Telegram starts to play nice with security agencies over user data, but not in Russia

Under Telegram's new privacy policy, it could hand over user IP and phone details given the right court order.
Written by David Meyer, Contributor

On Tuesday, Russian communication regulator Roskomnadzor indicated it may consider unblocking encrypted messaging app Telegram.

However, there's a rather significant catch: Telegram will have to hand over the keys to its users' encrypted chats.

"Our colleagues should apply to our appropriate authorities -- the Federal Security Service -- to interact with them, as required by Russian law, and to provide the data they are obliged to provide in Russia," Roskomnadzor deputy head Vadim Subbotin told the TASS news agency.

"Unlocking is possible, if they execute a court decision."

That's a non-starter. After all, the whole reason Telegram is blocked in Russia is its refusal to hand over those encryption keys.

SEE: 10 ways to raise your users' cybersecurity IQ (free PDF)

The ban has been in place since April, and Roskomnadzor's attempts to enforce it have led to the blockage of many IP addresses, affecting other online concerns in the process.

However, Telegram isn't entirely averse to handing over data to authorities. Also on Tuesday, the company published a new privacy policy in which it stated: "If Telegram receives a court order that confirms you're a terror suspect, we may disclose your IP address and phone number to the relevant authorities."

"So far, this has never happened," the policy noted. "When it does, we will include it in a semiannual transparency report."

In a Telegram post on Tuesday -- the service provides public-facing channels as well as private messaging features -- founder Pavel Durov said the policy has been revised to belatedly comply with Europe's new General Data Protection Regulation (GDPR), and Telegram was "reserving the right" to comply with court orders.

"Regardless of whether we ever use this right, the measure should make Telegram less attractive for those who are engaged in sending out terrorist propaganda here," he noted.

SEE: IT pro's guide to GDPR compliance (free PDF)

Telegram has indeed been used as a messaging and propaganda medium by terrorists, notably those involved in ISIS.

So does Telegram's new policy indicate a thaw in its relations with the Russian authorities? Not according to Durov, who noted in his post that the Russian ban was not down to issues around terrorist suspects' IP addresses and phone numbers.

Durov pointed out that, as Telegram is still outlawed in Russia, the company does not have to pay any heed to the demands of the Russian authorities, and the new privacy policy has nothing to do with the situation in that country.

"Therefore, we continue our resistance," he said.

As the Russia-focused publication Meduza has noted, quite a few questions about the new privacy policy remain unanswered, such as whether Telegram will tell users that their data has been shared with authorities, and why the company did not give users a heads-up about the privacy policy change, given that the EU's GDPR came into effect in late May.

ZDNet has also asked Telegram for answers to these questions, but has received no reply as yet.

Previous and related coverage

Google, Amazon drawn into Telegram ban as Russia blocks millions of IP addresses

Russia's quest to stop encrypted messaging app Telegram also blocks thousands of Amazon, Google addresses.

After court battle, Russia finally bans Telegram app

Telegram refused to hand over its encryption keys to state authorities.

Russia moves to block Telegram after encryption key denial

Telegram's lawyer told ZDNet that Russia's demand for the app's encryption keys is "unconstitutional."

Russia: We want volunteers to help us censor the internet

Russia's interior minister says he wants citizens to scour the internet for banned material.

Russia's 'Big Brother' data law now in force: Kremlin spies are the big winners

To help Russian security services, providers will now have to keep customers' texts, calls, and chat logs in full.

How to protect yourself from the Telegram-exploiting remote access Android HeroRat trojan TechRepublic

A new remote access Trojan that abuses the Telegram messaging protocol on Android devices can give attackers total control over your device. Here's how to stay safe.

Iran orders ISPs to block Telegram messaging app CNET

The blockage comes after the secure messaging app was used by organizers of anti-government protests earlier this year.

Editorial standards