Indian intelligence services are “closely following” the progress of Russia’s ongoing effort to shut encrypted messaging giant Telegram, a senior government official has told Business Standard. The move comes amid mounting concerns in India over the use of encrypted messaging services by criminal organisations and terrorists -but also about illegal surveillance by the government.
Last week, Russia’s top court granted a request by the country’s federal security service, the FSB, to block Telegram after it declined to decrypt messages sent by an individual involved in the St Petersburg metro bombing on April 3, 2017. Sixteen people were killed, including the perpetrator, and another 64 people were injured in the jihadist attack.
“There is a great deal of interest in the law enforcement and intelligence community across the world on Russia’s course of action,” the official said. “No one wants coercive measures, but we hope this will prove the tipping point which compels internet firms to begin to address our concerns.”
Indian intelligence services, including the Intelligence Bureau, Research and Analysis Wing, and the National Technical Research Organisation, have long lobbied the government to enable greater access to internet user data, as well as encryption technologies used by services such as WhatsApp, Telegram, Wire and Signal.
Frustrated Kashmir district authorities have gone further, saying WhatsApp group administrators will be “responsible for all the posts on their groups & for any irresponsible remarks”.
The Russian experiment, if successful, could give new life to the Government of India’s own efforts to place restrictions on encrypted communication technologies, which stalled after criticism forced the withdrawal of the National Encryption Policy in 2015.
Roskomnadzor, Russia’s communication networks regulator, has now told mobile networks to block access to Telegram. In addition, Roskomnadzor has blocked an estimated two million internet addresses linked to Amazon and Google, whose digital infrastructure is used by Telegram to run its services. Banks, businesses and voice-over-internet service companies using Amazon or Google infrastructure have been hit as a result.
Earlier, similar action forced Amazon to ask Zello – popular with political protestors in Ukraine, Turkey and Hong Kong – to end its use of their infrastructure.
Telegram’s founder, Pavel Durov – known to be critical of Russian president Vladimir Putin – has vowed not to buckle. Durov claims traffic from Russia, home to about 10 per cent of Telegram’s users, has not declined, with users turning to virtual private networks and proxy servers to evade the government’s action.
Last year, Durov claimed that US intelligence agencies tried to bribe the company’s developers to weaken Telegram’s encryption or install a backdoor that would allow user data to be compromised.
British Prime Minister Teresa May lashed out at encrypted messaging apps in a speech delivered this summer, saying “companies simply cannot stand by while their platforms are used to facilitate child abuse, modern slavery or the spreading of terrorist and extremist content”. Iran has, in the wake of the Russian experiment, also vowed to shut down Telegram and replace it with a home-grown alternative.
Telegram has been increasingly used by jihadists and other religious extremists for spreading online propaganda amidst – unproven – online fears that competitor WhatsApp may be sharing user data with its owner, Facebook, and allegations that user data could be vulnerable to attack by governments.
In turn, Telegram’s security – built around an in-house encryption protocol – has also been challenged by some experts. In 2016, the Committee to Protect Journalists and the Electronic Frontier Foundation recommended against using Telegram, criticising “its lack of end-to-end encryption [by default] and its use of non-standard MTProto encryption protocol”.
Like millions across the world, Indians have increasingly turned to these apps, as well as newer platforms like Wire and Signal, fearing intrusion by intelligence services operating without lawful authority. The encrypted calling capabilities of such software is particularly attractive to citizens who fear unlawful espionage by the state or business competitors.
Since 2014, India is known to have been operating NeTrA – a domestically-made system capable of harvesting and automatically analysing an estimated 300 terabytes of internet data each day – a small part of the 100-odd petabytes of traffic generated in the country.
However, NeTrA is believed not to have the capacity to decrypt highly-encrypted communications, leading intelligence services to call for restrictions to companies unwilling to cooperate with law enforcement.
India’s government does not release figures on domestic surveillance, but law enforcement requests for user data from Google have grown year-on-year since 2009, rising to 4,449 in the six months from July to December, 2017. In the previous six-month period, India made 3,836 requests for the disclosure of user data.
Google’s data shows the firm has acceded to half or more of these requests in most years.
New challenges for law enforcement seeking e-mail have emerged from firms like ProtonMail AG, which under Swiss law, can only turn over user data if it receives a request from a court in that country.
ProtonMail, moreover, can only hand over the text of encrypted messages, since its technology ensures the firm does not have the ability to decrypt user messages.