Slashdot Mirror

← Back to Stories (view on slashdot.org)

Telegram Loses Supreme Court Appeal In Russia, Must Hand Over Encryption Keys (bloomberg.com)

Posted by BeauHD on from the cough-it-up dept.

Telegram has lost a bid before Russia's Supreme Court to block security services from getting access to users' data, giving President Vladimir Putin a victory in his effort to keep tabs on electronic communications. Bloomberg reports: Supreme Court Judge Alla Nazarova on Tuesday rejected Telegram's appeal against the Federal Security Service, the successor to the KGB spy agency which last year asked the company to share its encryption keys. Telegram declined to comply and was hit with a fine of $14,000. Communications regulator Roskomnadzor said Telegram now has 15 days to provide the encryption keys. Telegram, which is in the middle of an initial coin offering of as much as $2.55 billion, plans to appeal the ruling in a process that may last into the summer, according to the company's lawyer, Ramil Akhmetgaliev. Any decision to block the service would require a separate court ruling, the lawyer said.

Putin signed laws in 2016 on fighting terrorism, which included a requirement for messaging services to provide the authorities with means to decrypt user correspondence. Telegram challenged an auxiliary order by the Federal Security Service, claiming that the procedure doesn't involve a court order and breaches constitutional rights for privacy, according to documents. The security agency, known as the FSB, argued in court that obtaining the encryption keys doesn't violate users' privacy because the keys by themselves aren't considered information of restricted access. Collecting data on particular suspects using the encryption would still require a court order, the agency said.

26 of 217 comments (clear)

  1. This is chilling... by ChodaBoyUSA · · Score: 5, Insightful

    If I had any friends, and used Telegram, and lived in Russia, I would be frightened. Since I have no friends, only use SMS, and live in the USA, I already gave up any pretense of privacy.

    1. Re:This is chilling... by another_twilight · · Score: 2

      You still have to worry, even outside of Russia.

      How long until Telegram users start to receive messages offering _not_ to expose the messages they thought were private to their [boss/partner/police] in exchange for a small sum? Don't have those sorts of message? For only as little extra you do, now.

    2. Re:This is chilling... by rtb61 · · Score: 2

      So you trust a private for profit corporation, with it's for profit executive team and the cheapest staff they can possibly find, more than the Russia government, kinda of foolish don't you think. At least you sort of know where you stand with the Russian government, although the world has never experienced a technocracy before and it should be interesting (democratic among the technocrats, not quite so democratic for the rest, Putin and Co created it, most of the corruption was in local government and less so in state government, the Russian Federal Government was turned into a Technocracy). So what will happen the US kelptocracy vs the Russian technocracy ie short sighted greed vs short, medium and long term thinking, monopoly players vs chess masters.

      I think the Russia government is on a bit of crypto hunt because of spy vs spy types and organised crime using it, hence touch crypto and they will be looking into you, the more you touch it the deeper they will look.

      Social media needs to be looked at in a new way, it should never be treated as real but only as a game, fun. Make believes identities, behaviours, politics, sure you can still do social stuff with it but it should all have air of illusion, fun and fantasy, taking seriously is proving to be an extremely bad idea. Simply too many mentally ill equiped people to handle a fake true social media, mixing lies with truth in chaotic fashion, their minds are ill equipped for it. Social media needs to be denatured of it's seriousness, of it relativity, when it is all a lie, it is less harmful, as all content can be safely, mocked, derided and ridiculed all in an atmosphere of fun hyperbole, all social media should be https://www.theonion.com/. With a warning on every social media sight by law, 'IF YOU TAKE THIS SERIOUSLY YOU ARE A BLOODY IDIOT'(shh, there is a trap in there ;D).

