Telegram. White Hat or Black Hat Actor
Governments don't like the encrypted messaging service. Are they correct?
Pavel Durov arrested! headlines screamed after the Telegram founder’s arrest in France. He was given almost $6 million dollars bail and told to stay in France. His crime was allowing criminals to conspire on his platform with no way for law enforcement to intercede. His charges accuse him of “complicity in managing an online platform to allow illicit transactions by an organized group”. The story quickly got cold though.
The arrest of Durov and questions about encryption are significant issues that touch us all. One wonders why it got stale so quickly.
Some background – Telegram is a social media and messaging platform that uses end to end encryption so that the content of messages is essentially impossible to intercept. Durov started Telegram in 2015 after his Russian messaging service was taken over by Putin’s government. The issue of concern with Telegram is that the company itself is not able to de-encrypt the messages it platforms and therefore cannot give content to governments.
Telegram is also hosted in Dubai and the British Virgin Islands, making subpoena and search warrant processing a near impossibility. Telegram will only give IP and phone number data to law enforcement, and only in terrorism cases. Nothing else as far as we know.
There are several other platforms that provide similar services using end to end encryption. Signal, WhatsApp, Briar, and Session to name a few. All are opaque to both law enforcement and hackers.
And that is the issue. Law enforcement can’t get your data, but neither can hackers, or even company employees.
So, what is more important, safety or privacy? There is no black and white right answer.
In my time investigating financial crime, encryption went from something I never heard of, to a ubiquitous problem facing most of our cases. As you can imagine, encrypted files, phones, and messages make investigations difficult.
The point where we felt this impact the most was in our Title 3 cases – wiretaps. We would always have one or two wire cases up and running. They were our biggest and most successful cases, manpower intensive, a lot of work, but a big payoff at the end when we could take down an entire organization in one fell swoop.
Slowly at first, and then with increased concern, we noticed that we were not getting great information from phone calls on our wire cases. Text messages were less frequent and less probative. Perps were moving to 3rd party apps to share incriminating messages. There was some mitigation, but in the end the value of wiretaps was diminishing. The introduction of full end to end encryption ended any chance of getting information for our cases from those perps smart and disciplined enough to use them.
The last two wires that I supervised were not worth the effort. One could be called a limited success. The other was an abject failure (partially also due to Cuomo’s criminal justice reform). It was a mistake on my part, I should have seen that coming. Tech savvy financial crime perps just weren’t on the phones enough to make a case.
And here lies the issue with Telegram and the arrest of Pavel Durov. Criminals use Telegram to further their crimes. It’s obviously not only financial and cybercrime perps. Pedophiles, drug dealers, and terrorists conspire via Telegram.
Where does privacy end and criminal facilitation begin? As a cop who dealt with this issue to great frustration, I wish I could side with the French government and stop this end to end encryption. But I can’t. Privacy today is a diminishing comfort. It must be protected.
Here in the United States, we have legitimate privacy concerns from our own government. The FBI has routinely opened mail and initiated illegal wiretaps throughout most of its existence. The US government has admitted to purchasing data from tech companies that they would otherwise need a search warrant or subpoena for. For example, the FBI and NSA was purchasing geo-location data on Americans from social media companies. FISA court lies and misdeeds appear frequent (certainly when it comes to Donald Trump). The Biden Administration seems to have no concern with civil liberties as they restricted speech and covered up illegal investigations. End to end encryption defeats government misconduct and overreach.
This alone may not be strong enough argument to allow criminals and terrorists carte blanche on communication. The basic privacy from hackers is something that at this point can only be mitigated with encryption. It is critical for a free society to be able to speak freely amongst each other without the risk of all conversations being made public. Exchanging thoughts and ideas without risk of eavesdropping is critical for a growing culture.
Let’s take a look at some recent examples of hacks that affect us all. In July, AT&T Wireless announced that all call and text logs were hacked for a six-month period in 2023. If you use or interacted with someone that uses AT&T for phone service, your call and text records are out there in the hands of a hacker. In 2018 it was revealed that Facebook data was collected by Cambridge Analytica and used to manipulate political opinions.
A few years ago, SIM swapping became a significant problem for phone customers. Perps were getting your phone number on another device with another carrier. The actual content of any messages or calls that you received could be read by the perp with your “cloned” phone.
Telegram and the other end to end encrypted platforms are not perfect. Anything can be hacked. But the likelihood of someone reading your messages with these privacy conscious apps is reduced. If governments require these companies to introduce a “backdoor” for them to get message content, there is no doubt that hackers will use that same “backdoor” to access data.
And that is a scary proposition. Can you imagine learning that your digital communications were being intercepted? Not exactly a comforting thought. Opinions, complaints, and ideas would be stifled. That is no way to live in a free society.
As difficult as end to end encryption is for law enforcement to overcome, it may be necessary at this point in technology. We should allow it until a better system is devised by people smarter than us. Like Pavel Durov.
Thanks for reading The Ops Desk. Stay Safe!
Privacy trumps security all day, anyday. The day that governments were allowed to monitor banking transactions, let alone require banks to report transactions, was dark day for freedom. No longer do LEOs investigate crimes. Rather, they investigate people in hopes to find a crime.