Complying with the August 30 ruling that held that courts in India can direct a messaging app to disclose the information of infringers, Telegram has disclosed the admin names, phone numbers and IP Addresses of the channels which are accused of unauthorised sharing of the study material prepared by Campus Private Limited and its teacher Neetu Singh for various competitive examinations.

  • riccardo
    link
    fedilink
    arrow-up
    4
    arrow-down
    1
    ·
    edit-2
    2 years ago

    To protect the data that is not covered by end-to-end encryption, Telegram uses a distributed infrastructure. Cloud chat data is stored in multiple data centers around the globe that are controlled by different legal entities spread across different jurisdictions. The relevant decryption keys are split into parts and are never kept in the same place as the data they protect. As a result, several court orders from different jurisdictions are required to force us to give up any data.

    Thanks to this structure, we can ensure that no single government or block of like-minded countries can intrude on people’s privacy and freedom of expression. Telegram can be forced to give up data only if an issue is grave and universal enough to pass the scrutiny of several different legal systems around the world.

    To this day, we have disclosed 0 bytes of user data to third parties, including governments.

    This proves Telegram has been (intentionally?) misleading in their FAQ. The “multiple jurisdictions” gibberish has turned out to be, well, not true. A court doesn’t care about the place where you store the data: if requested, as long as you can access the data, you are required to disclose it. The article mentions that Telegram tried to justify their initial refusal by saying that their data center is located in Singapore, but their argument was dismissed by the court:

    On August 30, the court had rejected Telegram’s argument that it cannot share the data relating to the creators or users of the channels, as the said data is stored in its data servers in Singapore and the law there prohibits such disclosure.

    No idea what kind of consequences these people will face right now, but in this specific case the court just needed their number/IP to identify them - in the future, it might happen that the subject of the request will be private correspondence.

    Telegram has always had a good record when it comes to opposing government’s requests for their users’ data, but this time they decided that the issue was not serious enough to risk to lose a huge market such as the Indian one. The existence of the premium subscription also makes things way more complicated. How should Telegram deal with active subscriptions, in case it gets blocked in a country? Will they suspend them and give up on the revenue? Will they ask their users to cancel them? Will they do nothing and keep them active even if their users can’t access the service? As a reference, this summer Telegram was almost blocked in Germany, and they decided to delay the introduction of the premium subscription in the country, which is still not available (afaik)