Lawyer's Perspective: Thoughts on the Arrest of Telegram Founder Durov

Author: Preston Byrne, Partner at Byrne & Storm Law Firm; Translation: 0xjs@Golden Finance

On August 24th, Pavel Durov, the founder of the popular messaging app Telegram, was arrested when his private plane landed in France.

Early signs indicate that this arrest stems from Telegram's alleged failure to comply with French requirements for content moderation and data disclosure:

Some Legal Background

Most globally influential social media companies based outside of China have their headquarters in the United States. This is not accidental.

In the late 1990s, the United States (wisely) adopted policy measures to minimize the liability of internet service providers, with the most notable being the enactment of Section 230 of the Communications Decency Act. This law essentially stipulates that social media website operators are not responsible for the infringements or criminal acts of their users. Of course, there are also some very narrow exceptions to this rule; for example, illegal pornographic content must be subject to mandatory removal and reporting systems (see: 18 US Code § 2258A), and the passage of FOSTA-SESTA prohibits operators from providing services related to sex trafficking or prostitution (see: United States v. Lacey et al. (Backpage) case, 47 US Code § 230(e)(5)).

In addition, social media site operators are generally not responsible for users' infringing or criminal behavior. If they are merely passively hosting content, they also do not assume liability under the aider/abettor theory. (See: Twitter v. Taamneh, 598 US _ (2023) - at least in the United States on this side of the Atlantic, civil liability for aiding and abetting requires "knowing and substantial assistance," while federal criminal liability - because Section 230 does not apply to state criminal law - requires specific intent to aid the crime).

This means that if I use Facebook to organize drug transactions, Facebook (a) is not obligated to scan its services for illegal use, and (b) is not obligated to restrict such use, and generally will not be subject to civil penalties for my abuse, unless Facebook "substantially promotes" such illegal use, i.e. expressly encourages such illegal use (see, for example, Force v Facebook, 934 F.3d 53 (2d Cir. 2019), where Facebook was found not to be civilly liable under JASTA for the use of Facebook to disseminate Hamas propaganda; also see Taamneh, supra), and (a) under Section 230 of the state criminal code, and (b) under federal criminal law, as long as Facebook does not intentionally and knowingly assist, abet, instigate, or induce the commission of a crime, it will not be criminally liable pursuant to 18 USC § 2.

Most countries do not have such tolerant systems. France is one of them. For example, the 2020 Law on Combating Internet Hate Speech (Loi Lutte Contra la Haine sur Internet) stipulates that global internet companies can be fined up to $1.4 million for failing to restrict 'hate speech' on their websites (in the United States, hate speech is considered 'protected speech'), with fines of up to 4% of their global revenue. Similarly, Germany has its own law, the Network Enforcement Act (sometimes referred to as the 'Facebook Law', but usually abbreviated as NetzDG), which requires the removal of inflammatory political content, with the government having the power to impose fines of over 50 million euros if not complied.

I am not a French lawyer, so it is difficult to figure out which legislative provisions are being referred to here. More information will be available to us after the announcement of the indictment or arrest warrant. I am pretty sure that the United States will not bring a fine lawsuit against Telegram Messenger, Inc. under hate speech laws (such as the EU DSA), because if it were us, Durov would not have been handcuffed and dragged off the plane. French media TFI Info, which reported the news, indicated that these charges could be for aiding and abetting, or conspiracy:

The Ministry of Justice believes that the lack of review, cooperation with law enforcement agencies, and the tools provided by Telegram (disposable numbers, Crypto Assets, etc.) make it an accomplice in drug trafficking... and fraud.

After the arrest warrant is issued, more information will be disclosed. For example, if it is found that Durov did indeed actively assist criminal users in accessing the platform, such as a drug user writing a letter to the support channel saying, 'I want to sell drugs on your platform. What should I do?' and Durov responds by offering assistance, then he will encounter the same fate in both the United States and France.

However, if the French authorities simply say that Derouv did not supervise its users or respond to French document requests in a timely manner is a criminal act (I suspect that the situation is indeed the case), then this represents a sharp escalation in the war of online censorship. This means that European countries will attempt to regulate what foreign companies can host on foreign network servers, and what they cannot.

If correct, this will be very different from the compliance practices currently adopted by most US-based social companies, which typically dominate the global Compliance strategy of most non-Chinese social media companies, including those companies that offer comprehensive encryption for their services (including Telegram, WhatsApp, and Signal). In short, these platforms believe that if they do not intend to use their platform for criminal activities, they are less likely to face criminal charges. Obviously, the situation is different now.

