Since its launch in 2013, Telegram has been a strong competitor to WhatsApp in the instant messaging space. However, the platform recently faced intense scrutiny following the arrest of its CEO and founder, Pavel Durov, at Paris Le Bourget airport. Durov and Telegram stand accused of inadequate oversight, allegedly enabling illegal activities ranging from drug trafficking to terrorism and the dissemination of child pornography. This situation raises a critical question: Has the strong encryption that once set Telegram apart now become its vulnerability? To explore this, we spoke with cybersecurity expert Gianclaudio Moresi.
Encryption Comparisons: WhatsApp vs. Telegram
In our discussion, Moresi compared the encryption methods of Telegram and WhatsApp. “Both platforms facilitate communication, but they differ significantly in their operational approaches,” he explained. “WhatsApp is designed for direct messaging with individuals whose phone numbers you have, typically involving known contacts.” WhatsApp employs end-to-end encryption, which is touted as allowing only the sender and recipient to access the content. However, Moresi highlighted a crucial caveat: “The complexity of WhatsApp’s encryption algorithm may not be as robust as perceived. Law enforcement agencies have software tools that can bypass this encryption during forensic investigations, granting them access to user data when necessary.”
Telegram, in contrast, offers more diversified interaction modes, including ‘secret chats’ and ‘channels.’ Moresi noted that “Telegram’s secret chats provide a higher level of anonymity than WhatsApp because the encryption is proprietary, protecting not only the content but also the infrastructure through which data is transmitted. This encryption’s specifics remain unpublished, and for now, it appears secure.” Unlike WhatsApp, which stores messages on a centralized server, Telegram’s secret chats are device-specific and avoid cloud storage, featuring self-destructing messages that cannot be forwarded. “This setup offers significant anonymity,” Moresi added, “which partly explains Telegram’s popularity among users engaged in illicit activities.”
Implications for Encryption Systems
The functionalities of Telegram have not only called into question the platform’s practices but have also sparked broader debates about encryption systems.
Compliance with the Digital Services Act (DSA)
Telegram has emphasized its adherence to the Digital Services Act (DSA), an EU regulation introduced in 2022 to oversee online content. This law mandates that digital platforms, including social networks and messaging services, provide transparency regarding content moderation practices, enforce stringent controls on targeted advertising, and disclose how algorithms function to regulatory bodies. Moresi clarified that while the DSA requires transparency about algorithm usage, it does not compel companies to divulge the specifics of their encryption methods. “Encryption algorithms are considered proprietary technology, often protected due to economic and intellectual property considerations. While authorities can request details during investigations, the core mechanics typically remain confidential.”
Telegram, therefore, operates under similar obligations as other internet service providers. It must employ measures to prevent illegal content but is not held liable if users circumvent these measures. “The platform is expected to report violations promptly,” Moresi pointed out. “However, like other services, Telegram cannot guarantee that all transmitted content is lawful, which is the crux of the current controversy.”
The Path Forward: Regulation vs. Privacy
The critical question arises: Should Telegram compromise its encryption capabilities to curb the spread of illegal content, and could this scenario set a precedent for the tech industry? Moresi suggested that the spotlight on Telegram could lead to more stringent regulations, potentially requiring companies to disclose encryption details or create ‘backdoors’ for law enforcement access.
He also underscored the broader geopolitical implications: “Recent global events highlight that platforms like Telegram, though founded on democratic ideals, must be regulated to prevent misuse by militias, criminal organizations, and other entities that exploit these tools for secure communication. This underscores the evolving role of encrypted technology in national and global security contexts.”
However, Moresi warned of the dangers of overregulation. The anonymity provided by Telegram does not only shield criminals; it is crucial for journalists, activists, and dissidents operating under authoritarian regimes. “Excessive regulatory measures could inadvertently stifle free expression and hinder vital communications, effectively turning protective laws into tools of censorship,” he argued.
France’s Role in Cybersecurity Regulation
The focus on encryption and data security is becoming a pivotal aspect of strategic cybersecurity policies. Moresi pointed out that the arrest of Pavel Durov in France, a country frequently targeted by terrorism, is indicative of the broader context. “Countries that lead in defining new cyber regulations will shape what is permissible in digital spaces,” Moresi concluded. “This will have far-reaching implications not only for data encryption but also for national security and geopolitical stability.”
This debate on encryption and regulation will continue to evolve, challenging policymakers and tech companies to find a balance between security and privacy in an increasingly interconnected world.