According to an investigation by German platform Spiegel, instant messaging platform Telegram has handed over information from its users to Germany’s Federal Criminal Police Office (BKA) in multiple cases involving terrorist activities and child abuse.
The report notes that, while it is still difficult to obtain access orders for this information, at least since 2018 Telegram has been adopting measures to comply with the legal provisions of some governments in the West, willing to share IP addresses and telephone numbers when required by a court.
These changes can even be seen in the application’s usage policies. In the section “WHO YOUR PERSONAL DATA MAY BE SHARED WITH”, Telegram shares some details about this possible scenario: “If Telegram receives a court order confirming that you are suspected of terrorism, we may disclose your IP address and phone number to the relevant authorities. So far, this has never happened. When it happens, we will include it in a semi-annual transparency report published in https://t.me/transparency.”
While this is a valid cause for the deployment of intelligence tasks, it is known that governments around the world have always used counterterrorism policies to validate the implementation of invasive measures.
The German government itself already carries out some surveillance tasks on opposition groups and civil interest groups. Recently, a German court had to order the state intelligence agency BfV to halt its investigations into the Alternative for Germany (AfD) party, a right-wing political group that opposes immigration, among other ultra-nationalist measures.
In addition, the governments of the United States and Canada have been deploying mass surveillance tasks for years under the pretext of combating terrorist activities.
In this regard, Telegram published a message endorsing its commitment to protecting the confidential information and conversations of its users: “Secret chats on the platform use end-to-end encryption, so we do not have any data to reveal.” Still, it’s important to mention that Telegram doesn’t use end-to-end encryption by default.
To safeguard unprotected data with end-to-end encryption, Telegram uses a distributed infrastructure; Cloud chat data is stored in various data centers around the world that are controlled by different legal entities across multiple jurisdictions. The relevant decryption keys are divided into parts and never stored in the same place as the data, so interested parties would require several court orders to force Telegram to share this information.
Telegram considers that this structure simply makes it impossible for government agencies to access the confidential records of their users, although it has always been specified that the platform may be forced to hand over data only in sufficiently serious and relevant cases at the multinational level. Still, there are no known examples of what Telegram considers important enough to pass the scrutiny of the legal systems that safeguard its privacy structure.
Is Telegram even a good choice?
Although the idea of the general public is that Telegram represents a safer option than platforms such as WhatsApp or Facebook Messenger, this is not an idea shared by many experts. Moxie Marlinspike, the developer of the encrypted messaging service Signal, has become one of Telegram’s harshest critics: “I’m surprised that the media refers to Telegram as an encrypted messaging service; Telegram has a lot of attractive features, but there’s no worse option in terms of privacy and data collection.”
According to Marlinspike, Telegram stores on its servers all contacts, groups, media, and plain text messages that users have sent: “Almost everything we can see in the app, Telegram can see it too,” adds the developer.
For the expert, this false perception of privacy comes from a misinterpretation of the “secret chat” function, conversations that are protected with end-to-end encryption although with technology at least questionable. Other platforms like Facebook Messenger or Instagram chat also have secret chat features or expired messages, and they don’t store users’ files on their servers.
In conclusion, Telegram is a good choice in the world of instant messaging, although users should not assume that no one can access their conversations, photos, videos, and documents sent through this platform.
Feel free to access the International Institute of Cyber Security (IICS) websites to learn more about information security risks, malware variants, vulnerabilities, and information technologies.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.