Telegram is not the only company in the world that has used social media platforms for illegal purposes. It is well known that WhatsApp, Facebook's popular encryption messaging application, has been used by the former non-state terrorist organization and current ruler, the Taliban, in Afghanistan for many years. This fact was widely known among NATO generals during the Afghan War and was reported in the media, even in last year's New York Times.

About a month later, the security officer, unable to contact his commander during the night operation, reluctantly purchased a new SIM card, opened a new WhatsApp account, and began to recover the lost phone numbers and rejoin WhatsApp groups.

Kayard sat in his police station, which was a modified shipping container with a handheld radio. He took out his phone and started browsing his new account. He pointed out all the groups he had joined: one for all the police officers in the jurisdiction, another for former warriors loyal to a single commander, and a third for communicating with headquarters superiors. He said he had joined a total of about 80 WhatsApp groups, over ten of which were for official government purposes.

Of course, the Taliban now controls the entire government of Afghanistan - at all levels - and Afghanistan is an enemy of the United States, and Facebook's home country is the United States. If Facebook really wants to prevent such people from using their services, the most effective way is not to play whack-a-mole with individual government employees like Facebook does, but to ban the entire IP range of Afghanistan and all Afghan phone numbers, and disable domestic application downloads, which Facebook does not do. Facebook chooses to take no action instead of taking action.

However, Facebook CEO Mark Zuckerberg comfortably lives in an estate in Hawaii rather than going into exile, and probably no country has issued an arrest warrant against him, while Durov apparently has. I admit that Facebook may (even very likely, as Telegram's operations team only consists of 15 engineers and about 100 employees worldwide) respond faster to French judicial requests than Telegram. However, when you run a globally accessible encryption platform, inevitably - let me repeat, inevitably, absolutely certain - criminal activities beyond your vision or control will occur.

If Telegram is accused of violating French law due to its inability to manage (as media reports suggest), then applications like Signal (apparently unable to respond to law enforcement requests for content data and having similar functionality to Telegram) are equally guilty, and no US social company (or its senior leadership) providing end-to-end encryption is safe. Do we really think that if Meredith Whitaker (Signal's president) decides to go to France, she should go to jail?

The picture is licensed under the Pixabay license

There are still many problems. Currently, the future of interactive network services in Europe is not optimistic. American technology entrepreneurs who operate services based on American values (especially protecting freedom of speech and privacy through strong encryption) should not access Europe, should not recruit employees in Europe, and should not host infrastructure in Europe until this situation is resolved.

French complicity and instigation crime

Updated on August 26, 2024

Basically, my intuition is correct:

There is a long list of crimes, most of which are related to conspiracy in France, which is roughly equivalent to the accomplice/instigator responsibility in the United States.

Here, it is important to note that in the United States, the accomplice/solicitor liability requires a specific intent to result in criminal outcomes - meaning that the criminal act is the defendant's purpose. U.S. social media companies have not yet reached the level of being able to regulate their users, which is why CEOs of U.S. social media companies generally will not be arrested by the U.S. government for their users' criminal behavior. In particular, CSAM charges only rise to the level of crime in the United States when Duruv fails to comply with the U.S. notice-and-reporting regime for such content. Merely having criminal content without any notice does not result in criminal liability.

The French government accuses Duruf of participating (assisting and instigating) in criminal activities and providing 'encryption' software without permission. Encryption products must obtain government approval before being used in France. He is accused of assisting in criminal acts including criminal acts roughly similar to the Anti-Fraud and Corruption Organization Act, criminal acts compilation, Money Laundering, drugs, Hacker, and providing unauthorized encryption technology.

There is a lack of substantial evidence to suggest that Durov and Telegram have explicitly intended to commit these crimes or have caused them to occur (it is highly unusual for a social media CEO to do so, especially since these crimes are illegal worldwide, including the United States, where the extradition of criminals is highly proficient). Therefore, there is no reason why similar accusations cannot be made against any other social media service providers in France, as long as their moderation practices are inadequate, especially for social media services that provide end-to-end encryption.

We need to wait for the evidence to come out before we can draw any definite conclusions about this point. However, my guess is that Durov did not "assist and abet" as understood by the United States. France has decided to use different principles to try to regulate a foreign company because it believes that these companies' audit policies are too lenient.

Summary:

Currently, if you operate a social media company, or you provide encryption messaging services, these services can be accessed in France, and if your headquarters are in the United States, then leave Europe.

Original text link: