The chairman of a congressional subcommittee has asked Apple and Google to help stop fraud against US taxpayers on Telegram, a fast-growing messaging service distributed via their smartphone app stores. The request from the head of the House Select Subcommittee on the Coronavirus Crisis came after ProPublica reports last July and in January revealed how cybercriminals were using Telegram to sell and trade stolen identities and methods for filing fake unemployment insurance claims.
Rep. James E. Clyburn, DS.C., who chairs the subcommittee (which is part of the House Committee on Oversight and Reform), cited ProPublica’s reporting in March 23 letters to the CEOs of Apple and Alphabet, Google’s parent company. The letters pointed out that fraud against American taxpayers is inconsistent with Apple’s and Google’s policies for their respective app stores, which forbid apps that facilitate or promote illegal activities.
“There is substantial evidence that Telegram has not complied with these requirements by allowing its application to be used as a central platform for the facilitation of fraud against vital pandemic relief programs,” Clyburn wrote. He asked whether Apple and Alphabet “may be able to play a constructive role in combating this Telegram-facilitated fraud against the American public.”
Clyburn also requested that Apple and Google provide “all communications” between the companies and Telegram “related to fraud or other unlawful conduct on the Telegram platform, including fraud against pandemic relief programs” as well as what “policies and practices” the companies have implemented to monitor whether applications disseminated through their app stores are being used to “facilitate fraud” and “disseminate coronavirus misinformation.” He gave the companies until April 7 to provide the records.
Apple, which runs the iOS app store for its iPhones, did not reply to a request for comment. Google, which runs the Google Play app store for its Android devices, also did not respond.
The two companies’ app stores are vital distribution channels for messaging services such as Telegram, which markets itself as one of the world’s 10 most downloaded apps.The company has previously acknowledged theimportance of complying with Apple’s and Google’s app store policies. “Telegram — like all mobile apps — has to follow rules set by Apple and Google in order to remain available to users on iOS and Android,” Telegram CEO Pavel Durov wrote in a September blog post. He noted that, should Apple’s and Google’s app stores stop supporting Telegram in a given locale, the move would prevent software updates to the messaging service and ultimately neuter it.
By appealing to the two smartphone makers directly, Clyburn is seriously increasing pressure on Telegram to take his concerns. His letter noted that “Telegram’s very brief terms of service only prohibit users from ‘scam[ming]’ other Telegram users, appearing to permit the use of the platform to conspire to commit fraud against others.” He faulted Telegram for letting its users disseminate playbooks for defrauding state unemployment insurance systems on its platform and said its failure to stop that activity may have enabled large-scale fraud.
Clyburn wrote to Durov in December asking whether Telegram has “undertaken any serious efforts to prevent its platform from being used to enable large-scale fraud” against pandemic relief programs. Telegram “refused to engage” with the subcommittee, a spokesperson for Clyburn told ProPublica in January. (Since then, the app was briefly banned in Brazil for failing to respond to judicial orders to freeze accounts spreading disinformation. Brazil’s Supreme Court reversed the ban after Telegram finally responded to the requests.)
Telegram said in a statement to ProPublica that it’s working to expand its terms of service and moderation efforts to “explicitly restrict and more effectively combat” misuse of its messaging platform, “such as encouragement fraud.” Telegram also said that it has always “actively moderated harmful content” and banned millions of chats and accounts for violating its terms of service, which prohibit users from scamming each other, promoting violence or posting pornographic content.
But ProPublica found that the company’s moderation efforts can amount to little more than a game of whack-a-mole. After a ProPublica inquiry last July, Telegram shut some public channels on its app in which users advertised methods for filing fake unemployment insurance claims using stolen identities. But various fraud tutorials are still openly advertised on the platform. Accounts that sell stolen identities can also pop back up after they’re shut down; the users behind them simply recycle their old account names with a small variation and are back in business within days.
The limited interventions are a reflection of Telegram’s hands-off approach to policing content on its messenger app, which is central to its business model. Durov asserted in his September blog post that “Telegram gives its users more freedom of speech than any other popular mobile application.” He reiterated that commitment in March, saying that Telegram users’ “right to privacy is sacred. Now — more than ever.”
The approach has helped Telegram grow and become a crucial communication tool in authoritarian regimes. Russia banned Telegram in 2018 for refusing to hand over encryption keys that would allow authorities to access user data, only to withdraw the ban two years later at least in part because users were able to get around it. More recently, Telegram has been credited as a rare place where Russians can find uncensored news about the invasion of Ukraine.
But the company’s iron-clad commitment to privacy also attracts cybercriminals looking to make money. After the COVID-19 pandemic prompted Congress to authorize hundreds of billions of small-business loans and extra aid to workers who lost their jobs, Telegram lit up with channels offering methods to defraud the programs. The scale of the fraud is yet unknown, but it could stretch into tens if not hundreds of billions of dollars. Its sheer size prompted the Department of Justice to announce, on March 10, the appointment of a chief prosecutor to focus on the most egregious cases of pandemic fraud, including identity theft by criminal syndicates.