> not being able to decrypt chats that he has no keys for…
Except he (or his corporation) has keys for almost all initiated chats on the Telegram network. Only the private chats are E2EE and they're not default and rather inconvenient because they don't sync between devices (unlike Signal's E2EE chats).
> To protect the data that is not covered by end-to-end encryption, Telegram uses a distributed infrastructure. Cloud chat data is stored in multiple data centers around the globe that are controlled by different legal entities spread across different jurisdictions. The relevant decryption keys are split into parts and are never kept in the same place as the data they protect. As a result, several court orders from different jurisdictions are required to force us to give up any data.
> Thanks to this structure, we can ensure that no single government or block of like-minded countries can intrude on people's privacy and freedom of expression. Telegram can be forced to give up data only if an issue is grave and universal enough to pass the scrutiny of several different legal systems around the world.
That's a system put in place against the legal system but it's not a technical limitation. For example, he will be able to look into the chats of his ex without the need of court orders of multiple unfriendly countries proving that the situation is grave and universal one.
When the limitation is not technical, your only guarantee is the integrity of the operators and the lack of interest of your attackers coercing the operators into spying on you.
In Telegram's case one could easily assume that the Russians and now the French said him "Nice fortune you built, you are very successful person with a long life to live ahead. It would be a shame if you lose your fortune or spent your days locked in a room instead of flying on a private jet to Ibiza"
Funny thing is that now Russia says they France needs to guarantee access to the Russian embassy for him (not really sure if he wants that). But wikipedia says he has UAE and French citizenship...
Where does it say they don't have the keys? It literally says they store the keys in their own datacenters. Which is obvious anyway, otherwise the API wouldn't be able to return the unencrypted data.
AFAIK Telegram isn’t e2e for the interesting bits, that’s the group chats etc.
If I have to guess, I would say that the authorities would be interested in identities of some users and access to private group chats with shady stuff and Telegram would be able to provide these.
These are probably already available to the Russian intelligence considering the low radiation levels in Pavel Durov’s blood stream and no novichok experience.
> According to this source he’s accused in non-cooperating.
With the context that you omitted it makes more sense:
Justice considers that the absence of moderation, cooperation with
law enforcement and the tools offered by Telegram (disposable numbers,
cryptocurrencies...) makes it an accomplice to drug trafficking,
pedo-criminal offenses and swindling.
That's probably exaggeration or straight lie. There are open-source messengers who don't even require a phone number, and phone number is not legally required for registration in most countries (but, for example, in Russia you cannot signup users in a messenger without getting their phone number. So those open source messengers are technically outright illegal).
As for moderation, any post in public or private groups can be reported to moderators. As for one-to-one chats, this might not work, but you should not be chatting with random people anyway.
> I don’t understand how they’re going to convince French judges that he’s guilty for not being able to decrypt chats that he has no keys for…
That false statement is refutable trivially: Just perform the mud puddle test [1] in front of the judge (and a cryptographer explaining the implications to the judge).
There are lot of direct laws about record-keeping (company accounts for instance) but there are also a lot of laws which indirectly impose requirements of record-keeping, because having records will be the only way to comply with the requirement (tracking of origin for food recalls for instance).
France almost certainly has a law that says that if you run a telecommunication service, you must respond to court orders with the following information: X, Y, Z & W.
If non-compliance with such a law is the basis for the arrest, it will be his damn problem to convince the judges, that despite being subject of many such court orders, he had a stronger legal basis for not keeping the necessary records to comply.
However, my money is on Al Capone: I would be very surprised if the charges do not (also) contain tax-evasion, securities fraud, money laundering.
My immediate guess is that there’s more. The french secret service strikes me as much more “intelligent” than the US secret service (which I heard is mostly ran by mormons), so I would think this type of move is heavily calculated
If he's taking a privacy stance then it's bloody stupid since he's protecting an insecure app. In contrast Signal would've cooperated and provided essentially nothing useful.
Very interesting to see where it will all go.
I don’t understand how they’re going to convince French judges that he’s guilty for not being able to decrypt chats that he has no keys for…