The Proud Boys’ reliance on Telegram didn’t save them, but it did prevent the attack

On January 4, 2021 at 8:06 p.m., shortly after Enrique Tarrio’s arrest, a Proud Boy named Travis ordered everyone on the Proud Boys’ Ministry of Self-Defense Telegram list to “destroy everything.”

Because of the way Telegram persists on individual phones, it didn’t work. Two years later, that text was used as evidence against the Proud Boys to show that they knew they had something to hide as early as January 4th.

Four days later, on the Department of Self-Defense list that had replaced the first, Aaron of the Bloody East—a senior Proud Boy in Philadelphia—announced the arrest of Proud Boy Nicholas Ochs as he landed in Hawaii (the avatars for the Proud Boys were added for the lawsuit; only the monikers and user IDs came from Telegram itself). The conversation immediately turned to deleting two channels that were used to organize the Proud Boys on January 6. But since Jeremy Bertino, who had set up the chat, had already left, the men once again struggled to cover their tracks.

Organizing on Telegram didn’t prevent the government from prosecuting the Proud Boys for their role on January 6. On the contrary, those chats — complete with their vocal efforts to delete them after each arrest — became a central part of the evidence used to prosecute Enrique Tarrio, Joe Biggs, and Ethan Nordean on sedition charges, with help from Bertino, who has defected and is still cooperating with the investigation.

It began no later than Nordean’s own arrest on February 3, 2021, when Nordean’s wife gave the FBI the passcode to his phone, where many of these texts were still available. It continued as the FBI obtained one Proud Boys phone after another (one of the only known exceptions was Joe Biggs, whose phone the FBI never obtained).

A 2022 letter to Zach Rehl’s attorney provides a glimpse into how the FBI had to exploit as many phones as possible, one after the other, because the set of texts still available on an individual’s phone varied. Some people, like Nordean, were able to delete their voice messages and other attachments. Others didn’t even try.

In all, the DOJ relied on at least 11 separate lists, as well as a series of individual Telegram texts (and some Parler texts), during the trial. In that sense, the investigation into the Proud Boys was not much different than that of the Oath Keepers, who used Signal instead of Telegram for those types of organizations.

That’s important background information to the news of the French arrest of Pavel Durov on charges of (at a minimum) child sexual exploitation, terrorism, cybersecurity, fraud and organized crime. Authorities can still prosecute people who use Telegram to plan and organize their crimes.

But there are obstacles. Police seized Tarrio’s phone when they arrested him — with those damning Telegram threads still on it — two days for the Proud Boys would lead a mob that attacked the Capitol. But it took more than a year for them to crack the encryption on his phone, abuse it, and conduct a privilege review. Even after they seized Tarrio’s phone, prosecutors couldn’t prevent January 6, after deciding days before the attack that Tarrio posed a risk to the certification of the vote.

Things might have been different if the Proud Boys had been considered a terrorist group (which they still aren’t, largely due to an asymmetry in U.S. law regarding domestic and foreign extremist groups). Contrary to popular reporting, the vast majority of Telegram usage is unencrypted. As far as I know, none of the texts introduced at the Proud Boy trials were protected by Telegram’s difficult-to-use encryption, not even the private texts in which Tarrio told girlfriend after girlfriend about his impending arrest.

But the encryption itself wouldn’t have saved him. On December 18, 2020, D.C. cop Shane Lamond enabled Telegram encryption on texts he exchanged with Tarrio, warning him about both the investigation into his role in the burning of a BLM flag (the crime for which Tarrio would be arrested on January 4) and comments about public Proud Boys statements leading up to January 6.

To contact Tarrio, the suspect used a Telegram chat with the highest level of encryption available. The suspect then asked Tarrio if he had passed on the anonymous tip. Tarrio responded, “I did more than that. It’s on my social media.” The suspect told Tarrio, “I’m also curious to see what happens. I’ll ask our CID (Criminal Investigations Division) people if they have you on video.”

But they were still available on the phones afterwards.

Even after Lamond and Tarrio set Telegram to automatically delete messages, Telegram couldn’t completely salvage the messages.

On December 22, 2020, approximately two minutes after Tarrio sent defendant a screenshot of a message he had received via Telegram from an MPD detective assigned to the BLM banner burning investigation, defendant changed the settings of his encrypted chat with Tarrio on Telegram so that future messages would be deleted 5 seconds after the recipient opened them.

A number of their auto-deleting text messages have been reconstructed, particularly those sent after Tarrio’s pretrial release in the DC case.

And after Lamond called Tarrio on Telegram to warn him about the warrant, Tarrio went to the Department of Self-Defense thread — the same one the Proud Boys didn’t delete after his arrest — and told them that his contact had just warned him about the arrest. There are text messages between Lamond and Tarrio, specifically from January 1 and January 4, that have been lost to law enforcement. But enough of their texts survived to support the obstruction charges Lamond is set to face in October.

The encryption didn’t save Shane Lamond. It probably wouldn’t do much for intelligence purposes either — partly because the encryption might not be great, but also because a determined spy would get the text messages through the phones, just as the FBI did with Lamond. France certainly has the intelligence capabilities to beat Telegram’s encryption, as does the US, both of which would be happy to share with Ukraine.

Instead, one of France’s reported complaints is that Telegram is uncooperative with law enforcement requests. While all of the Proud Boys’ January 6th-planning threads and text messages between allegedly corrupt cop Lamond and Tarrio prior to December 18th were likely readily available on Telegram’s servers, Telegram wouldn’t have provided them even if the FBI had asked for them after Tarrio’s arrest, at least not without a lot of bluster. That also means Telegram wouldn’t provide a lot of other information that turns out to be useful for solving crimes. In the Proud Boys case, it likely required witnesses like Bertino to cooperate in order to attribute the handles used by some of the Proud Boys to specific users (Signal didn’t have this capability at the time, so investigators could more easily match phone numbers to users).

By comparison, prosecutors could and did issue preservation orders to Google and Facebook, which preserved much but certainly not all of the relevant content, even as individual users tried to cover their tracks, just like the Proud Boys. In response to the legal process, those platforms, as well as Twitter and others (but not Signal, which doesn’t retain most of this data), handed over user credentials, addresses, credit card numbers and access times.

But it is the question of prevention where Telegram is of greatest concern. Telegram is the platform of choice for extremists of all ideologies, both for broadcast messaging and for more discreet threads like those of the Proud Boys. And in fast-moving situations, such as the extremist mobilization following the Southport stabbing in the UK, Telegram channels can grow into the tens of thousands before they’re even detected. And while Telegram took the rare step of shutting down the most violent channels related to the British riots in that case, it left many open.

It is too early to know the extent of the French investigation, furthermore it implies both non-cooperation and slow moderation. It is a complaint that Telegram does not want to provide information to solve crimes already committed and does not want to take steps to prevent them.

Two of the key questions are whether Durov derives a material benefit from allowing crime and extremism to flourish on Telegram. Another is whether Durov is giving the Russian government preferential access to all channels that are otherwise difficult to access. This post gives some sense of the extent to which Durov’s likely cooperative relationship with Russia conflicts with his public claims of hostility.

There are many who argue that France is targeting Durov because Telegram is an encrypted messaging platform. While that may be a factor, the far more important factor is that Telegram allows crime to flourish on its platform, and until he got to France, where his French citizenship will effectively help France thwart Russian attempts to help him, he was protected by regimes that also prefer to allow certain types of harmful content to flourish.

image_print

You May Also Like

More From Author