorities with means to decrypt user correspondence. Telegram challenged an auxiliary order by the Federal Security Service, claiming that the procedure doesn't involve a court order and breaches constitutional rights for privacy, according to documents. The security agency, known as the FSB, argued in court that obtaining the encryption keys doesn't violate users' privacy because the keys by themselves aren't considered information of restricted access. Collecting data on particular suspects using the encryption would still require a court order, the agency said.
If I had any friends, and used Telegram, and lived in Russia, I would be frightened. Since I have no friends, only use SMS, and live in the USA, I already gave up any pretense of privacy.
Lord Acton almost got it right.
Impunity corrupts, and absolute impunity corrupts absolutely.
This is why perfect forward secrecy is needed in secure messaging apps. There's no reason the service provider should be able to hand over keys that can be used to decrypt users' messages. A properly designed secure messaging app would make this impossible. The protocols to implement this are not difficult.
If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
It won't backfire because anyone who would think about leveraging it against Putin would be found with two self-inflicted bullet wounds to the back of the head.
I heard Putin meddled in their election. I believe 76% like I believe 239 lbs.
He's getting rather old, but he's a good mouse.
Most (all?) commercial messengers have a problem of being centralized. Block a few servers and the messenger is dead. Compare Telegram or Whatapp to generic email. A dictator can easily block messengers, but can't block email in general. It can block can block say Gmail or Yahoo mail but blocking individual email servers is much harder. Messengers need to move to the same model. We need something like https://github.com/tinode/chat to run our own servers. We need 1000s of telegrams and whatsapps running a distributed federated messaging network.
Signal is no more secure.
Still passes through their servers, controlled by them, single point of failure, single target to ddos, single target to take hack and inject mitm.
We need decentralization. It's actually quite easy to do with cryptographic whitelists, and offline methods for keysharing.
Been working on my own solution to this problem over the past year or so.
To say Signal is equal to default Telegram is ridiculous. Telegram uses a master key by default; Signal uses ephemeral keys and forward secrecy.
Saying that it is not secure because it "passes through their servers" is like saying Tor isn't secure because it passes through someone's servers. Everything passes through someone's servers; that's how the internet works. The point of having FOSS in your client and encryption protocol is so that it doesn't matter that it's passing through someone else's servers.
You are confusing encryption/security with centralization/federation; they are NOT the same thing.
Everyone should use Signal.
When my doctor removed that girl's kidney, it was surgery. When I went ahead and removed her kidney, it was murder.
Some people encrypt by using rot-13 twice. I prefer the more secure method of using rot-1 a total of twenty six times.