      --
      Chaos - everything, everywhere, everywhen
  2. Next Step by SPopulisQR · · Score: 5, Informative

    Telegram has been launched by brothers Durov's, Nikolai and Pavel. They previously launched Russian FB equivalent VK, which was "socialized" by the owners that are supporters of Putin. As a response, secure and private Telegram has been launched. So, they lost a case in Russia, and now privacy is compromised. I have to make a bet that their next product will be the developement of decentralized communication protocols that cant be subpoenaed or litigated. Such protocols already exist, albeit not yet well scalable. However, at the very moment brothers Durovs are putting the company for IPO, and it will be interesting to see how will they handle the situation.

  3. Our president just congratulated Putin by rsilvergun · · Score: 4, Interesting

    on his election 'victory'. I don't like McCain, but at least he called Trump out on it.

    It genuinely frightens me that we're so quick to support dictatorships. Everybody's looking the other way because they want Russia's gas & oil. Then again I've got to drive to work every day the same as everybody else...

    --
    Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
    1. Re:Our president just congratulated Putin by greenwow · · Score: 2

      "President Barack Obama has now officially endorsed..."

      But you know that isn't the same. You're being disingenuous.

    2. Re:Our president just congratulated Putin by hraponssi · · Score: 2

      It genuinely frightens me that we're so quick to support dictatorships....

      Yes #metoo. You guys voted in Trump. And you seem to have given your president the power to kick out everyone in his government that disagrees with him or his views, and replace them with others more to his liking.

      In most western countries, if the prime minister/president/supreme overlord would kick out ministers and other people in the government because he does not like their opinions, or they disagree with him, or whatever, and nominate his pals instead, iterate until happy, well people might say that looks a lot like dictatorship.

    3. Re:Our president just congratulated Putin by dnaumov · · Score: 3, Interesting

      Where was your outrage when Obama did the exact same thing?

    4. Re: Our president just congratulated Putin by serviscope_minor · · Score: 2

      You think the US got involved in Guatamala because of fruit?

      https://en.wikipedia.org/wiki/...

      --
      SJW n. One who posts facts.
    5. Re:Our president just congratulated Putin by dunkelfalke · · Score: 2

      The election was obviously rigged, just as the previous one. There are enough videos that show it.
      There is no doubt that Putin would have won the election either way, but the real numbers wouldn't be nearly as impressive.

      There is actually a Russian meme about election rigging, called "146%", which was the voter turnout for the Rostov region for the 2011 parliament elections. A few other regions also had their voter turnout higher than 100%.

      --
      "It's such a fine line between stupid and clever" -- David St. Hubbins, Spinal Tap
    6. Re:Our president just congratulated Putin by Lordpidey · · Score: 3, Insightful

      When my doctor removed that girl's kidney, it was surgery. When I went ahead and removed her kidney, it was murder.

      --
      Some people encrypt by using rot-13 twice. I prefer the more secure method of using rot-1 a total of twenty six times.
  4. This is why perfect forward secrecy is needed by BitterOak · · Score: 5, Insightful

    This is why perfect forward secrecy is needed in secure messaging apps. There's no reason the service provider should be able to hand over keys that can be used to decrypt users' messages. A properly designed secure messaging app would make this impossible. The protocols to implement this are not difficult.

    --
    If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
    1. Re:This is why perfect forward secrecy is needed by Tyrannosaur · · Score: 5, Informative

      Signal has had perfect forward secrecy since at least 2013 https://signal.org/blog/asynch...
      https://en.m.wikipedia.org/wik...
      Given that WhatsApp uses the same signal protocol as signal itself, I would expect it to have perfect forward secrecy as well. But being owned by facebook, I don't trust WhatsApp anyway.

    2. Re:This is why perfect forward secrecy is needed by andydread · · Score: 3, Interesting

      erm...Signal...ever heard of it?

    3. Re:This is why perfect forward secrecy is needed by war4peace · · Score: 2

      GP's reasons are exactly why I haven't heard of it.

      --
      ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
  5. Re:Assumed immunity by nnull · · Score: 4, Interesting

    All this is doing is pushing for better crypto and security.

