March 21, 2024
By: Karla Lellis
STRASBOURG, France – On February 13, 2024, the European Court of Human Rights (ECHR) ruled against extensive Russian surveillance laws that mandated companies store all internet communications and provide decryption keys to security services upon request. The Court held that such practices violate the right to privacy under Article 8 of the European Convention on Human Rights, especially regarding end-to-end encryption decryption requirements.
The ruling in Podchasov v. Russia represents a resounding victory for advocates of online privacy and free expression. The ruling considers Russia’s indiscriminate data retention and decryption requirements a violation of the fundamental right to privacy enshrined in the European Convention on Human Rights. The Russian legislation in question had forced internet companies, including the encrypted messaging app Telegram, to retain transcripts of all user communications for six months and metadata for one year. The laws also required firms to hand over any encrypted data to state security agencies like the FSB upon demand, with no sufficient safeguards against misuse.
The case was brought by the applicant Podchasov, a Telegram user investigated for suspected terrorism ties. He challenged the Russian data hoarding and decryption rules as violating Article 8’s privacy guarantee in communications. Ruling in favor of Podchasov, the ECHR found that the Russian mass surveillance regime permitted “public authorities to have access, on a generalized basis and without sufficient safeguards, to the content of electronic communications” — an unacceptable impairment of privacy rights.
The ruling underscores encryption’s crucial role in safeguarding digital privacy and free expression in the modern era. As the United Nations has affirmed, encryption is vital for protecting rights and enabling open communication on sensitive issues without the fear of unwarranted surveillance or repression.
While acknowledging that encryption creates obstacles for policing, the Court made clear that blanket data seizures and decryption mandates are disproportionate solutions that undermine online privacy and security for all.
For further information, please see:
ECHR – Guide on Article 8 of the European Convention on Human Rights – 31 Aug. 2022
ECHR Docket – Podchasov v. Russia, App. No. 33696/19 – 13 Feb. 2024
ECHR Docket – Roman Zakharov V. Russia, App. No. 47143/06 – 4 Dec. 2015
Phys Org – Telegram must give FSB encryption keys: Russian court – 20 Mar. 2018
Russian Federation – Criminal-Procedural Code Of The Russian Federation No. 174-Fz – 18 Dec 2001
Russian Government – Federal Security Service of the Russian Federation – ND