Days on from his arrest at Paris Le Bourget airport last Saturday, it looks as if Telegram founder and CEO Pavel Durov will be spending more time in France than he bargained for.
On Wednesday, French prosecutors formally charged Durov with being complicit in allowing the Telegram platform to be used for wide-ranging internet criminality.
As trailed in the arrest announcement, the charges include organized crime, drug crime, fraud, and the distribution of child abuse imagery.
But what could turn out to be the most significant charge of all is that Durov failed to cooperate with the authorities investigating this criminal activity on Telegram when requested to do so.
The authorities have yet to document which specific requests were made and allegedly ignored. That will emerge in time.
French authorities began a preliminary inquiry in February, with the investigation taking a more serious turn in early July.
Presumably last weekend Durov thought he was landing in France for a few days. That now looks as if it could be months at least.
Although released from custody, Durov was required to post bail of €5 million ($5.5 million) and told to remain in France and to report to a police station twice per week.
The end of impunity?
Pavel Durov is not a household name in the way that Elon Musk is. Nevertheless, his arrest is a significant moment for this part of the tech industry. Clearly, something has changed.
Hitherto, the assumption has been that if a messaging platform is used for criminality this is simply a reflection of the way all platforms are abused by somebody.
It seems that some police, prosecutors and governments have grown weary of this regime, which has been the status quo since the early days of the commercial Internet.
So why pick on Telegram when other messaging platforms are also abused by criminals? The answer probably has to do with what Telegram is and the way the company operates.
Uniquely, Telegram is part messaging platform in the mode of WhatsApp and part a social network which can be used to broadcast via both public and private groups.
This unusual dual nature, combined with the company’s modus operandi of refusing to bend to the will of governments (including, in the past, Durov’s native Russia) has allowed it to build a reputation as a bit of a wild west.
On Telegram, it can seem as if anything goes, including politically extremist content that might be more easily detected and taken down if it were published elsewhere.
Importantly, with its development based in Dubai and St Petersburg, Telegram isn’t an American company. For prosecutors, both inside and outside of the US, that has become an issue.
Should the authorities want to grab metadata such as the IP address of a specific user on a social media, messaging or email platform, companies registered in the US and many other countries are required by law to comply with that request. That covers companies such as Meta, X, Google, Apple and Microsoft.
The French charges allege that Telegram, in contrast, hasn’t been cooperating with similar requests sent to Dubai. If that reflects Durov’s outlook, it has turned out to be a misjudgement.
Telegram, je t’aime
Ironically, Telegram is also used by some of the people who now find themselves caught in the middle of the political storm surrounding Durov’s arrest.
That includes the President of France, Emmanuel Macron, and some of his cabinet members, all of whom are enthusiastic Telegram users according to a report from Politico.
To anyone who understands how Telegram security works, this will come as a surprise. Unlike end-to-end-encrypted apps such as WhatsApp and Signal, by default Telegram uses server-side encryption.
In theory, that means that Telegram could decrypt messages sent over the platform if it wants to, including any politically sensitive ones sent by Macron and his colleagues, as the creator of the Signal E2EE app Moxie Marlinspike pointed out on Twitter. “With one query, the Russian Telegram team can get every message the French president has ever sent or received to his contacts,” he wrote.
By design, Telegram retains copies of all messages on its servers.
“For the French politicians and cabinet members, it is kind of too late to do anything. Even if they try to delete all their messages now, the Telegram team can just mark the messages as ‘deleted’ so that they no longer display to the user — but not actually delete the data they retain access to,” Marlinspike wrote.