back to article Telegram still won't hand over crypto keys it says it does not store

Secure messaging service Telegram says it will appeal a Russian Supreme Court order to hand over encryption keys to the Federal Security Service of the Russian Federation – the FSB. Last year, the company was fined a relatively paltry US$14,000 (800,000 roubles) for refusing to decrypt user messages. However, that wasn't the …

  1. ratfox

    Pretty courageous to stand up to a regime known for poisoning people they don't like.

    1. Voland's right hand Silver badge

      Can you stop repeating Boris shite

      Your comment is deliberately off topic and deliberately bringing the un-related Skripal case, but I will bite.

      Can you stop repeating Boris shite and tying the two cases together. Your comment is a good example how the UK press is following the propaganda line and brain washing everyone to think that Vlad cooks children on a neurotoxic gas burner and eats them for breakfast. I suggest perusing some sources alternative to the daily fail for both cases.

      There was an excellent interview with the ex-head of Toxicology at the Bulgarian Central Military Teaching Hospital on Bulgarian prime TV yesterday, I could not see all of it as I was in/out of conference calls but here is the summary order by the scale of "interesting" (not chronological). The guy interviewed has held the highest chemical weapon related clearance possible in both Warsaw pact and NATO. He knew what he was talking about (something none of the idiots we cart out does).

      1. It is not the first use of Novichok on NATO territory for an attempted assassination. This lovely character nearly got snuffed (sorry, in Bulgarian, there is no English version - the summary is Mob connected ex-security forces from soviet days politician of supposedly reddish persuasion). They got him in time and he is alive and kicking and still appearing on the BG political scene from time to time. The case was more than 10 years ago.

      2. The darling "inventor" (the one BBC, Faux, etc keep carting out) claims should be taken with a large pinch of salt (exactly as I said looking at the leaked formula a few days back). It is just yet another agricultural poison and:

      2.1. It was being tested in Uzbekistan exactly because that region gets at least 2-3 Biblical scale Locust outbreaks per year. It was also developed for that specific purpose.

      2.2. It is nowhere as dangerous as claimed, antidotes are known and Bulgaria's SoPharma was both manufacturing and exporting them in both Warsaw Pact days and later during NATO times.

      2.3. The "inventor" got his ticket abroad he can calm down now

      3. The whole thing smells fishy - they should be either out of coma or dead by now - this is based on him treating a case of attempted murder using this more than a decade ago.

      I am going to leave the fact that Julia has left a trail of Novichok at least 24 prior to the incident out of it as well as what does that potentially mean.

      So going back from off topic to the case at hand.

      A. There will be NO other decision until the case reaches the constitutional court. The law is actually against RF constitution which has an extension to their equivalent of the 4th amendment. The sanctity of communication privacy is an unalienable constitutional right over there. However, it is napoleonic law. Law says, court does. No interpretation of constitutionality as it is outside their remit.

      B. Durov is taking it all the way there and the results will be interesting.

      C. This is not the first time a similar case has been in the courts. Multiple previous cases of search orders against VK, mail.ru, etc have been contested, appealed and in all cases FSB has lost. All of the people to contest the order are pretty much alive which is not surprising. You do not get radioactive or neurotoxic tea if you piss off the FSB. You do get that (for sure too) if you double cross the mob including the one that lives in Kensington and Chelsea borough of Londongrad.

      D. If it was UK, Durov would be in jail already as there is no way to contest a RIPA warrant. Viva la democracy (as defined and exemplified by Josephina Vissarionovna May and Amber Yezhova).

      1. Anonymous Coward
        Anonymous Coward

        Re: Can you stop repeating Boris shite

        " and deliberately bringing the un-related Skripal case, but I will bite."

        Maybe he meant Litvinenko?

        Anon because want to stay alive.

        1. Voland's right hand Silver badge

          Re: Can you stop repeating Boris shite

          Maybe he meant Litvinenko?

