Pavel Durov’s arrest sets a dangerous precedent

The idea of holding tech CEOs like Telegram’s Pavel Durov criminally liable for content on their sites should worry anyone who cares about free speech, says Matthew Feeney Late last month, French authorities arrested the CEO of the messaging service Telegram, Pavel Durov, after his plane touched down in Paris-Le Bourget Airport. He faces multiple [...]

Sep 3, 2024 - 03:00
Pavel Durov’s arrest sets a dangerous precedent

Pavel Durov, CEO and co-founder of Telegram (Photo by Steve Jennings/Getty Images for TechCrunch)

The idea of holding tech CEOs like Telegram’s Pavel Durov criminally liable for content on their sites should worry anyone who cares about free speech, says Matthew Feeney

Late last month, French authorities arrested the CEO of the messaging service Telegram, Pavel Durov, after his plane touched down in Paris-Le Bourget Airport. He faces multiple charges of refusing to cooperate with French officials and complicity in child exploitation, drug trafficking, money laundering, and other crimes. He is also charged with providing cryptographic technology without declaration. The charges should concern everyone who believes in free speech and the free flow of ideas.

Content moderation and encryption are at the heart of the current furore. Telegram is a popular messaging service with almost 1bn users. While a lot of recent reporting has described Telegram chats as “encrypted” this is very misleading.

Many people assume that “encryption” means “end-to-end” encryption (E2EE), which ensures that only the sender and receiver of a message have access to it. However, Telegram does not use E2EE by default for one-to-one chats and does not allow E2EE for group chats. This makes Telegram much less secure than other messaging apps such as Signal and Whatsapp, which enable E2EE by default for all chats. This is an important distinction because it affects who can access chats on different platforms. If law enforcement agencies come to Signal or Whatsapp and ask for the contents of users chats Signal and Whatsapp are prevented from handing over the contents by the laws of mathematics. But Telegram group chats and some of its one-to-one chats are no more secure than Gmail emails or X (formerly Twitter) messages.

No doubt more news about Durov’s personal views on cooperation with governments around the world will emerge as the case in France progresses. But whatever his own views, we must make a distinction between holding a CEO of a messaging service responsible for illegal content his company can access and holding that same CEO responsible for content that neither he nor his employees can access.

Holding online platforms liable for their users’ content is a bad but not new idea. As the internet developed and grew in popularity courts in liberal democracies around the world considered whether laws developed for newspapers, libraries, bookshops, and other venues for speech could be applied to the internet. Fortunately, the laws that emerged generally exempted online platforms from liability for much of their users’ speech. But these shields are not absolute. Even in the United States, the country with the most speech-permissive environment in the world, platforms can be held liable for user content that violates federal law or infringes copyright.

Tech companies can’t just ‘nerd harder’ to break encryption

But, as noted above, CEOs cannot access their users’ communications if these users have enabled E2EE. This is what makes the cryptography charges against Durov so concerning. If the French authorities are concerned that Durov has taken minimal steps to tackle illegal content available to Telegram employees that is one thing. It is quite another for the authorities to arrest Durov because he is allowing users to share illegal content via E2EE communications. Those who paid attention to the debates leading up to the passage of the British Online Safety Act will be familiar with lawmakers’ who are frustrated by E2EE and their’ tendency to ask technology companies to “nerd harder” to break encryption for the bad guys but to keep it intact for the good guys.

But this is not feasible. A cost of secure E2EE communication technology is that criminals will be able to use it. No doubt this is a source of frustration to police and intelligence agencies around the world. But the response should not be to hold leaders of technology companies criminally liable for illegal content shared on E2EE chats. Doing so would undermine the security and privacy of millions of law-abiding people across the world.

Matthew Feeney is head of tech and innovation at the Centre for Policy Studies