  6. Step forward and read the lines -- in English by Provocateur · · Score: 2

    Hand me the keys, you F**king c**ksucker

    --
    WARNING: Smartphones have side effects--most of them undocumented.
  7. Obviously by argumentsockpuppet · · Score: 2

    That's what I'm thinking. The FBI makes this big show of going to court in an effort to secure the right to do what? Get access to Apple's key? No, to try to force Apple to build decryption tools. The FBI said it could ask for Apple's signing key... but they didn't. Obviously they already have that? Why would you assume Apple can keep their key secret from agencies that can put insane pressure on any employee they decide to?

    No. Assume that all the three letter agencies already have the keys, they just don't want the public to know that. Poor show Russia, that's not how you misdirect the public.

  8. Re:Wow by gnick · · Score: 4, Insightful

    I heard Putin meddled in their election. I believe 76% like I believe 239 lbs.

    --
    He's getting rather old, but he's a good mouse.
  9. Telegram wasn't properly secure anyway. by Anonymous Coward · · Score: 2, Interesting

    Telegram is not secure by default, but requires you to start a secure chat separately. Which requires both users to be online and enable it at the same time. Something that I never got going with anyone. So it was already pretty useless, as compared to Signal.
    Also, its own custom security protocol was more than a little sketchy to me. I don't trust any random person to get security properly right. There are far too many caveats for me to trust somebody with their custom solution. It would have to be proper experts, and audited by other proper experts too.

    Don't get me wrong, I like Telegram due to the amount of features it has.
    But I'd rather wish they would integrate those features into Signal (Usage optional, of course.), and use their servers merely as an alternative to Google's push service. (I'd even pay for my share of the server costs, as long as it's non-profit.)

    1. Re: Telegram wasn't properly secure anyway. by Anonymous Coward · · Score: 2, Insightful

      Signal is no more secure.

      Still passes through their servers, controlled by them, single point of failure, single target to ddos, single target to take hack and inject mitm.

      We need decentralization. It's actually quite easy to do with cryptographic whitelists, and offline methods for keysharing.

      Been working on my own solution to this problem over the past year or so.

    2. Re: Telegram wasn't properly secure anyway. by war4peace · · Score: 3, Funny

      Blockchain! Blockchain! Blockchain!

      --
      ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
  10. Distributed messengers is the way to go by jdoeii · · Score: 4, Insightful

    Most (all?) commercial messengers have a problem of being centralized. Block a few servers and the messenger is dead. Compare Telegram or Whatapp to generic email. A dictator can easily block messengers, but can't block email in general. It can block can block say Gmail or Yahoo mail but blocking individual email servers is much harder. Messengers need to move to the same model. We need something like https://github.com/tinode/chat to run our own servers. We need 1000s of telegrams and whatsapps running a distributed federated messaging network.

  11. Wrong. Signal is the gold standard by Anonymous Coward · · Score: 5, Insightful

    To say Signal is equal to default Telegram is ridiculous. Telegram uses a master key by default; Signal uses ephemeral keys and forward secrecy.

    Saying that it is not secure because it "passes through their servers" is like saying Tor isn't secure because it passes through someone's servers. Everything passes through someone's servers; that's how the internet works. The point of having FOSS in your client and encryption protocol is so that it doesn't matter that it's passing through someone else's servers.

    You are confusing encryption/security with centralization/federation; they are NOT the same thing.

    Everyone should use Signal.

    1. Re:Wrong. Signal is the gold standard by mwvdlee · · Score: 4, Funny

      Yeah, all those socalled "hops" are just a hoax put forth by conspiring internet providers.

      --
      Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
  12. can they now crack all messages way back? by hraponssi · · Score: 3, Interesting

    So assuming the Russians are like the NSA and have recorded much of the traffic for the past few years. How would that go for everyone who discussed Putin and his friends in the past over Telegram "secure" chat? How does Telegram handle the keys, can Putin and friends now just go and get the keys for all the past conversations and send in some accidents to everyone who disagrees with anything?