          1. Anon will not help you if the denizens of Kensington and Chelsea decide you are in the way.

          2. Litvinenko's day job was preparing dossier (wtf is the plural) similar to the one about the Orange Baboon pissing on Russian hookers produced by Steele. The difference was that these were tied up to investment opportunities in Russia. He did the due diligence on these and most of them were in the 500M+ range. If you have spoiled something like this by producing graphic depictions of a boardroom orgy, being anonymous will not help you - I would not sell you life insurance. While there is some (not much) legit money in Russia now, 10+ years ago it was a mob state. Mob does not like being crossed. Did the mob work with the state or without is an open question. The inquiry never produced any public evidence besides the conjecture that only a state has access to radioactive materials (which is bulshit).

          1. Anonymous Coward
            Anonymous Coward

            Re: Can you stop repeating Boris shite

            "only a state has access to radioactive materials (which is bulshit)."

            So you think that any civilian can just wander into the military nuclear reactor facility in Russia that produces Polonium and remove it from the reactor, refine, prepare and transport it whilst staying alive? It's not exactly a common isotope.

        2. Anonymous Coward
          Anonymous Coward

          Re: Can you stop repeating Boris shite

          > Maybe he meant Litvinenko?

          Polonium-210 is just yet another agricultural poison and:

          2.1 It was being tested in Britain because that region has at least 2-3 political dissidents^H^H^H^H biblical locust outbreaks.

          1. This post has been deleted by its author

          2. Anonymous Coward
            Anonymous Coward

            Re: Can you stop repeating Boris shite

            "Polonium-210 is just yet another agricultural poison"

            Unless you have a garden in the middle of a functional nuclear reactor I think we can safely say that's utter bollocks. It's a very rare radioactive isotope.

            1. Yet Another Anonymous coward Silver badge

              Re: Can you stop repeating Boris shite

              "Polonium-210 is just yet another agricultural poison"

              Only way to get rid of moles ...

          3. ratfox
            Stop

            Re: Can you stop repeating Boris shite

            Polonium-210 is just yet another agricultural poison

            You know, for a lot of your tirade, I don't really know whether what you are saying is correct or incorrect. I admit it's not my domain of expertise. But if you are going to claim that Polonium-210 is routinely used in agriculture as an herbicide or insecticide, then let me go ahead and say that this part, right there, is complete bullshit.

      2. Anonymous Coward
        Anonymous Coward

        Re: Can you stop repeating Boris shite

        You are Putin's right hand and I claim my five pounds.

        Polonium 210 and Novochek nerve agents aren't something you can make in a backroom lab. You need advanced state-level resources to make them, and you can't store them for long either.

        Polonium's 138 days half-life means the sample must have been made in a reactor less than a year before putting it in the tea.

        Either Putin ordered these murders, or his organisation is so incompetent as to allow several people to steal his most rare and deadly toys at least twice.

        I do not believe that Putin is incompetent. Quite the contrary.

        1. Voland's right hand Silver badge

          Re: Can you stop repeating Boris shite

          Polonium 210

          Oh cut the crap. I worked for 4 years in molecular biology in the days when the only marking technologies were radioactive phosphorus (which has significantly shorter half-life than Po) and radioactive tritium. I have personally couriered traded phosphorus between labs in those days. Yes - I am happy to produce a written statement that it was not uncommon to transport enough radioactive phosphorus to snuff a small city on public transport in Eastern Europe. I am also happy to produce a similar statement on the trading in reagents and isotopes. If you ask any Mol Biol graduate from those parts and those days they will tell you the same. I wonder why... Steele never bothered to ask any of us - probably because it was not fitting his pre-determined conclusion.

          So as someone who has actually worked with isotopes THERE, I can sign under a written testimony that Steele's conjecture is utterly full of shit. Please do some work to the same extent then talk rubbish (I know - difficult now as most of these have been replaced by chemical markers, the tech is now obsolete).

          As far as Novichok - for reasons outside my control I did not finish my SECOND MSc in mol biol, but I did finish the FIRST which was chemistry and included phosphoroorganics in my MSc work. If you would have said this about VX, Sarin, Soman, Tabun - yes. I would have countersigned this.

          Those need state resources to synthesise because they will get through any crack in the apparatus and some of the reagents do not get along with glass very well.

          The key idea of Novichok is to make that unnecessary. It is specifically designed so that the reagents are relatively safe to synthesize, handle and can be made in any moderately advanced lab. Any of the mob labs in Russia which work on Spice, especially the ones which work on circumvention of their rather draft drug law and try new compounds can synthesize the compounds.

