Pavel Durov arrested in France

Following the recent controversy about the opening ceremony of the Olympic Games in Paris, France is once again in the spotlight for unfortunate reasons — this time, the arrest of Telegram’s founder and CEO, Pavel Durov.

What we know so far

Durov was arrested at Le Bourget airport near Paris last night after flying there from Baku (Azerbaijan) on his business jet. He was accompanied by his bodyguard and apparent girlfriend, and was planning to have dinner in Paris that evening. The arrest was motivated by an outstanding search warrant against Durov. It is unclear whether Durov was aware of the warrant before deciding to fly to France.

The warrant was issued by a judge based on a request by the “Minors Office” (OFMIN). In that sense, the arrest is neither arbitrary, political, nor unlawful. OFMIN is a 40-strong specialized police unit reporting to the Ministry of Interior and created in November 2023 to investigate online crimes against minors.

It appears that OFMIN is not accusing Durov himself of crimes against minors. Instead, Durov is being accused of either refusing to filter Telegram for child sexual abuse material (CSAM), or refusing to cooperate with the French police on specific CSAM investigations involving Telegram, or both.

The CSAM problem is real and widespread. The French OFMIN received 318,000 reports in 2023, up from 227,000 in 2022. Not all those involve Telegram, of course. 90% of those reports actually originate from the U.S. nonprofit National Center for Missing & Exploited Children (NCMEC), and are forwarded to OFMIN only because either a perpetrator or a victim used an IP geolocated in France.

There are precedents for platform providers attempting to moderate CSAM. Most famously, Apple engineered an iCloud photo scanning tool that detects CSAM. That project launched in August 2021 and was terminated two years later. Apple claimed that there was no way to filter CSAM without making unacceptable tradeoffs to user privacy.

It seems that over the years, Durov reached a similar conclusion as Apple and refused to implement moderation tools that would monitor Telegram chats to detect and report CSAM. It also appears that he refused one or more subpoenas from a French judge to hand over encryption keys (or to use them to decrypt communications from suspects) in one or more CSAM cases, leading to the arrest warrant.

The warrant also make references to non-CSAM police cases involving Telegram communications: terrorism, organized crime, drug trafficking, etc. So it is possible that the warrant is also for Durov’s refusal (in his CEO capacity) to comply with those other investigations.

Durov will now be held in custody (“garde à vue” or GAV) with legal counsel present during questioning. The standard GAV duration is 24 hours extendable to 144 in cases involving drug trafficking or terrorism (as seems to be the case here). After that, Durov will either be released and all charges dropped, or presented to a judge who will decide whether he should await trial at home (in France) or in jail.

Why this arrest matters

In cypherpunk fashion, you may disagree with laws that require communication providers to hand over to investigators the contents of private communications (encrypted or not) in response to a legal subpoena. Social media has undeniably exploded in outrage at France's perceived violation of free speech, which certainly benefits from being protected from the prying eyes of governments.

Yet, most judicial systems in the world have a duty to investigate egregious crimes and will naturally subpoena operators of online platforms through which those crimes were either committed or facilitated. In most countries, declining to comply with such judicial requests is unlawful. This has little to do with the country being democratic or not; democracy is merely the mechanism for deciding how laws are passed. It is orthogonal to deciding whether the laws should value privacy more than the so-called public interest or security.

So, the superficial dilemma appears to lie between the defenders of free speech on one side and the defenders of the law (in this case, a rather legitimate need to prosecute criminals) on the other.

Clearly, this tradeoff is an unsatisfactory way of framing the problem. Regardless of where you stand, it is highly unlikely that cypherpunks will ever convince states to stop their criminal investigations at the doors of online platforms. Even if they did, all it would take is one particularly egregious case of terrorism or child trafficking for the public opinion to side again with those who would rather give up privacy for security.

Is Durov to blame?

If you believe in the sanctity of privacy as a cornerstone for freedom and government overreach avoidance, then the best remedy is to build, fund, promote, and use auditable, open-source, end-to-end encrypted (E2EE) software whose design doesn’t even offer the possibility of such privacy violations, because no server holds the encryption keys nor copies of the chats. It also should not depend on centralized failure points and supply chain attack vectors like GitHub.

Unfortunately, Telegram is not one such software, and the responsibility for that questionable design lies entirely with Durov. In Telegram, you can initiate an E2EE channel, but it takes extra steps and is not intuitive (click on a user's profile, then on the ellipsis, select "Start Secret Chat", then wait for the user to come online before you can even initiate the discussion).

By default, Telegram chats are stored server-side, which means that the Telegram organization can be subpoenaed (or, worse, secretly coerced) into giving up the keys. Other software such as Signal or WhatsApp use E2EE by default, so they are technically unable to violate their users’ privacy (except perhaps by maliciously capturing what happens at the app level, before it is transmitted). This means that their respective CEOs cannot be held responsible for not complying with investigations, and why neither Moxie Marlinspike nor Mark Zuckerberg are in custody. In fact, those messaging service providers happily comply with subpoenas, but can only return limited metadata because they do not have access to the actual contents of the messages.

When designing Telegram in 2013, Durov made a conscious decision not to enable E2EE by default. His rationale (explained by Durov himself in this 2017 blog post) was that if all communications were end-to-end encrypted, users would lose the ability to retrieve them from Telegram's own servers in case they had to replace their mobile device. In other words, Durov traded privacy for adoption because he was worried that users would shun Telegram if it did not have a cloud backup feature natively enabled. In his own words:

"Neither did we want to deprive our users of [the backup] functionality that they enjoyed in other apps and doom Telegram to join the ranks of niche apps"

Case in point: Signal is a pure E2EE messaging app that does not benefit from the network effect of a large pre-existing user base (as is the case with Meta's WhatsApp and facebook, respectively), and its usage has remained rather niche in comparison with both WhatsApp and Telegram (disclaimer: I have used Signal since its inception, and have had to onboard virtually every person I am interacting with through the app).

The tradeoff that Durov made by favoring reach over privacy is questionable enough. But what is worse is that he consistently portrayed Telegram as a privacy-first app, when it is really more akin to a social media app the likes of Discord, Instagram, or Twitter (which nobody would consider to be private).

Durov's initial design decision and subsequent misleading portraying of his app created the conditions for governments to subpoena Telegram's servers, for either legitimate judicial reasons or illegitimate political ones, and to take action once the company refused to comply. Russia banned Telegram from April 2018 to June 2020 because of that refusal. France did not ban Telegram but enforced the law as written, leading to yesterday's events.

Durov may not have wanted to find himself in the crosshairs of governments, but he not only made it inevitable, he also misled and jeopardized the privacy and security his own users in the process. In my view, he is not a persecuted cypherpunk and should not be celebrated as such.