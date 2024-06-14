Delta Chat, a popular messaging app with over 100,000 downloads on Google Play, has once again refused to cooperate with Russian authorities in providing access to user data and decryption keys.

Holger Krekel, managing director of Merlinux GmbH, the company behind Delta Chat, responded to a request from Roskomnadzor, Russia’s Federal Service for Supervision of Communications, Information Technology, and Mass Media.

The letter, sent on June 11, 2024, requested that Delta Chat register for messaging services in Russia and provide access to user data and decryption keys. Krekel’s response was clear: Delta Chat does not have a central registry of email addresses, messages, or decryption keys, as it allows users to choose their email providers independently and retains no control or access over their communications.

Delta Chat posted a detailed response on their Mastodon account, explaining their position. They emphasized that various governments, including those of the EU, the US, the UK, and Russia, are in a race to undermine end-to-end encryption, a cornerstone of digital privacy and security. The post highlighted that Delta Chat’s decentralized nature and commitment to privacy mean they cannot comply with such requests, as they simply do not have the requested data.

Delta Chat’s response to Roskomnadzor

Delta Chat | Mastodon

The German-based company has a history of resisting such demands. The first attempt by Roskomnadzor to register Delta Chat as an information distribution organizer, which would impose surveillance obligations, occurred in 2020. As in the recent instance, Delta Chat maintained its stance, asserting its inability to access user data or decryption keys.

Delta Chat operates as a decentralized messaging platform that leverages existing email infrastructure. This design choice ensures that the app itself does not store any user data or encryption keys. Instead, user data remains with the chosen email provider, and only the users have access to their encryption keys, which are stored locally on their devices. This architecture makes it technically impossible for Delta Chat to comply with requests for user data from any government.

Roskomnadzor’s attempts to force Delta Chat into compliance are part of a broader strategy to enhance surveillance capabilities by registering services as information distribution organizers. This registration imposes significant obligations, such as storing all user data and making it accessible to the Federal Security Service (FSB) upon request. It also includes the controversial requirement to provide encryption keys, under threat of service blocking for non-compliance.

Delta Chat’s refusal highlights the broader tensions between tech companies and governments over user privacy and encryption. By standing firm, Delta Chat not only protects its users but also sets a precedent for other tech companies facing similar pressures. Despite potential repercussions, including the possibility of its domains getting blocked in Russia, Delta Chat reaffirmed its committement to its principles of privacy and security.

To ensure their users’ continued access to secure communications, Delta Chat has developed documentation for setting up lightweight email servers, called “chatmail instances,” which can be easily deployed by individuals with minimal technical skills. This approach aims to circumvent potential government restrictions and maintain the integrity of encrypted communications.

Further reading:

R