          1. Voland's right hand Silver badge

            Re: Can you stop repeating Boris shite

            If you ask any Mol Biol graduate

            Final addition - if you wanted Po it was used in material sciences. A couple of blocks down the road from where I did my MSc. They had a selection of alpha emitters. We were envious - they did not have our issue of the isotopes being good only for a week or two after they are out of the reactor as we did with Phosphorus. You are right - Po is useful for a few years.

            Not sure what they would have traded it for, but there is a very good saying in an Emil Costurica film about those days: "As our Bulgarian friends say, what cannot be bought with money can be bought with a lot of money".

            In any case - it is a moot question now as all of the labs which suffered from the great Eastern European recession are either closed or properly funded. So the trade in "stuff I need to get my work done" is dead and has been dead for nearly a decade.

            So I will repeat - Steele statement about Litvinenko and state only capabilities is full of shit. So full that even the Victorian wonders of shit transportation will fail to transport it.

            1. Anonymous Coward
              Anonymous Coward

              Re: Can you stop repeating Boris shite

              Do you know if the people are dead or in a coma?... or alive and giving information to authorities about what happened? Do you know what was found on CCTV? or on their person? or in communications made? or in communications intercepted in other places?... etc. No. Me either.

              To base your elaborate scientific "defence case" on the falibility of the BBC reporters opinions or what Boris or a Bulgarian said on TV is pretty pointless.

              Go watch some CSI or Sherlock, or play Fallout and wait for the bombs to drop.

          2. Anonymous Coward
            Anonymous Coward

            Re: Can you stop repeating Boris shite

            "Yes - I am happy to produce a written statement that it was not uncommon to transport enough radioactive phosphorus to snuff a small city on public transport in Eastern Europe. "

            Sure, but probably not Polonium. It's extremely rare and requires some effort to extract from reactors and refine into any substantive quantity.

          3. Brewster's Angle Grinder Silver badge

            Re: Can you stop repeating Boris shite

            "...I wonder why... Steele never bothered to ask any of us..."

            Could it be because, AFAIK, Steele had nothing to do with any of the investigations into Litvinenko or the Skripals?

            And, for what it's worth, here's a Russian expert with first-hand experience of novichok refuting your claims:

            Vil Mirzayanov, 83, said the chemical was too dangerous for anyone but a “high-level senior scientist” to handle and that even he – who worked for 30 years inside the secret military installation where novichok was developed and gained extensive personal experience in handling the agent – would not know how to weaponize it.

            1. Anonymous Coward
              Anonymous Coward

              Re: Can you stop repeating Boris shite

              even he wouldn't know how to weaponise it

              Hang on, I lost track here (v interesting discussion, btw, thanks). Is there a Novichok that is NOT weaponised? Is there an agricultural agent with that name that can be "amplified" in a lab to do more ugly work on larger vermin like humans?

          4. Andrew Norton

            Re: Can you stop repeating Boris shite

            which phosphorus was it? 32 or 33?

            I know 33 is preferred because it's much lower energy makes for better resolution, but 32 is cheaper.

            And lets see polonium 210 (the most common isotope) has an ionising energy of 5MeV

            P-33 1.27MeV, and 932 0.25MeV

            Of course, polonium is a massive emitter, unlike phosporus, which is probably why the LD50 for polonium is 1 microgram/person, while for phosphorus it's... 3 mg/kg for white, and a lot more for red (rats are 11mg/kg, while rabbits are 105mg/kg)

            So, a small city is 50,000. average person is what, 75kg? So, if I've done my maths right, thats about 35.5kg to manage a dose sufficient to kill HALF that population (statistically) Let's round it to 40 to kill most in the normal distribution curve.

            they have you carrying 40kg on the bus? Dude, you didn't "work in molecular biology", you "worked in low level courier work", maybe for a molecular biology client, although I doubt it.

            Alternatively, you're just blowing hot air because you think you know something, and you really don't.

        2. Charlie Clark Silver badge
          Facepalm

          Re: Can you stop repeating Boris shite

          Polonium 210 and Novochek nerve agents aren't something you can make in a backroom lab.

