November 24, 2024

David Inserra

European threats against tech companies and the speech of its users continued to escalate last weekend (August 24) as French authorities arrested Pavel Durov, the CEO of the encrypted communications app Telegram.

This is reportedly due to Telegram’s lack of content moderation and failure or inability to meaningfully cooperate with law enforcement in combatting criminal activities, which French authorities allege as complicity in such criminality.

The French complaint centers on the fact that Telegram provides encrypted forms of communication, with its private or “secret” messages being the most robustly protected through end-to-end encryption. Such encryption keeps users, their data, and their communications safe from the prying eyes of both criminals and governments alike. Other parts of Telegram are more open to the public like traditional social media but are less aggressively moderated.

If the French government is arresting a technology company CEO for refusing to break its encryption or moderate content, then this is yet another threat to American speech and companies.

While Telegram is based in Dubai and Durov hails from Russia, the platform carries significant amounts of American speech that is now being threatened by the French government. Furthermore, this action is a clear threat to American technology companies—moderate speech and weaken your encryption or else.

But Telegram’s emphasis on mixing lightly moderated social media with the privacy of encryption is appealing to many users. This includes dissidents and activists looking to remain safe from government repression, security and privacy-focused consumers who simply do not want their communication and social media experience to be so public, and yes, some criminals or other bad actors.

Ever since encryption started to become widespread, governments have wanted the ability to crack it. Whether it be to root out dissidents, stop true criminals, or spy on other countries, governments view encryption as a roadblock. In the early 1990s, the US intelligence community developed and proposed the adoption of a special “clipper chip” that would create a “back door” or way to bypass mobile phones’ encryption.

While these first battles in the “Crypto wars” would end with victory for strong encryption, it didn’t take long for governments to return to their demands. In 2016, the FBI initially got a court to issue an order requiring Apple to develop new coding that would allow the FBI to bypass the encryption on one of the San Bernardino terrorists’ iPhones. Policymakers around the world have called for or enacted legal requirements on technology companies to provide law enforcement or the intelligence community access to encrypted communication. Even last year, the bipartisan EARN IT Act demanded that companies be able to access and scan encrypted messages or else lose legal liability protections.

The UK went further last year and passed the encryption-threatening Online Safety Bill. While the government promised that it would only invoke the bill when feasible technical solutions are available to balance privacy and government access, that decision is ultimately in the hands of the UK government.

The approach taken by the Online Safety Bill has been derided in the tech community as the “math harder” approach. In essence, strong encryption promises that it is not technically possible for anyone other than the sender and intended recipient to read a message or a piece of data. On the other hand, access to such information is exactly what governments want. And so, governments have consistently tried to claim that it is magically possible to both protect users’ privacy while also giving law enforcement access to users’ encrypted communications if the companies developing these products just try harder.

But despite the fanciful dreams of governments, every technology company knows that building a backdoor or other weakening of encryption comes at the expense of users’ privacy and online security.

And so, the French government, seemingly frustrated with the way that Telegram was being used by criminals and others they dislike, has taken the radical step of arresting its CEO. To be clear, some of the communications may be objectively terrible ranging from terrorism to child sexual abuse material (CSAM). And if Durov is actively supporting or engaging in such criminality, then he can and should be held responsible.

But just because some bad people use a tool for bad purposes does not mean we should destroy that tool for everyone else. The French charges do not appear to accuse Durov of actively supporting criminal behavior, but merely that he is complicit because bad actors are using his platform. We should know more in the coming days.

So let us be clear, the French arresting the Telegram CEO for merely creating a communication platform threatens Americans’ speech. If Americans are using Telegram but then the strength of Telegram’s security is weakened in response to what France is doing, then Americans are worse off. Their speech is less secure and chilled. While consumers can switch to other products, there is little stopping France from arresting or threatening the CEOs of Signal or even Meta’s WhatsApp and Messenger. Going back to the UK, what stops the current government from invoking the Online Safety Bill amid riots and unrest to clamp down on all encrypted tools that they believe are being used to “incite hatred” or spread misinformation?

European threats against tech companies and free expression can no longer be ignored. What happens in Europe is not staying in Europe. We see EU bureaucrats threatening Elon Musk for hosting a conversation with former US President Donald Trump; UK police threatening to try to extradite Americans for speech the current UK authorities find to be hateful; or many other in force or proposed speech laws or anti-encryption laws in Germany, Ireland, and around the world.

The US must not only defend American freedoms at home, but increasingly it is faced with how to respond to threats from even democratic allies. The irony is not lost on Pavel Durov, who left Russia in 2014 after Putin’s regime effectively forced him out of his previous social media company, VKontakte, because Durov wouldn’t de-platform dissident Alexei Navalny or give user information to Russian authorities.

It is difficult, though, for the US to call out such attacks on expression and privacy when our policymakers have long considered or advocated requiring backdoors and weakening encryption. Similarly, while the TikTok divest or ban law is (in)famous for what it does to TikTok, the law also more broadly gives power to the executive branch to initiate similar divest or ban proceedings against other foreign adversary-controlled applications deemed to be security threats.

Given that Telegram is headed by a Russian national and is viewed by many Western governments as too permissive of various types of bad or criminal actors, it is not hard to imagine a future US administration taking legal action against Telegram or other tech companies.

The US needs to be more committed to strong encryption and tech-powered expression if it wants to effectively argue against other nations harming American speech, security, and companies. It also strengthens the argument for more decentralized forms of social media and communication that are more resistant to government censorship because no one company or person has the power to squash expression or invade users’ privacy.