Messaging app makers' dilemma: Keeping comms private and funding open source

After Telegram CEO was charged in France, Element bosses mull the challenges

Interview Not upsetting law enforcement with end to end encryption and finding a sustainable way to fund open source development are challenges facing messaging giants and minnows alike.

The recent arrest of Telegram CEO Pavel Durov in Paris sent shockwaves through the tech industry as leaders consider their accountability in the eyes of the law.

Matthew Hodgson, Element CEO and also technical co-founder of the Matrix decentralized network, blames the way encryption is used by Telegram for at least part of the situation.

"The problem is that Telegram isn't encrypted, and yet they claim that it is," he tells The Register.

According to Telegram, the service does feature end-to-end encryption, although only in "secret chats." Private and group chats use server-client encryption, which, while an improvement over some of the mass market competition, is not as secure as others (although still encrypted) partly because messages are stored in the Telegram Cloud.

Hodgson's contention is that Durov could access some of the data held in Telegram, meaning the actions of the authorities are unsurprising. "And so... as a French citizen, if the French government says, 'Hey, here is a law enforcement request, because we think someone's going to commit an atrocity, please, can you help us investigate?' And [Pavel] says, 'Nope,' then he's [possibly] breaking the law. I'm not that surprised that they arrested him," says Hodgson.

The Register notes that since this interview, Durov has updated Telegram's Terms of Service and Privacy Policy, which are now "consistent across the world," according to the CEO, who added in a Telegram update:

"We've made it clear that the IP addresses and phone numbers of those who violate our rules can be disclosed to relevant authorities in response to valid legal requests."

Element, on the other hand, has end-to-end encryption enabled by default. Even if Hodgson wanted to see user messages, he could not. Unless the authorities insist on some sort of back door...

The company is UK-based, so Hodgson explains, "We have to adhere to UK law," before adding, "We don't even need to fly to France or Germany to get arrested."

Telegram's new custom app icons

Telegram will now hand over IP addresses, phone numbers of suspects to cops

READ MORE

"Instead the cops will turn up and say, 'Hang on a second...' The UK law enforcement has certain rights under the Investigative Powers Act and therefore, obviously, we have to comply with it."

Countries such as the UK, with its Online Safety Act and the EU's Chat Control legislation, present a clear and present danger to privacy campaigners. Amandine Le Pape, COO of Element, says, "An encrypted communication app is for the best because it protects people. The second you break end-to-end encryption, it's opening the door to everything."

Hodgson adds, "If anything, the noises we're hearing from IWF [Internet Watch Foundation] and Ofcom are more enthusiastic against end-to-end encryption than before.

"As Amandine says, we cannot undermine our encryption. It's the entire point of the platform. If the UK does go hostile against it, then we would have to be blocked or move elsewhere."

It's a strange situation, particularly considering the esteem in which Matrix, the open-source communication platform Element uses, is held by dome public sector companies. Then, there is how to fund the development.

Open sourcery

In August, the FreeBSD Foundation announced that the Sovereign Tech Fund would be investing €686,400. Hodgson and Le Pape would like some of that action for Matrix development.

Hodgson says of the Foundation, "I think because they assume that we have all these government deployments, we should be being funded by [the public sector] already.

Matrix certainly has some supporters. For example, Germany has adopted the protocol as its strategy to keep control over its data and infrastructure.

"But on the flip side, often, the public sector likes open source because they feel they don't have to pay for it: 'That's why we picked it as open source so we don't get trapped paying some kind of recurring fee to some kind of vendor.'

"So we are still seeing a really bad tragedy of the commons unfold … there are quite a few out there who have chosen us because we're open source. And then when we ask if they would like to support the development costs, [they] just say: 'No.'

"From a sustainability perspective, it's an absolute nightmare."

Kelsey Hightower seated on stage during a fireside chat at Civo's Navigate event in Berlin

Kelsey Hightower: If governments rely on FOSS, they should fund it

READ MORE

Hodgson describes a situation in which adoption of the technology has grown, and more people have jumped on board, but too many assume that somebody else will deal with the development cost.

"All it does is to force us more and more into an open core model, where we have to provide value-added things as proprietary software on top of the open platform."

Hodgson and Le Pape's frustration is palpable. Sure, it's a sustainable approach, but as Hodgson says, "It probably would be a better result for our public sector customers if they were actually funding the open source rather than being forced to again buy proprietary software, which defeats the point in the first place!"

Element's latest line-up is based on the Matrix 2.0 release and consists of Element X, an application that has been rewritten in Rust and, according to Element, is vastly faster and "smoother than its predecessor". Element X also includes Element Call for encrypted voice and video chats. The update is rounded out by Element Server Suite, the company's backend hosting solution.

It's a convenient way of using Matrix 2.0, although the comments above apply – Element would very much like users to pay to use its wares.

For version 3.0, the team wants to make what Hodgson calls "some fairly major cryptographic changes" or consider making the next major revision all about trust and safety.

"Increasingly, it feels like the biggest limitation to the growth of Matrix will be empowering users and servers to avoid abuse on whatever terms that they like," Hodgson says.

"It's something we've been talking about for ten years. We have fallen behind on implementation thanks to funding limitations, and frankly, we're seeing some of the side effects of not having invested enough."

"The journey is not over. I think it's Make It Work, Make It Work Fast, and then Make It Work Safely." ®

More about

More about

More about

TIP US OFF

Send us news


Other stories you might like