          Sounds like a bad case of false equivalence! The vast majority of chemical reagents can indeed cooked up in any half-decent lab; radioactivity isn't chemistry and shouldn't be compared with it as you need completely different equipment, but Po is only a couple of numbers on from Pb so synthesis should probably possible in a fairly small lab but still a lot more difficult than a simple chemistry lab.

          1. Anonymous Coward
            Anonymous Coward

            Re: Charlie Clark

            "[...] Po is only a couple of numbers on from Pb so synthesis should probably possible in a fairly small lab but still a lot more difficult than a simple chemistry lab."

            Yeah, Au is also only "a couple of numbers" away from Pb (1 more to be exact).

            Congratulations on having the same grasp of chemistry and physics as a medieval alchemist.

            You can't chemically synthesize Polonium. You either need to refine it from a laaaarge amount of resources, or have a reliable source of high-energy subatomic particles. Like, you know, a nuclear reactor.

            1. Charlie Clark Silver badge
              FAIL

              Re: Charlie Clark

              Congratulations on having the same grasp of chemistry and physics as a medieval alchemist.

              S-level, since you ask, but a long time ago. Alpha sources aren't too hard to get, but targetting nuclei and getting reliable changes (relying on quantum effects) are why this isn't comparable with chemistry.

              Au is also only "a couple of numbers" away from Pb

              Au is 79, Pb is 82 for a start for that kind of transmutation you also want a stable isotope. IIRC Pt (78) to Au has been demostrated but seeing as platinium is rarer and more expensive than gold… Back to school for you, laddie!

      3. Anonymous Coward
        Anonymous Coward

        Re: Can you stop repeating Boris shite

        I would have read your comment but there's no time!

      4. Voland's right hand Silver badge

        Re: Can you stop repeating Boris shite

        A couple of more things - I found a couple of transcripts of the interview which I did not see in full. Sorry not in English and most of them are way too abridged: Like this one

        The summary including bits I did not see as I was in/out of meetings:

        1. The discovery date is not what the professor we cart out claims - it is back to the early 1970-es. The politically persecuted media darling we cart out when we need an expert opinion improved stuff around the synthesis and binary compound generation. He did not invent it (interesting...).

        2. Samples were available in the Eastern block way before the dates floated so far (!?!). I did not see this bit so I cannot tell if this includes the synthesis improvements produced by the media darling emigre or just the raw compound.

        3. There is a correction to the Brigo Asparuhov poisonining - he used that as an example of toxicology doing its job. It is not 100% proven what was in the cocktail he got besides the "carrier" which was CCl4. He did get deep-sixed pretty bad though - it is 1992 so pre-internet.

      5. Anonymous Coward
        Anonymous Coward

        Re: Can you stop repeating Boris shite

        @ Vorlands right hand:

        Perhaps you could explain something to me. When the official Russian media says:-

        Mr Kleimenov said he had advice to for any “traitors or those who simply hate their country in their free time”: “Don’t choose Britain as a place to live.”

        He added: “Something is wrong there. Maybe it’s the climate, but in recent years there have been too many strange incidents with grave outcomes there.”

        Are these the strange incidents with grave outcomes referred to:-

        https://www.buzzfeed.com/heidiblake/from-russia-with-blood-14-suspected-hits-on-british-soil?utm_term=.tv8kpwaoVd#.rqrmW1Z8JK

        And is it the official line that this entire situation is related or unrelated to the Russian law in 2006 permitting extrajudicial assassinations? (http://news.bbc.co.uk/1/hi/world/europe/6188658.stm)

        1. wolfetone Silver badge

          @AC via Vorlands Right Hand

          The first link is interesting, because (if you are to believe it) the Russians are bumping off anyone they don't like and it's all very strange, cloak and dagger type of arrangement. So would the Salsbury spy case be cloak and dagger? No, if it was an assasination its very messy and leaves so much evidence that it would be traced back to the person who ordered it. So the two instances are light years apart.

          The second link is also interesting, as it's exactly the same law the UK have when it comes to defending itself from extremism. We're regularly sending drones to the Middle East to blow up "targets", and those are only the ones we know about. Do you think that the UK is prim and proper enough to be clear about who they're targetting and snuffing out? Are they bollocks.

