A lot of information is circulating these hours about the arrest of the founder of the messaging service Telegram: Pavel Durov. Not all this information is correct, let’s try to put the facts together and rely on reliable sources.
What happened
Pavel Durov was arrested on Saturday 24 August 2024 at 20:00 at Le Bourget airport, on the outskirts of Paris. His arrest is linked to a judicial investigation launched on 8 July 2024 by Section J3 – JUNALCO (Juridiction Nationale de Lutte contre la Criminalité Organisée) of the Paris Public Prosecutor’s Office. An official presentation of JUNALCO’s findings is available by clicking here.
The note of his arrest was issued on 26 July 2024, in which we also read the charges against unknown persons (this is very relevant) and in fact it is written‘This judicial investigation was opened against unnamed‘. At the moment Durov has been detained for questioning as the note clearly states:‘The investigating magistrates in charge of this preliminary judicial investigation have requested the joint referral of the centre for the fight against cybercrime[…] and the National Anti-Fraud Office for the conduct of the investigation. It is within this procedural framework that Pavel DUROV was questioned by the investigators.“
The charges
There are 12 counts against unknown persons and they are very heavy indeed. An automatic translation is given:
- Complicity – web-mastering of an online platform in order to enable an illegal transaction in an organised group,
- Refusal to disclose, at the request of the competent authorities, information or documents necessary for the performance and operation of wiretaps permitted by law,
- Complicity – possession of pornographic images of minors,
- Complicity – distribution, offering or making available pornographic images of minors, in organised groups,
- Aiding and abetting – acquiring, transporting, possessing, offering or selling drugs,
- Complicity – the offer, sale or making available, without a legitimate reason, of equipment, tools, programmes or data designed or adapted to gain access to and damage the operation of an automated data processing system,
- Complicity – organised fraud,
- Conspiracy to commit a crime or offence punishable by five or more years’ imprisonment,
- Laundering of proceeds of crime and organised group offences,
- Provision of encryption services to ensure confidentiality without a certified statement,
- Provide an encryption tool that guarantees not only authentication or integrity monitoring without prior declaration,
- Import of an encryption tool that guarantees authentication or integrity monitoring without prior declaration.
Finally, it is worth mentioning that at the end of the text it is written:
The pre-trial detention period has been extended until 25 August 2024 by an investigating magistrate and can last up to 96 hours (i.e. 28 August 2024) due to the applicable procedure for organised crime offences, as mentioned above.
The ‘encryption declaration’ business
Among these, one stands out that has intrigued many people, number 10:
Provision of encryption services to ensure confidentiality without certified declaration
The question therefore arose as to which certified declaration one is talking about. In all likelihood, one could refer to the‘Loi n° 2004-575 du 21 juin 2004 pour la confiance dans l’économie numérique‘. In Article 31 of the aforementioned law, there are two paragraphs stating the following.
I. - The provision of cryptographic services must be declared to the Prime Minister. A decree in the Council of State defines the conditions under which this declaration shall be made and may provide for exceptions to this obligation for services whose technical characteristics or conditions of supply are such that, with respect to the interests of national defence and the internal or external security of the State, such supply may be exempted from any prior formality.
II. - Persons exercising this activity are subject to professional secrecy, under the conditions laid down in Articles 226-13 and 226-14 of the Criminal Code.
I. - La fourniture de prestations de cryptologie doit être déclarée auprès du Premier ministre. Un décret en Conseil d'Etat définit les conditions dans lesquelles est effectuée cette déclaration et peut prévoir des exceptions à cette obligation pour les prestations dont les caractéristiques techniques ou les conditions de fourniture sont telles que, au regard des intérêts de la défense nationale et de la sécurité intérieure ou extérieure de l'Etat, cette fourniture peut être dispensée de toute formalité préalable.
II. - Les personnes exerçant cette activité sont assujetties au secret professionnel, dans les conditions prévues aux articles 226-13 et 226-14 du code pénal.
This essentially means that:
- Cryptography adopted by IT solutions must be declared to the Prime Minister when adopted in French software solutions.
- One is only exempted when there is deemed to be no risk to ‘the interests of national defence and the internal or external security of the state’.
Telegram is a messaging system on a global scale in which, as is well known, illegal activities (such as those specified in the charges) are also conducted, so it is reasonable to think that Article 31 is fully implemented. It is worth mentioning that France adopts a similar system to other countries including the United States with the Foreign Act.
In fact, this can also be found in the specifications for publishing apps in Apple’s App Store. In which it is stated that if the application“uses proprietary encryption algorithms not accepted by international standard bodies (such as IEEE, IETF, or ITU) // uses proprietary encryption algorithms not accepted by international standard bodies (such as IEEE, IETF, or ITU)“, the developer must also provide Apple with the ‘French Encryption Declaration’ with a note that clearly states:
The French encryption declaration form is only required if you are distributing your app on the App Store in France
French encryption declaration form is only required if you're distributing your app on the App Store in France.
Conclusions
The Durov affair has ignited a lot of discussion on the subject: from the usefulness of the French initiative to the compression of freedom and the right to privacy. There is no doubt, however, that there is an enormity of illicit activity within Telegram that is easily accessible, most recently the case of child abuse.
Author’s note
I would like to engage the reader in a ‘philosophical’ reflection that makes no claim to establish a truth but only to spark critical thoughts.
We Italians (or rather Europeans) perceive individual rights as guaranteed by law. The most important case is that of private property or free enterprise. These are ‘sacrosanct rights’ that the common person identifies as ‘individual’. The law guarantees ‘my rights’. The American FISA and also the French regulation emphasise the ‘collective good’ that is often forgotten. First of all, there is the collective good and then the good of the individual: this prompted the US government, after 9/11, to strengthen the FISA initially wanted by Nixon. It is not important to establish whether this is right or wrong, for the moment let us just focus on this possible interpretation.
In this sense, France, America, and other nations, would act for the good of the community in terms of protecting national security (internal or external). On the other hand, however, the most frequent criticism of this model concerns the way in which this information is stored. French regulations make it clear that information acquired by the technology provider will be kept secret, but what if it is not? The issue of rights compression is simply wonderful and has no simple solution ( complex problems almost never have simple solutions). In this case perhaps one could also refer to what philosophers call an aporia, i.e. a problem that apparently cannot be solved.
Here, if the reader has come this far, he or she knows that: this internal struggle to balance rights and obligations is what makes Western democracy an instrument to be envied. In its imperfection, in its fragility, it is nevertheless subject to a continuous search for balance and improvement.