Slashdot Mirror
Telegram Loses Supreme Court Appeal In Russia, Must Hand Over Encryption Keys (bloomberg.com)
Telegram has lost a bid before Russia's Supreme Court to block security services from getting access to users' data, giving President Vladimir Putin a victory in his effort to keep tabs on electronic communications. Bloomberg reports: Supreme Court Judge Alla Nazarova on Tuesday rejected Telegram's appeal against the Federal Security Service, the successor to the KGB spy agency which last year asked the company to share its encryption keys. Telegram declined to comply and was hit with a fine of $14,000. Communications regulator Roskomnadzor said Telegram now has 15 days to provide the encryption keys. Telegram, which is in the middle of an initial coin offering of as much as $2.55 billion, plans to appeal the ruling in a process that may last into the summer, according to the company's lawyer, Ramil Akhmetgaliev. Any decision to block the service would require a separate court ruling, the lawyer said.
Putin signed laws in 2016 on fighting terrorism, which included a requirement for messaging services to provide the authorities with means to decrypt user correspondence. Telegram challenged an auxiliary order by the Federal Security Service, claiming that the procedure doesn't involve a court order and breaches constitutional rights for privacy, according to documents. The security agency, known as the FSB, argued in court that obtaining the encryption keys doesn't violate users' privacy because the keys by themselves aren't considered information of restricted access. Collecting data on particular suspects using the encryption would still require a court order, the agency said.
Putin signed laws in 2016 on fighting terrorism, which included a requirement for messaging services to provide the authorities with means to decrypt user correspondence. Telegram challenged an auxiliary order by the Federal Security Service, claiming that the procedure doesn't involve a court order and breaches constitutional rights for privacy, according to documents. The security agency, known as the FSB, argued in court that obtaining the encryption keys doesn't violate users' privacy because the keys by themselves aren't considered information of restricted access. Collecting data on particular suspects using the encryption would still require a court order, the agency said.
If I had any friends, and used Telegram, and lived in Russia, I would be frightened. Since I have no friends, only use SMS, and live in the USA, I already gave up any pretense of privacy.
Telegram has been launched by brothers Durov's, Nikolai and Pavel. They previously launched Russian FB equivalent VK, which was "socialized" by the owners that are supporters of Putin. As a response, secure and private Telegram has been launched. So, they lost a case in Russia, and now privacy is compromised. I have to make a bet that their next product will be the developement of decentralized communication protocols that cant be subpoenaed or litigated. Such protocols already exist, albeit not yet well scalable. However, at the very moment brothers Durovs are putting the company for IPO, and it will be interesting to see how will they handle the situation.
on his election 'victory'. I don't like McCain, but at least he called Trump out on it.
It genuinely frightens me that we're so quick to support dictatorships. Everybody's looking the other way because they want Russia's gas & oil. Then again I've got to drive to work every day the same as everybody else...
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
This is why perfect forward secrecy is needed in secure messaging apps. There's no reason the service provider should be able to hand over keys that can be used to decrypt users' messages. A properly designed secure messaging app would make this impossible. The protocols to implement this are not difficult.
If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
All this is doing is pushing for better crypto and security.
I heard Putin meddled in their election. I believe 76% like I believe 239 lbs.
He's getting rather old, but he's a good mouse.
Most (all?) commercial messengers have a problem of being centralized. Block a few servers and the messenger is dead. Compare Telegram or Whatapp to generic email. A dictator can easily block messengers, but can't block email in general. It can block can block say Gmail or Yahoo mail but blocking individual email servers is much harder. Messengers need to move to the same model. We need something like https://github.com/tinode/chat to run our own servers. We need 1000s of telegrams and whatsapps running a distributed federated messaging network.
To say Signal is equal to default Telegram is ridiculous. Telegram uses a master key by default; Signal uses ephemeral keys and forward secrecy.
Saying that it is not secure because it "passes through their servers" is like saying Tor isn't secure because it passes through someone's servers. Everything passes through someone's servers; that's how the internet works. The point of having FOSS in your client and encryption protocol is so that it doesn't matter that it's passing through someone else's servers.
You are confusing encryption/security with centralization/federation; they are NOT the same thing.
Everyone should use Signal.