          Also, for the record, doesn't it strike anyone as odd that Salisbury wasn't closed down if it was a suspected chemical attack? There's an army barracks not that far away from there, it would've been closed and locked down fairly quickly. And isn't it odd that the next day Porton Down gets £45 million in the wake of this event, a facility which is only 20 minutes away from where the event took place? And we're suddenly vacinating the army for anthrax when it was - aparently - another agent?

          While all the time, might I add, there's actually no clear conclusive proof that the Russians did do it. Only conjecture and hearsay.

          15 years ago the UK went to war in Iraq on the back of a dossier which came out at a time of hubris and conjecture which we have now found to be total bullshit. Yet here we are, 15 years later, doing the exact same thing.

          Cop yourselves on, all of you.

          1. John H Woods Silver badge

            Re: @AC via Vorlands Right Hand

            "While all the time, might I add, there's actually no clear conclusive proof that the Russians did do it. Only conjecture and hearsay." --- wolfetone

            False dichotomy. There's a whole spectrum between conclusive and hearsay. The evidence suggests that it was probably the Russian state, but it might not have been. But it is odd how those who don't think there is enough evidence that Russia did it are suggesting it might be a false flag. There's even less evidence for that and I would suggest the threshold for such an extraordinary claim should be higher in any case.

            1. wolfetone Silver badge

              @John H Woods

              "False dichotomy. There's a whole spectrum between conclusive and hearsay. The evidence suggests that it was probably the Russian state, but it might not have been. But it is odd how those who don't think there is enough evidence that Russia did it are suggesting it might be a false flag. There's even less evidence for that and I would suggest the threshold for such an extraordinary claim should be higher in any case."

              Wars have been started over less, so I wouldn't say it's a false dichotomy. It's called taking a balanced approach without letting prejudice cloud judgements.

              But who am I to get in the way of you and your wanton lust for a nuclear winter.

            2. Adrian 4

              Re: @AC via Vorlands Right Hand

              Which evidence ?

              We only have hearsay, and it's from the mouths of proven liars - Putin, May, Boris et al.

              You can look at circumstantial evidence if you like :

              Russia may have had a grudge against the people in question

              The UK may have had no further use for the people in question

              The poison (identified by hearsay) may have been used by Russians

              The poison was allegedly identified by a secret government chemical weapons establishment nearby

              The secret weapons establishment couldn't have identified it without having some themselves

              Putin has recently shown a liking for trolling other states by e.g. sending warships on exercises

              The British government is in deep trouble over exit from the EU and desperately needs a distraction

              May hasn't had her own war like all the other recent PMs and perhaps feels she deserves one

              But they're all exactly that : circumstantial. Choose the ones your prejudices support and make up whatever story fits them.

            3. Jason Bloomberg Silver badge
              Black Helicopters

              Re: @AC via Vorlands Right Hand

              The evidence suggests that it was probably the Russian state

              What evidence? We have all seen what we have been shown, have heard what we have been told, but I don't see any actual "evidence" so far.

              Heck, I haven't even seen any proof Skripal was attacked, is in hospital with his daughter.

              I am not saying it is all lies, entirely fabricated, but, if it were, it would be hard to tell the difference.

      6. Anonymous Coward
        Anonymous Coward

        Re: Can you stop repeating Boris shite

        Maybe he read the Red Sparrow trilogy?

      7. Charlie Clark Silver badge

        Re: Can you stop repeating Boris shite

        everyone to think that Vlad cooks children on a neurotoxic gas burner and eats them for breakfast.

        While I agree in general with your arguments, it also needs to be said that the Kremlin does have an almost zero tolerance policy on dissent and imposes interesting sanctions as and when it seems appropriate. In this sense it's not that different to the CIA… But, warzones apart, neither tend to favour indiscriminate killings which carry the risk of significant collateral damage because of the potential blowback. Of course, the FSB has since had a lot of fun muddying the water thanks particularly to BoJo's inept handling of the situation.

        Russia is a failed start inasmuch as it's difficult to differentiate between the mob and the government. So, even if the FSB wasn't behind the Skripal assasination attempt, it could still have been requested by above with the task given to the Chechen thugs.

