Simply put: Telegram, Paris attacks and the encryption debate

Five days after the Daesh attacked Paris, Telegram announced that it had shut down 78 public channels in 12 languages used by the terrorist organisation or its supporters for propaganda, including issuing statements and videos.

This was a U-turn by the company, whose founder had initially said in an Instagram post that French policies were to blame for the attacks. Earlier in September, Pavel Durov had said he was aware that Daesh were using his service, but had insisted that “privacy… is more important than our fear of bad things happening, like terrorism”.

What is the story of Telegram and its popularity with Daesh?

Pavel Durov, who co-founded Telegram with his brother Nikolai, was called Russia’s Zuckerberg — but he had to sell stake in his company and leave Russia after getting on the wrong side of the government. Pavel Durov says there are no outside investors in the app. Telegram is free, unlike WhatsApp which charges a small fee after a year’s service. It is also ad-free.

Channels on Telegram allow a user to create a public broadcast and stream messages to unlimited numbers of users. It also lets users upload files up to 1.5 GB, including .doc files, videos, audio, etc.

The ability to share large files with an unlimited number of followers instantly would have appealed to IS, given its penchant for making slick propaganda videos. Plus, Telegram offers a secret chat feature where the messages are encrypted end-to-end, and destroyed after some time.

How is Telegram extra secure?

Since Edward Snowden’s revelations and the NSA spying scandal, Internet privacy has been extensively debated. The Telegram app is based on the company’s own MTProto protocol developed by Nikolai Durov, and offers, in the words of the company, “256-bit symmetric AES encryption, RSA 2048 encryption and Diffie-Hellman secure key exchange”. Some security experts have questioned whether MTProto protocol is really foolproof. Telegram insists it is, and has offered rewards of up to $ 300,000 to anyone who could hack the app, which has not happened so far.

Telegram says it has two types of encryption: server-client encryption is used in the normal cloud-based chat, and for secret chats, it adds client-to-client encryption — meaning the data can only be accessed from the device. In the secret chat mode, once you delete messages, they are also deleted from the other device. However, Telegram warns, if you have a rooted Android or jailbroken iOS device, the app’s security can be compromised if someone manages to access the root system of the device.

Given the use by terrorists, how desirable is encryption?

Encryption isn’t unique to Telegram; pretty much all web-based services — be it WhatsApp, Gmail, or your daily banking services etc. — use some form of encryption. Government agencies might be able to analyse this traffic, but they can’t decrypt the exact text — and have demanded a backdoor entry, i.e., access to the encryption keys to track down terrorists. Tech companies, however, say there is no scope for backdoor entries. Encryption exists not just to keep the government from snooping, but to also block out potential hackers and cybercriminals.

Then, there’s the argument that once you shut out terrorists from one app or network, they simply move on to another. There are ways to completely bypass government agencies via networks like Tor, so putting the entire blame on a few encrypted messaging apps would be to ignore the larger picture.

In the current scenario, where the world is increasingly moving online, debating the need for encryption doesn’t seem ideal.