This week, the arrest of Telegram's CEO, Pavel Durov, by the French government sent shockwaves through the global community. The charges against him represent a direct and unprecedented threat to the right to privacy worldwide. In this week’s newsletter, I want to look specifically at the final three charges: They epitomize this alarming assault on privacy:
Providing cryptology services aiming to ensure confidentiality without a certified declaration,
Providing a cryptology tool not solely ensuring authentication or integrity monitoring without prior declaration,
Importing a cryptology tool ensuring authentication or integrity monitoring without prior declaration.
Yes, you read that correctly, three of the charges against Pavel Durov are for “unlicensed” cryptography.
It amounts to the criminalization of privacy.
Cryptography — like a digital lock and key — allows us to have privacy in the digital world. Apparently, in France, you need a license to be allowed enjoy privacy or build privacy tools. This is terrifying and egregious overreach.
As Phil Zimmermann once explained, he first created PGP (the world’s most widely used email encryption tool) in the 90s because it’s precisely the government that we need encryption to protect ourselves against:
“The need for protecting our right to a private conversation has never been stronger. Democracies everywhere are sliding into populist autocracies. Ordinary citizens and grassroots political opposition groups need to protect themselves against these emerging autocracies as best as they can. If an autocracy inherits or builds a pervasive surveillance infrastructure, it becomes nearly impossible for political opposition to organize, as we can see in China. Secure communication is necessary for grassroots political opposition in those societies.”
— Phil Zimmermann
It’s not about whether you do or don’t like your current government; it’s about safeguarding your right to push back if you ever disagree. Private communication is what allows us to dissent, protest, and fight for change without fear of reprisal. When encryption requires government approval, it defeats its purpose of shielding individuals from surveillance and control. This gives the government the power to determine who can have privacy, undermining freedom. Criminalizing privacy tools disempowers individuals and centralizes control, paving the way for tyranny. Without privacy, all other freedoms are at risk.
With this declaration of war against privacy from the French government, the need for robust end-to-end encryption in our communication is more important than ever. However, despite Pavel being charged for using cryptography in Telegram, and despite Telegram marketing itself as private and encrypted, it’s one of the last apps I'd recommend if you're looking for private communication.
I have a video diving deep into why you shouldn’t use Telegram for private communication, and I encourage you all to watch, but here are two big points from the video to understand:
Telegram doesn't support end-to-end encryption for group chats.
Telegram, by default, doesn’t include end-to-end encryption for one-on-one DMs.
In both cases, Telegram has the ability to read all your messages, see your photos, and access your documents. This also means that any government demanding access can also gain full visibility into these things.
While Telegram offers a 'secret chat' feature that end-to-end encrypts one-on-one messages, many users are either unaware of this option or don't use it, mistakenly believing their messages are already private. I wonder how many have left themselves vulnerable because they didn't understand the actual privacy protections they were getting on the platform?
The reason I bring this up is that, while Pavel talks constantly about the importance of privacy, Telegram could have improved the privacy of 900 million users at the flip of a switch, yet chose not to. Unlike robust E2EE platforms that keep data even out of their own reach, Telegram stores in their databases the histories of everyone’s group chat messages and regular DMs, leaving them vulnerable to governments, adversaries, and hackers. Instead of securing users' data with encryption, they simply promised they wouldn’t let governments get this data. No one can guarantee such protection, and you should be skeptical of anyone who claims otherwise.
What happens to everyone’s personal messages now that the CEO has been arrested? Will governments of the world seize Telegram’s servers and help themselves to this treasure trove of communication? This Wired article suggests they’ve already been doing this for a while.
Regardless of whether Telegram shares data or not, the point is they can. With Pavel’s arrest, users’ communications are more vulnerable than ever. This is a powerful reminder that, while people are fallible and their weaknesses exploitable, the laws of mathematics—through strong encryption—remain strong. If we want true privacy, we should always choose platforms that don’t just promise not to share our data, but are incapable of doing so.
There are many other issues surrounding Pavel's arrest (some discussed here) that I need time to fully digest, but the ongoing war on privacy is of tremendous importance. We should all be aware of what’s unfolding and understand the broader implications for our rights.
Summary
The arrest of Pavel Durov marks a significant blow to privacy in two critical ways:
The messages of 900 million users are now potentially compromised, as they were protected by promises, not E2EE.
The French government has effectively declared that privacy without a license is a crime.
I fear not only for the privacy of those who entrusted their conversations to unencrypted texts, but more urgently, for the future of privacy itself.
Before the internet, we had the right to private conversations. No one for a moment would have thought it would be reasonable for the government to put microphones in our homes to prevent them.
Privacy was a right we took for granted.
Today, it's a right we must fight to protect.
The fight to protect privacy is a fight for the freedom of future generations. We cannot allow governments to criminalize privacy and trample on our rights. It’s imperative to create a cultural shift that recognizes the value of privacy and rejects the normalization of surveillance. This is one of the most crucial battles of our time, and we must stand loudly and bravely against this overreach.
If you found this information helpful, consider supporting our channel by donating to NBTV. Your support helps us create free educational content that teaches people how to reclaim control over their digital lives. Visit NBTV.media/support to set up a monthly, tax-deductible donation to our non-profit.
Yours in privacy,
Naomi
Of course, this goes hand-in-hand with censorship. Privacy and censorship topics are always intertwined. Several of the charges were also about Telegram's failure to censor. For both, a decentralized approach where there's no HQ to attack, raid, pressure, or threaten is the best approach. They can torture somebody all they want, but if they don't have the ability to break privacy or enable censorship, it won't matter.
A cabal will not stop, unless the 99.999% over the people across the world stand up push back and say no. it's really up to us if not we will get their plan whether we like it or not.