      8. x 7

        Re: Can you stop repeating Boris shite

        .................1. It is not the first use of Novichok on NATO territory for an attempted assassination. This lovely character nearly got snuffed (sorry, in Bulgarian, there is no English version - the summary is Mob connected ex-security forces from soviet days politician of supposedly reddish persuasion). They got him in time and he is alive and kicking and still appearing on the BG political scene from time to time. The case was more than 10 years ago..........................

        There's nothing on that Wiki link which mentions any kind of poisoning or attack.

        You seem to be making things up again........

    2. wolfetone Silver badge

      "Pretty courageous to stand up to a regime known for poisoning people they don't like."

      Fuck off to the Daily Fail with that shite.

    3. Dieter Haussmann

      By poisoned you mean the late weapons inspector Dr David Kelly?

    4. sisk

      I dunno. If they truly don't have the keys then they've got little choice but to stand up to that regime. It's not really courage so much as "what other choice do they have".

      Still, good on them for making sure they're not able to betray their users.

    5. Degenerate Scumbag

      Courage doesn't really come into it. The order is impossible to comply with. They do not have the keys.

      1. no_handle_yet

        Thanks.....

        ..... for reminding me what the article was about. I'd forgotten by the time I reached your comment.

  2. fedoraman

    What about WhatsApp et. al?

    Can we assume that other messaging service providers were similarly approached, and provided keys to the FSB?

    1. Anonymous Coward
      Anonymous Coward

      Re: What about WhatsApp, et al?

      WhatzAppbout them?

      All their data already belong to us: Everyone has a secret or something they care about, somewhere.

      The only way around it is to do a Satashi Nakamoto, straight into the nearest unstable sun. (Unless he belongs to us too, and is in a labour camp somewhere).

    2. Voland's right hand Silver badge

      Re: What about WhatsApp et. al?

      If it is at the moment it is not the the law discussed on el reg - it is a legal intercept court order.

      The one referred to by el reg in the article is different. It was drafted by the Nemtcov ex-cheerleeder bimbo who went all patriotic the moment she "stopped being fresh enough" to grace Nemtcov's presence (Shakespeare is right, there is no wrath as woman scorned). So she has now swallowed Stalin and is located in the political spectrum somewhere right of Atilla the Hun.

      THAT LAW goes into force 1st of July 2018. We are not there yet. Once it is in force, it will have to be contested separately as it is against their constitution. And it will.

    3. Charlie Clark Silver badge

      Re: What about WhatsApp et. al?

      Depends a bit on the kind of chats: WhatsApp adopted the Signal Protocol for end-to-end "secret conversations" (as have Allo and more recently WhatsApp). In this case there are no keys to hand over as they are on the devices themselves only. However, this isn't the case with standard or group chats.

      Going after the keys, however, is generally a red herring. The spooks are generally happy to find out who was talking with whom and when. Going after encryption is a bit of red meat to wave at the base clamouring for "something to be done".

    4. LucreLout

      Re: What about WhatsApp et. al?

      Can we assume that other messaging service providers were similarly approached, and provided keys to the FSB?

      No need. WhatsApp is owned by Farcebook, and apparently everyone has access to their data already.

    5. Velv
      Boffin

      Re: What about WhatsApp et. al?

      The FSB may have approached lots of companies and lots of people. Whether they gave up keys or not is unknown.

      However since Telegram was founded by Russian brothers (who potentially still have family in Russia), and Telegram allegedly has offices in St Petersburg it is possible the FSB has more leverage over Telegram than the others (which doesn't in any way impact the technical ability for Telegram to hand over keys it doesn't have).

      1. Dan 55 Silver badge

        Re: What about WhatsApp et. al?

        Since Telegram's encryption is flawed, it probably doesn't matter anyway.

        WhatsApp's two-way and group chats are e2e encrypted now although if you want privacy it's probably best to turn off the non-encrypted database backup to Google Drive.

      2. Voland's right hand Silver badge

        Re: What about WhatsApp et. al?

        Whether they gave up keys or not is unknown.

        Two different cases. A request for keys prior to Yarova law has to go through court and be accompanied by a court order. The law which says you have to give you keys to FSB directly without a court order will be fully on the books on the 1st of July..

