Telegram, the encrypted messaging platform favoured by dissidents and criminals alike, is now in the crosshairs of UK regulators. The trigger: a massive leak of Indian exam papers that exposed the app’s use as a conduit for cheating rings. Sources confirm that the UK’s National Cyber Security Centre has opened a preliminary inquiry into whether Telegram’s encryption protocols are enabling widespread fraud, not just in India but potentially on British soil.
Documents uncovered by this paper show that a Telegram group with over 20,000 members was used to distribute leaked questions for India’s highly competitive engineering and medical entrance exams. The group, which operated openly for months, sold answers for thousands of rupees. When Indian authorities finally acted, they found the trail led to servers outside the country, protected by Telegram’s end-to-end encryption.
But the story doesn’t end there. UK officials are concerned that similar channels could be exploited for domestic exams, financial scams, or even terrorism. A senior cybersecurity analyst told me: “Telegram’s encryption is a double-edged sword. It protects journalists and dissidents, but it also shields criminals. The UK cannot ignore that.”
Telegram’s founder, Pavel Durov, has long resisted government pressure to introduce backdoors. He argues that any weakening of encryption would open the door to authoritarian surveillance. But critics say his stance is naive. In the Indian case, the leak was not a sophisticated hack but a simple breach of trust by insiders. Encryption did not stop it; it only hindered prosecution.
The UK’s Online Safety Bill, now making its way through Parliament, could force Telegram to scan for illegal content or face fines. But encryption advocates warn that such measures would undermine digital privacy for millions. The Indian exam leak has become a pivotal case study in this global debate.
Meanwhile, Indian authorities are demanding that Telegram reveal the identities of the group’s administrators. The company has so far refused, citing its privacy policy. This has led to a war of words between New Delhi and Dubai, where Telegram’s parent company is based.
The stakes are high. If the UK follows India’s lead, Telegram could be forced to choose between encryption and access to one of the world’s largest markets. Durov, who has moved from country to country evading regulation, may find his final stand in a courtroom in London.
This report is based on internal documents from India’s Central Bureau of Investigation and interviews with cybersecurity experts. Telegram did not respond to requests for comment. The investigation continues.
