It would work because only friendly Telex stations outside of the censor's reach will be given the private key. Without the private key, it would be impossible to tell a Telex tag from a legit encryption nonce. The censor must either get hold of the private key - and the service could be built to use a new private key every few minutes - or brute force decrypt the suspected Telex tag, which is a lot more trouble than it's worth. The system operates on the same principle as RSA encryption - everyone knows how to perform the encryption/decryption process, but only a select few have the necessary keys to actually DEcrypt the message. The censor could go ahead and build as many Telex stations as they want, but unless someone gives them the private key they won't be able to tell a Telex tagged request from, say, a legit bank transaction request.