        The request by FSB is dated 19th of July 2016. It was done right after the law which entitles them to the keys (similar to UK RIPA) was voted for, but before the law came into force. It actually came into force on the 20th. So actually, as the law is not retrospective Durov has an excellent case. Once this gets to the constitutional court he will win hands down (only to get a fresh request with which he will have to comply or fight again in court).

        The law in question is the so called Yarova(*) law - https://ru.wikipedia.org/wiki/%D0%97%D0%B0%D0%BA%D0%BE%D0%BD_%D0%AF%D1%80%D0%BE%D0%B2%D0%BE%D0%B9

        It is literally what Amber Rudd is advocating for to the letter. Someone has copied someone's else homework and is not confessing to being a plagiarist.

        Coming back to unknown - it is known. Everyone who is not shut down has complied with requests after the 20th of July 2016. To put it simply FSB f***ed up this one. They were too busy celebrating their win.

        There is an even more interesting twist here. The FSB asks for the keys, but DOES NOT ASK for the content of the messages. That is subject to a separate request based on mandatory data retention requirements (similar to the ones which are in force in UK and most of the Eu) and has to be specific to messages/subjects/etc. So this is not even a blanket decryption request. From that perspective, Amber is asking for much more - she has improved while copying Yarova's homework.

        (*)This bimbo is quite a character. She went from one of the long legged Nemtsov opposition cheerleaders to something that will give Paul Dacre a boner - way right of Atilla the Hun and to the right of most of Putin's party. Did she beyond simply cheerleading and looking pretty next to Nemtsov we will never know, but IMHO it carries all the tell tale signs of " Heaven has no rage like love to hatred turned/Nor hell a fury like a woman scorned" (I know, not Shakespear, Congreve)

  3. John Smith 19 Gold badge
    Unhappy

    Now we see how good the development *really* is.

    If done right and they lose the case they simply tell the FSB

    1) Here is the algorithm we use to encrypt the data.

    2) As you see we don't have to hold the decryption keys.

    3) Nor do we hold the decryption keys.

    4) Here are the copies (if they exist) of the messages you requested.

    Because if these guys are for real it's the FSB that's f**ked, not them.

    1. phuzz Silver badge
      Big Brother

      Re: Now we see how good the development *really* is.

      A better defence would be to invent some encryption keys and a "decryption program" which produces plausible plain text.

      When the government asks for something, "it's impossible" is not an answer that will keep you out of prison.

    2. Voland's right hand Silver badge

      Re: Now we see how good the development *really* is.

      4) Here are the copies (if they exist) of the messages you requested.

      4 does not play. The messages are stored with the provider and are requested separately when needed at a later date. Read the law - I missed that in first reading (it is a set of amendments so it is easy to lose the plot of what is the final statute). The service provide is only obliged to provide keys for escrow to be stored. Nothing else.

      One of the reasons Russian provider arguments were defeated during the legal review (they challenged the law) is exactly that - they were purely economical as they now had to keep 6+ months of all interesting traffic.

      I hate to spoil the party but this is significantly less draconian than what FBI, Amber Rudd and their like want. It is a form of escrow, not a form of blanket decryption "gimme a backdoor of my own".

  4. Charlie Clark Silver badge
    Headmaster

    Less copy & paste, please

    it will appeal a Russian Supreme Court order

    Appeal is intranstiive so can we please have a for or against? Is this really too much to ask? Do you guys ever read the copy your write? Or is life on the El Reg slave galley too taxing?

  5. I Am Spartacus
    Black Helicopters

    Encrypted Communications V The Law

    This, along with the Cambridge Analytica use of ProtonMail raises the question about where the responsibility for key management lies. There are various apps that allow end-to-end encryption, where the communication provider has no knowledge of the key.

    In the simplest form, this could be a one time pad encrypting a message sent by post. The postal service is the conduit but has no ability to read the message. All they can do is make a copy and pass it on. This has existed in one form or another for at least 2,000 years.

