The European Court of Human Rights (ECHR) ruled in favor of a Telegram user on Tuesday February 13. The latter had taken the matter to European court to challenge a Russian law allowing the country’s security services to request access to the encryption keys used by the messaging application to protect “secret” conversations.
Anton Podchasov, who was part of a group of six Telegram users targeted by a request from the FSB, the Russian internal security service, had seized the ECHR in 2019. In a case against terrorism, the FSB had ordered the the application to provide him with all the information at his disposal on Mr. Podchasov, as well as the encryption keys allowing him to decode the “secret” messages that he may have sent or received.
A Russian law from 2017
The FSB relied on a 2017 Russian law requiring all communications platforms to provide these keys to the authorities upon request. These keys are the central link in the so-called “end-to-end encryption” system, which makes it possible to secure a communication in a very robust manner: only the sender and recipient of the message can read it, and even the administrator of the message. application cannot access it. These keys are, however, “general”: once transmitted to the FSB, they could have been used to decode Mr. Podchasov’s messages, but also those of all other users of the application.
At the time, Telegram refused to comply, believing that the law violated the fundamental freedoms of its users. The messaging, supported by most organizations defending freedoms, was then blocked throughout the country – not very effectively. The company left Russia at the same time, its boss, Pavel Durov, also explaining that he had been robbed of his shares in VKontakte, the “Russian Facebook” that he had created with other people.
The decision of the ECHR agrees with Telegram : Russian law “which allows the authorities to access, in a generalized manner and without sufficient safeguards, the contents of electronic communications, is in contradiction with the very essence of the right to private life”. In particular, it rejects Russia’s arguments according to which the provision of encryption keys would not constitute a “widespread surveillance » since the request only related to messages exchanged by six users. As computer security specialists and civil liberties advocates have explained, there is no way to ensure that an encryption key is not used to monitor users other than those on the original request.
Recurring debates in Europe
The ECHR’s decision is expected to influence several other current legislative files. The question of communications encryption is in fact at the heart of proposals put forward by some political leaders, as well as certain recent bills. In France, after the Arras attack, the Minister of the Interior, Gérald Darmanin, said he wanted to be able to access the content of encrypted conversations; the director of Europol, the Belgian Catherine de Bolle, estimated in 2021 that the encryption was “the last refuge of criminals”.
In 2023, the UK government sought to force major messaging platforms to create “backdoors”, a system that would allow authorities, and only authorities, to decode encrypted messages. Despite unanimous opposition from computer security specialists, who explain that such systems are impossible to create securely, the text was adopted, but the government assured that it would not actually be applied.
At European level, lively debates surround a draft directive on the fight against child pornography, the first version of which aimed to impose a generalized mechanism for the automatic detection of child pornography images on messaging publishers such as Telegram, WhatsApp or Facebook Messenger. Opponents of the text denounced an attempt to undermine the foundations encryption of communications. A new version of the text is still being discussed in Brussels.