Operators of the messenger app Telegram transferred personal information of its users to the German Federal Criminal Police Office (BKA), deviating from the company’s earlier claims of shielding such data from governments.
The personal data is related to users who were suspects of terrorism and child abuse crimes, according to Spiegel. In the case of other crimes, it is still difficult for German authorities to get data from Telegram.
The move comes across as a softening of the company’s stance on private data. German investigators, for a long time, have never received any positive responses from Telegram whenever they requested the company to reveal the identities of people behind online criminal content.
The data handover runs counter to Telegram’s claim on its official website that “to this day, we have disclosed 0 bytes of user data to third parties, including governments.”
According to the company, cloud chat data is stored in multiple data centers around the world that are controlled by several legal entities across various jurisdictions.
Moreover, decryption keys are split into multiple parts and never stored in the same place as the data they are supposed to protect. As a result, only if several court orders from different jurisdictions appear will Telegram be forced to give up data.
“Thanks to this structure, we can ensure that no single government or block of like-minded countries can intrude on people’s privacy and freedom of expression,” the company claims.
However, its recent German handover dents this narrative, raising the possibility that Telegram can be forced by other governments as well to submit private data.
Back in 2018, Telegram founder Pavel Durov announced a new policy according to which a court order can compel the company to release IP addresses and phone numbers of its users. In its latest transparency report updated every six months, no data transfers to authorities were mentioned.