    Fast forward to today: Now we have services that use PKE to encrypt the message. This has been the case since Phil Zimmerman released PGP in 1991 and faced serious amounts of detention for it. If the sender is careful, then not even they have a copy of the mail and can't decode it (assuming they expect the police raid and store no copies of the plain text). Only the recipient has access to the key needed to decrypt. The use of various trap-door algorithms that form the basis of PKE rely on the fact that we believe that the choice of a suitably long key renders the time to decrypt the message longer than the message validity life time. With ProtonMail, the service provider acts a a transport hub, but can't read the message, even if subpoenaed.

    Fast forward again: How long until we have a viable quantum computer that can handle a large number of PKE messages and read the plaintext? Then no-one will know who has read what messages.

    So the arms race progresses. Now we will move to harder encryption: say TwoFish or AES. These are not, we believe, subject to quantum crypt analysis. I have to say believe, because that might be what they want us to think, right? What better way to handle cracking seriously hard encryptions by the security services than the classic double bluff: "Oh yes, we have cracked xyz encryption, but abc is still hard" when in fact the opposite is true!

    Next stage: Quantum resistant versions of PKE, eg McEliece or its like. Lattice based cryptography. The cost of encryption is dropping as computers get more powerful and we have GPUs to help. We also have high speed comms networks, so the fact that it takes a long time to encrypt a message and the key is in the 4MByte size is not really a problem.

    So what does the legal system do now? Seriously, what do they do? They can legislate all they want and make it the senders responsibility to provide the keys, but it does not take a genius to work out ways for the keys themselves to be distributed, used and destroyed making the sender unable to provide the key. And that assumes the sender is in a jurisdiction that is favourable to such legal frameworks.

    I am a systems programmer. I have made plans for a multikey quantum resistant message exchange that would permit plausible deniability of knowledge of the keys. I know I could do this using what be believe are trusted methods (no, I am not going to be foolish enough to crate my own encryption, thank you). With multiple encryptions and the addition of noise in the encrypted message, it would be very hard to decrypt, even with a quantum cryptanalyis system.

    Random Noise? Can it be random? Yes it can:

    https://www.popularmechanics.com/technology/security/news/a28921/lava-lamp-security-cloudflare/

    Got to stop here - I can see the black helicopters circling and there are men in the garden who must be really cold - they are putting on balaclavas.

    1. Charlie Clark Silver badge

      Re: Encrypted Communications V The Law

      Encryption is the smoke that the politicians use for a more egregious power grab such as rolling back civil rights so that it becomes a criminal offence not to provide all necessary assistance: password, etc.

      The "crooks" will continue not to comply but that is, legally speaking, less of a problem when you can introduce the police state and enforce general compliance.

  6. Anonymous Coward
    Anonymous Coward

    FSB's demand was “not technically feasible”.

    pretty lame defense in Russia, given their proud history of ignoring feasible... That said, the minor issue of feasibility (carry on regardless) isn't exactly unknown to the brilliant mind of UK's democratic leaders, aka gimme encryption keys!

  7. Anonymous Coward
    Anonymous Coward

    WhatsApp Cleaner

    All the Ruskies need to do is develop an Android app that can access all the users messages BEFORE they are encrypted by claiming the app is an "Antivirus/Cleaner" app that has full access to the users protected storage.

    And while they're at it, they can toss in the Facebook Graph API to slurp up the users social media data.

    There are plenty of apps like this already on the Google Play Store.

    An example of one of the many is the "DFNDR" app that has a "WhatsApp Cleaner" which is from a company out of Brazil.

    Interesting to note that Brazil recently allowed their politicians to use social media data and is trying hard to distance themselves from Cambridge Analytica.

    [DISCLAIMER] These are just my thoughts, opinions and observations only and I in no way claim that the DFNDR app is involved in anything nefarious whatsoever....(the app only came to mind after I received a fake virus warning linking to the app on the Play Store)

  8. Sam Liddicott

    They keys are online

    The keys can be found in the library of babel. https://libraryofbabel.info/ just point FSB to that.

    (Probably equivalent to paying a fine in pennies)

  9. Anonymous Coward
    Anonymous Coward

    Why are they picking on Telegram?

    Is it because the founder is Russian, they expect him to play ball? Sounds like he's the type that if he was made to do something that would compromise security he'd make sure everyone knew, or shut down the service entirely. So the FSB wouldn't be helped by this, since everyone would switch to other messaging apps that the FSB has no leverage over.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like