What the arrest of Telegram’s CEO means for digital rights
French prosecutors have charged Telegram CEO Pavel Durov for illegal content disseminated by users of his platform and the company’s failure to cooperate with law enforcement authorities. EDRi is following this case with great concern, here is why.
On 24 August 2024, France dropped a bombshell in the digital regulatory bubble: With the arrest of Telegram CEO Pavel Durov at Paris airport, where he had landed in a private jet, French prosecutors turned up the heat for tech billionaires — and the outcome might be a mixed bag for digital rights.
The attempt to hold the founder, principal owner, and chief executive officer of Telegram personally liable under national criminal law, for illegal content shared by Telegram users, is a novelty in the tech regulation space, and came as a surprise move just about a year after the entry into force of the Digital Services Act (DSA). The DSA is the EU’s flagship content governance law, and while it is supposed to address exactly the kind of corporate liability questions around user-generated content that are at stake here, it does not foresee any personal criminal liability for the employees or owners of online platforms.
In his first public statement since the charges were brought, Durov claimed to have received the message and said, “We hear the concerns. I made it my personal goal to prevent abusers of Telegram’s platform from interfering with the future of our 950+ million users.”
More than content moderation at play
Yet, there is more to Durov’s detention than content moderation—or the lack thereof: Telegram is also a personal messaging app and at least some of France’s charges brought against Durov directly relate to private messages exchanged between Telegram users, which French authorities apparently are interested in intercepting.
To be clear, Telegram is no model for corporate responsibility. It lacks clear and transparent content moderation policies and provides no workable support channels or accessible remedies for abuses on the platform. Without a human rights policy and a team able to conduct human rights due diligence and effective content moderation, Telegram puts its users at risk and is unlikely to be in compliance with the DSA. Together with many digital security experts, members of the EDRi network have also criticised Telegram’s deficient privacy and digital security measures.
Telegram of course must comply with applicable EU and national law when operating in the EU. While the exact nature of the charges, as well as the intentions and the evidence collected by the prosecution are still unclear, EDRi calls on French authorities to strictly adhere to the rule of law and procedural safeguards, as well as human rights standards and transparency, in their prosecution, and to refrain in particular from using any heavy-handed tactics that would be incompatible with the principles of legality, necessity, and proportionality.
Any legal action must consider that Telegram is not only used by a minority of users for criminal activity, but also by millions of people around the world for entirely legal and legitimate purposes. In particular, we urge French authorities not to use their prosecution as a pretext to undermine the privacy of everybody’s private communications and not to weaken the protections provided by encryption.
Opportunities to review France’s Internal Security Law and use the DSA
The occasion of Durov’s arrest also presents an opportunity for the French government to review its overly-broad Internal Security Law, and in particular to withdraw the antiquated encryption registration obligation in its Trust in the Digital Economy Law. The Internal Security Law was last modified this summer but still fails to provide meaningful human rights safeguards for law enforcement requests to personal communications data. The Trust in the Digital Economy Law, under which Durov is also charged for having failed to register Telegram in France, contains a 20th century obligation for services to notify the government of any encryption service they might offer. In 2024 that could even be interpreted as including practically any online service in existence, because TLS/SSL-based transport encryption (i.e. basic website security!) has become ubiquitous. As a result, the obligation constitutes an infringement of the freedom to provide digital services in France (and hence in the EU) and, in particular, a threat to smaller providers and the free and open source software community.
Last but not least, EDRi calls on the Belgian postal and telecommunications authority, which is primarily responsible to oversee Telegram’s DSA compliance, to investigate the online platform’s adherence with the EU’s new content governance framework. The DSA is a crucial piece of legislation aimed at solving exactly the kind of content governance questions the French prosecution raises with regard to Telegram. We should use it.
- The French Detention: Why We’re Watching the Telegram Situation Closely – Electronic Frontier Foundation
- Telegram: a criminal service? – Bits of Freedom
- Affaire Telegram : des inquiétudes dans un contexte de guerre contre les messageries, les réseaux sociaux et le chiffrement – La Quadrature du Net
- Access Now’s statement on French authorities’ detention of Telegram CEO Pavel Durov
- EFN Criticizes France’s Heavy-Handed Approach in Arrest of Telegram Founder Pavel Durov – Electronic Frontier Norway
- Enforcing the European Union’s new digital platform laws: How it is going so far – EDRi