Image by Kevin Rothrock

By Isaak Webb, for Global Voices Advox

On June 26, Russia’s Federal Security Service announced that the April 3 terrorist attack on the St. Petersburg metro, which left 16 people dead, was coordinated using the messaging app Telegram.

In a press release, the Security Service (FSB) said it had “reliable information about the use of Telegram by the suicide terrorist, his accomplices, and his foreign handler to conceal their criminal intentions at all stages of organizing and preparing the terrorist attack.” The statement echoed similar sentiments from the US and European governments who have pushed for greater control over social media and messaging apps, arguing that they enable perpetrators to communicate and coordinate attacks.

The announcement comes amid a broader effort by the Russian government to force the messaging app company to store users’ chat histories and private encryption keys on Russian soil.

Recent statements from Aleksandr Zharov, the head of Roskomnadzor, the Russian state censor, have signaled that Telegram’s days in Russia may be numbered. On June 23, Zharov accused Russian-born Telegram founder Pavel Durov, who is also the founder of VKontakte, Russia’s most popular social network, of being “neutral with respect to terrorism and crime.”

In the same statement, Zharov said that Telegram had not responded to Roskomnadzor’s request for information necessary to include the app on Russia’s “Registry of Information Disseminators.” The registry was introduced as part of a federal law that requires websites to locally store all Russian users’ metadata (data about the time, place and people involved in communication, but not the content of their messages) and make it accessible to the Russian authorities. Social networks VKontakte, Odnoklassniki, the email client Mail.ru, and dozens more services are on the list.

Last month, the lower house of parliament introduced a bill that would ban anonymity on online messengers and force apps like Telegram to register with the Registry of Information Disseminators, though it has not yet entered into law.

Image of someone trying to extract passwords with a Telegram logo

Telegram has become increasingly popular in Russia and elsewhere, due in part to its safety features, though it cannot guarantee absolute privacy. The American- and British-registered company operates in Berlin and asserts that it has “disclosed 0 bytes of user data to third parties, including governments.” They say that their unique legal and technical structure makes it uniquely difficult for governments to successfully obtain user data:

…we can ensure that no single government or block of like-minded countries can intrude on people’s privacy and freedom of expression. Telegram can be forced to give up data only if an issue is grave and universal enough to pass the scrutiny of several different legal systems around the world.

On June 25, Zharov again put Telegram on notice: “I can’t say that we’re ready and will block Telegram tomorrow, but I’ll repeat that time is limited—it’s being counted in days.”

Telegram founder Pavel Durov responded on VKontakte early this morning, arguing that not only does Roskomnadzor’s demand violate the Russian constitution, but that the decentralized nature of their technical infrastructure makes it impossible for Telegram to hand over its “decryption keys,” which authorities would need in order to access the content of messages sent over the network.

The head of Roskomnadzor announced that Telegram should hand over “keys for decryption” to the special services so that they can read correspondence between users and catch terrorists. This demand not only violates Article 23 of the Constitution of the Russian Federation, which outlines the right to private correspondence, but it demonstrates an ignorance of how communication is encrypted in 2017.

In 2017, the exchange of secret information is built on end-to-end encryption, to which the owners of the service do not have and cannot have the “keys for decryption.” These keys are stored only on the devices of the users themselves. Although Telegram was a pioneer of this technology, today all popular messaging services use end-to-end encryption, including WhatsApp, Viber, iMessage, and even Facebook Messenger.

A potential block of Telegram will not complicate the work of terrorists and drug dealers – dozens of other end-to-end encrypted messengers remain at their disposal (in addition to VPNs). There isn’t a single country in the world that blocks all available messengers or VPN services. In order to defeat terrorism through blocks, you’d have to block the internet.

According to IT analyst, Mikhail Klimarev, people use Telegram because they don’t want to be spied on, and surrendering user data to the Russian government would undermine user trust: “It’s very unlikely that Durov will agree to fulfill Zharov’s ultimatum.”

Blocking Telegram in Russia would surely decrease its popularity, particularly among new users and people with less technical savvy. But Russian IT experts are confident that determined users would be able to bypass any block.

Vladislav Zdolnikov, a technical consultant for opposition leader Alexei Navalny’s Anti-Corruption Foundation, told Novaya Gazeta that “blocking Telegram such that the block cannot be bypassed is impossible.”

Telegram uses a large number of servers to connect. And, taking into account the level of technical literacy of Roskomnadzor employees, a complete block of telegram isn’t going to happen. But if it does, I’m sure that in the near future volunteers will set up proxy servers that allow Telegram users to bypass the block. And Telegram will work through any VPN service.

And all else being equal, there is no guarantee that blocking the service will help to stifle communication among violent extremist and organized crime groups.

By Isaak Webb, for Global Voices Advox