The Lockstep Toward Banning Encryption: On Durov, Telegram, and Potential Implications

Recently, the founder of Telegram was detained in France and charged with complacency with regard to the various shady activities that go on on the platform.

And, while we forgo talking about people on this blog, we will talk about the implications and ideas that surround his arrest - I don’t personally have an opinion on Durov or Telegram, though there are people on both sides of the fence as to its efficacy with regard to secure communications.

What I do care about is the broader concern: when we as a society start arresting people who are the creators of platforms simply because that platform is used for ill intention, I feel we need to reassess. We are talking about arresting and incarcerating the maker of the gun, not the trigger-puller. Whatever your opinion about guns is, you can start to see the slippery slope we are on.

The Potential Implications

What this implies would be the following:

Zuckerberg should therefore be arrested and tried for his complacency in WhatsApp and Facebook Messenger and the use of these platforms for illegal activity.

Tim Apple will also be arrested for his complacency in iMessage and the use of iMessage in dealing drugs or worse.

Moxie will be arrested and incarcerated for his complacency in Signal and the E2E protocol they have developed.

Spiegel for Snapchat. Etc. Etc. Etc.

Is every Linux user next, because GPG and LUKS are baked into the OS?

Does that mean Linus Torvalds for his involvement in Linux, Phil Zimmermann for PGP, or Joan Daemen and Vincent Rijmen for AES 256 are to be put on trial? Let alone the tens of thousands of people who have contributed to the development of these technologies and more.

We are in a world in which people who don’t understand technology are making arbitrary laws about technology, and it needs to cease. Specifically, the idea of “banning encryption” and instituting backdoors everywhere - for that would really make the world a worse place were it come to pass (it won’t).

Legitimate Use Cases for Encryption

Encryption is necessary for the modern technological world. The legitimate use of encryption allows user data to be retained safely and kept in a way that allows services to exist. It allows for payment processing, online banking, real journalism (for which I have the utmost respect), and of course, not least of all, communication.

Encryption allows people who are oppressed to communicate the atrocities against them. It permits people to really say what is on their mind. Encryption keeps far more people safe than it harms people - and that is a fact.

And, if anyone understands computing technology, they will know the idea of banning it is all a sham, ill-advised, and downright stupid.

The genie is long out of the bottle on technology - this is why open source needs to win in all realms of endeavor.

It Is Ultimately Impossible

Any scare tactic articles written in the last ten years about the potential of countries to ban encryption are written by people who don’t understand the technology - and I am not saying I do understand let me qualify - but the fact is that “intercepting communication,” as this article suggests, does not “effectively ban encryption” - encryption is done on the device, and the transmission is already encrypted.

Sorry to inform you, this interception already happened.

The only way to not have communication intercepted in the modern world is to send a message in a bottle, or via carrier pigeon, and we all know how reliable either of those methods are.

If you live in a five-eyes country, you already have your communications intercepted. If you use Windows, you probably can’t even properly encrypt your communications in the first place. The same is highly possible for Mac, too.

Interception of transmission is not “breaking encryption.”

End-to-end (E2E) encryption is done on the device, and while the transmission is likely intercepted, it is like a letter that is sealed and garbled up to the point of not being understandable. The metadata is always attached to that communication - so if you are communicating with a known criminal, consider it already known.

One can obfuscate his identity to the point of anonymity - but poor OpSec in the past has always been the downfall of those who are committing crimes - an internet post here, an unencrypted email there, and your cover is blown.

Act as if the transmission is always going to be intercepted. And, if you do not trust the other party in your communication, the fact is that your message is as good as plain text.

The Backdoor Nonsense

The other suggestion of introducing “backdoors” into encryption technology is a bad one. Not only would governments have access to this information, but everyone would - because governments are notoriously bad at keeping anything secure. The inevitability would be that the keys to the castle would end up on some darknet marketplace, and then everyone is screwed. The fact is that the space is ever evolving and the game of cat and mouse will be ongoing ad nauseum.

But, none of this negates the fact that you would have to ban mathematics to ban encryption - not outside the realm of question for the intelligence that be in power today, but again, impossible.

The idea of banning encryption would be the same as banning locks on doors. And I don’t think anyone would want to live in that society.

Encryption Is a Human Right

Encryption is a human right - the right to privacy and to personal expression. Stamping on this right because some people use it for ill is the same as banning kitchen knives because people use them to stab each other - the chefs and the broader society suffer because some idiot wanted to kill someone. And, people will always find a way to do that, so the goalposts just move further and further until a society can’t have anything nice.

As your right, I invite you to open a terminal and run the following:

gpg --full-generate-key

and do with that what you will.

Until next time.