A recent federal court filing reveals that US prosecutors obtained judicial approval to remotely access Telegram's servers in pursuit of evidence tied to a child exploitation investigation.
The incident shows an unusually aggressive legal maneuver that reflects growing frustration with the platform's lack of cooperation with law enforcement.
The case was quietly embedded in a recent edition of Court Watch, and represents a rare example of US authorities being granted permission to directly interact with foreign-based infrastructure controlled by a company known for resisting government access. According to the filing, which Court Watch summarized without linking, to avoid exposing sensitive personal data, the Department of Justice (DOJ) sought to send covert communications to Telegram's servers to retrieve data from a suspect's account. The method was described as a “remote access search technique,” designed to extract communications and account information.
Although Telegram is based in Dubai and operates largely outside the jurisdiction of US authorities, the DOJ's request was approved on the basis that once the requested data reached a US-based device or district, it would fall under federal legal authority. The order also specified that further access to the Telegram account would require additional court approval.
While the DOJ has previously employed remote access techniques, sometimes called “network investigative techniques” or NITs, in child exploitation and national security cases, the explicit targeting of Telegram's servers is notable. Telegram has long been scrutinized for providing a haven to extremist groups, cybercriminals, and other actors seeking encrypted, unmoderated communication. Yet law enforcement has often complained that the company ignores subpoenas and warrants, even when serious crimes are involved.
Founded by Russian-born entrepreneur Pavel Durov, Telegram claims over 900 million monthly active users and markets itself as a privacy-first messaging service with end-to-end encryption and minimal data retention. While public channels and group chats on the platform can be monitored by admins and bots, private chats, including “Secret Chats,” are encrypted and inaccessible to anyone except the participants.
Telegram has consistently argued that its refusal to cooperate with law enforcement stems from a commitment to user privacy and censorship resistance. More recently, it has increased efforts to comply with requests concerning illegal activities and admitted to having shared data on 2,253 users with US authorities last year.
US prosecutors are increasingly turning to more forceful legal tools when facing stonewalled cooperation or when encryption prevents them from snooping. The latest case suggests a growing willingness by federal courts to authorize intrusive techniques when traditional requests are ignored. Court Watch emphasized that this was the first instance they had encountered of such a legal strategy targeting Telegram in their two decades of monitoring federal dockets.
The full scope of the court-authorized operation, including whether Telegram was notified or has responded to the warrant, remains unclear. It's also uncertain whether this sets a broader precedent for future legal actions against encrypted platforms that resist legal requests from US authorities. As of writing, Telegram has not responded to our requests for a comment.
Article updated at 10:00 ET to add Telegram comment
A Telegram spokesperson responded to our request for a comment, denying the reports about its servers being accessed by law enforcement authorities in the U.S.
The full statement is:
Gaining access to messages on Telegram's servers is impossible, even for Telegram engineers themselves, due to how the system is built. Telegram's servers are securely encrypted and no viable means of breaking that encryption has ever been found. Telegram does not provide access to the data on its servers. – Telegram
The Telegram spokesperson also underlined that the communication platform Telegram has always actively moderated harmful content on its platform, meeting or exceeding all industry standards, and has always processed all legally binding requests from the United States, disclosing the IP address and phone number of criminals who breach its term of service.
Leave a Reply