Telegram from Russia: compliance and complicity in the Russian government’s attack on privacy

Telegram from Russia: compliance, & complicity in the Russian government’s attack on privacy

If you operate an internet company in Russia, you aren’t necessarily surprised to one day open the door to someone, grasping in one hand a bundle of wires and in the other a letter from a government agency demanding access to your servers, with a black box wedged under one arm.

Internet companies in Russia are required by law to store the content of users’ communications for six months and the metadata of users’ communications for three years, essentially meaning that what a person does online, can be monitored, recorded, stored, and made available for analysis and access by the security services, for years. Internet companies operating in the country are also required by law to store Russian’s data within the country’s borders – giving security services easy access to the servers holding this data – and to comply with government requests for access to the communications of users held on these servers.

For companies that choose neither to store user data in Russia, nor store decryption keys (by using, for example, end-to-end encryption which makes the content of messages unavailable to the provider itself), Roskomnadzor reacts by taking a series of bullish steps aimed at blocking access to companies’ services completely.

In the case of one such provider, Telegram, Roskomnadzor has been conscripting the services of the big tech companies which own the internet’s major underlying infrastructure. Last month, Roskomnadzor tried to block access to the encrypted messaging platform by asking Russian internet service providers to block specific IP addresses, resulting in Telegram turning in part to servers run by US-based Google and Amazon. As a result, Roskomnadzor took the drastic step of blocking entire ‘subnets’ which the services used, effectively blocking 15.8 million IP addresses also used on the service, resulting in a slew of websites and digital services being taken offline across Russia. Since then, Amazon and Google have both taken the decision to ban the practice of ‘domain fronting’ on their services, a technique that has been used by end-to-end messaging app providers such as Telegram and Signal to avoid state censorship in countries such as Egypt, Iran, and Russia.

In a 2017 interview at the Chicago Humanities Festival, Russian journalist Andrei Soldatov, explained that censorship in Soviet Union was about preventing people from accessing information – by using jamming stations, disabling frequencies on radio sets, and cutting off access to Western newspapers. But today, he said, people can buy an online subscription to the Washington Post and have access to information online that goes against the state’s talking points.

The censorship today is about preventing people from talking about sensitive issues, and destroying the spaces where genuine, free, and open conversation can occur online.

Reactions to the block have ranged from anger and frustration to active circumvention. By blocking Telegram, the ability to send end-to-end encrypted messages becomes far more difficult. Immediately after the block began, people took to the streets in protest. People made and flew paper airplanes, the application’s logo, and stood in solidarity with what the app offered – a secure space to have meaningful discussion.

A major reason for Telegram’s popularity is its channel feature, which allows users to create member-based micro-blogs. People join a user’s channel similar to how they would follow a user on Instagram or Twitter. But because channels are member-based, they provide a private space to have conversation with like-minded people. Channels are used in a variety of ways by brands and companies, families, entrepreneurs, celebrities, media, and government officials to communicate directly with members, answer questions, and have private discussions. Blocking Telegram has resulted in channels no longer being accessible to most people, as well as the bizarre spectacle of members of the State Duma publicly suggesting ways to get around the censorship.

Shortly after Telegram was blocked, State Duma member Natalia Kostenko posted online:

“Dear friends, please do not contact me on Telegram. I am not receiving your messages there. Use other communications channels to contact me.” Coming to her quick aid, was Prime Minister Dmitry Medvedev’s long-time spokesperson Natalia Timakova, saying “Use a VPN! It’s simple. Yes, and works almost all the time.”

 

chat-image

Image credit: Alexey Kovalev, Managing Editor at codaru.com

 

Timakova later clarified that she was just “trolling” Kostenko.

But VPN usage in Russia has spiked. As a consequence of Roskomnadzor’s request to block entire IP subnets, a vast number of websites essential to daily life remain blocked and are only accessible by using a VPN.

Blocking applications that allow secure spaces isn’t new in Russia – and other countries around the world are becoming increasingly hostile to these secure spaces every day through rhetoric and regulation.

At a time when big tech companies make billions from their users’ data, they have a duty to protect it.

Some companies have offered off-the-record assurances that they will not comply with Roskomnadzor’s requests, but have simultaneously attended high-level meetings with Russian officials, to ameliorate questions around compliance. This approach has led to those who depend on the security provided by end-to-end encrypted messaging left not knowing if a company has decided to bow to the Russian government’s pressure. This not knowing leaves one with a vague sense of uneasiness, about who might be listening or accessing private conversations.

Unfortunately, this sense of uneasiness quickly chills open and free communication, especially conversation around sensitive issues. And this chill could achieve exactly what the Russian government aims for in blocking websites and applications like Telegram. Even if they fail to actually block the service, this sense of not knowing permeates private spaces and destroys them.

Water does find its way and people are still finding ways to use the service. According to Alexey Kovalev, who is the Managing Editor at codaru.com, after the block was announced, Telegram sent users a push notification which connected the app to a proxy server, helping to avoid the censorship. There are reports of activists setting up their own proxies for the application. And VPNs are being used, despite their formal ban.

But big tech companies such as Amazon, Apple, Google, and other large companies operating in Russia, need to stand up for their Russian users. With Amazon and Google both now blocking domain fronting, many secure messaging services will find it difficult to continue to circumvent censorship in countries around the world where people rely on access to messaging secure from arbitrary monitoring.

Private space is essential to every society. And in a country with a government determined to eliminate all forms of private space, companies must consider more than their bottom line.