Russia’s Supreme Court has ordered popular internet messenger service Telegram to hand over encryption keys to its clients’ traffic to the Federal Security Service (FSB) without court warrants.
In the lawsuit, which bears some resemblance to the famous 2016 Apple-FBI encryption case, the London-registered company Telegram Messenger LLP demanded that the FSB order be recognized as unlawful and cancelled.
In July 2016, the FSB demanded that Telegram sign a document to hand over encryption keys that would give security agents access to data exchanges on six telephones that used the messenger service.
Telegram managers refused to sign the paper and the FSB took the case to court, which ordered Telegram to be fined 800,000 roubles (about $14,000).
Telegram replied with a counter-suit against the FSB in which it said that the order to give up the encryption keys was signed one day before the Law on Information that gives the FSB such powers came into force. The FSB argued that the order came into effect one month after the signing date and therefore cannot be considered unlawful.
FSB representatives also noted the earlier case in which the Supreme Court ruled that the constitutional right for secrecy of correspondence should not be extended to internet messages as there was no way to ensure that the staff of internet companies had no access to user data. At the same time, the agency’s lawyers said it would demand access only to the messages of particular suspects, not to big data allowing the analysis of user groups.
On Tuesday, the judge of the Russian Supreme Court Collegium for Civil Cases took the FSB’s side in the argument and ordered the Telegram lawsuit to be rejected. The internet messenger promised to contest the ruling.
Also on Tuesday, Russian internet watchdog Roskomnadzor officially warned Telegram that unless it complies with the FSB and the court’s orders, its work on Russian territory could be blocked.
“Threats to block Telegram unless it gives up private data of its users won't bear fruit. Telegram will stand for freedom and privacy,” Telegram founder Pavel Durov tweeted.
Threats to block Telegram unless it gives up private data of its users won't bear fruit. Telegram will stand for freedom and privacy.
— Pavel Durov (@durov) March 20, 2018
The package of bills that regulates the data exchange between the Russian security services and internet companies was signed by President Vladimir Putin in early July 2016. The authors of the draft described it as a response to the 2015 bombing of a Russian passenger jet in Egypt and the terrorist attacks in Paris.
The new law obliges communication companies, including internet providers, to keep information about their clients’ data traffic for three years (one year for messengers and social networks) and also to keep actual records of phone calls, messages and transferred files for six months.
The bill also requires communications companies to hand over encryption keys to state security agencies on demand, allowing them to read encrypted data. Non-compliance could cost companies between 800,000 and 1 million roubles ($14,000 – $17,500) in fines.