At the end of the day, the list of charges against Pavel Durov, - which has been finally published today by French authorities, - contains a lot of things to think about. And the main punch there is, obviously, alleged "complicity" in child exploitation and drug trafficking. Whatever it means to "comply" with such things when you run a large multi-modal communication service which is working across the globe in dozens of countries. Here is the document itself: https://t.ly/Oqw0U. What do you think about it? I'll share my view.
Well, I have seen this tactic employed before. Back at home, of course. You may not notice, but that is a very useful list of charges. Because even the finest guardians of proper judgment process would run in horror when someone mentions such an allegation. Who in their right mind would protect a child abuser or a drug trafficker, right? And even if all of the charges are lifted somewhere down the road and Pavel is pledged completely innocent it'll be hard to go back and fix all the damage done. Media titles are killing Durov's reputation as well as Telegram's perception right now. Rare people will remember the details in a year. But everybody will recall that something dark has been mentioned, and, as one says, there is no smoke without a fire.
However, after reading the whole thing, what actually picked up my attention in the document was not all the horror it spends so much time and effort to throw at you. Instead of freaking out immediately one should just scroll down, closer to the end, and read carefully.
First, - and I should ask an excuse for my rusty French and bad jokes here - I noticed the following: “Creating a criminal association with the intention of committing a crime or an offense punishable by at least 5 years of imprisonment”. My immediate joke was that with such apporach this sentence is a complete and full definition of simply establishing a legal entity nowadays 🙂 Bureaucratic nonsense at it worst. Nothing new. What follows next though just blows my mind:
1. Provision of cryptographic services aimed at ensuring confidentiality functions without a declaration of conformity.
2. Importation of cryptographic means not exclusively providing authentication or integrity control functions without prior declaration.
Wow-wow, hold on! I’m curious here! Since when aiming at “ensuring confidentiality functions” is a crime? Have I overslept this dramatic change in the world? And what type of conformity one should declare here? Conformity to what exactly? Uncle's Jack back door embedded? I mean, every major IT course in every university contains Bob and Alice badly trying to encrypt their nude photos and dark gossiping about colleagues in such a way that no third party can read all of that. It seems like from now on next to the explanation of how one could use asymmetric cryptography to achieve the goal we should clearly mention how many years in jail a student can serve for doing so without "declaring a conformity". That’s some important legal information right there 😉
Jokes aside, for years it has been noted by security experts that there is no such thing as a “slightly and conveniently insecure” communication protocol. Encryption is either fully secure, or it is not present. As many other things, cryptography is a tool we all use every day to keep our life at least moderately private in the age of total observation and control. It is not bad. It is not good. It serves the right. It serves the wrong. That’s just math. A law of physics which you may like or not and which nevertheless exists and works despite your opinions or political needs of the day. I really don’t have enough words to say it any better than Meredith Whittaker, a Signal Foundation President, already did once, so I’ll just share her statement once again here: just read her manifest, please.
There is a small chance still that French police will provide some evidence that directly ties Pavel Durov to some really dark business done through Telegram. Personally, I doubt it by now. So far it seems that by just building a platform and not rolling over every single time he has been asked to do so, Pavel managed to become a dangerous personality worth arresting immediately and holding in custody for multiple days in a row. In this case he is no more guilty in “complying” with storing child porno than any company producing a hard drive. And he has as much connection with drugs and gun trafficking as the Internet itself.
All of that is amazing. Terrifying. And so fucking stupid.
Well, I have seen this tactic employed before. Back at home, of course. You may not notice, but that is a very useful list of charges. Because even the finest guardians of proper judgment process would run in horror when someone mentions such an allegation. Who in their right mind would protect a child abuser or a drug trafficker, right? And even if all of the charges are lifted somewhere down the road and Pavel is pledged completely innocent it'll be hard to go back and fix all the damage done. Media titles are killing Durov's reputation as well as Telegram's perception right now. Rare people will remember the details in a year. But everybody will recall that something dark has been mentioned, and, as one says, there is no smoke without a fire.
However, after reading the whole thing, what actually picked up my attention in the document was not all the horror it spends so much time and effort to throw at you. Instead of freaking out immediately one should just scroll down, closer to the end, and read carefully.
First, - and I should ask an excuse for my rusty French and bad jokes here - I noticed the following: “Creating a criminal association with the intention of committing a crime or an offense punishable by at least 5 years of imprisonment”. My immediate joke was that with such apporach this sentence is a complete and full definition of simply establishing a legal entity nowadays 🙂 Bureaucratic nonsense at it worst. Nothing new. What follows next though just blows my mind:
1. Provision of cryptographic services aimed at ensuring confidentiality functions without a declaration of conformity.
2. Importation of cryptographic means not exclusively providing authentication or integrity control functions without prior declaration.
Wow-wow, hold on! I’m curious here! Since when aiming at “ensuring confidentiality functions” is a crime? Have I overslept this dramatic change in the world? And what type of conformity one should declare here? Conformity to what exactly? Uncle's Jack back door embedded? I mean, every major IT course in every university contains Bob and Alice badly trying to encrypt their nude photos and dark gossiping about colleagues in such a way that no third party can read all of that. It seems like from now on next to the explanation of how one could use asymmetric cryptography to achieve the goal we should clearly mention how many years in jail a student can serve for doing so without "declaring a conformity". That’s some important legal information right there 😉
Jokes aside, for years it has been noted by security experts that there is no such thing as a “slightly and conveniently insecure” communication protocol. Encryption is either fully secure, or it is not present. As many other things, cryptography is a tool we all use every day to keep our life at least moderately private in the age of total observation and control. It is not bad. It is not good. It serves the right. It serves the wrong. That’s just math. A law of physics which you may like or not and which nevertheless exists and works despite your opinions or political needs of the day. I really don’t have enough words to say it any better than Meredith Whittaker, a Signal Foundation President, already did once, so I’ll just share her statement once again here: just read her manifest, please.
There is a small chance still that French police will provide some evidence that directly ties Pavel Durov to some really dark business done through Telegram. Personally, I doubt it by now. So far it seems that by just building a platform and not rolling over every single time he has been asked to do so, Pavel managed to become a dangerous personality worth arresting immediately and holding in custody for multiple days in a row. In this case he is no more guilty in “complying” with storing child porno than any company producing a hard drive. And he has as much connection with drugs and gun trafficking as the Internet itself.
All of that is amazing. Terrifying. And so fucking stupid.