Encryption backdoor. This technical-sounding jargon has likely become increasingly familiar to many after Apple decided to kill its advanced security feature on iCloud in the UK instead of creating one. However, authorities' push for greater access to our private communications isn't new or limited to the United Kingdom.
One could assume that people in power see privacy and security as opposing forces. Yet, "these are rather two faces of the same coin," said Andy Yen, CEO of Proton (the privacy firm behind one of the best VPNs and encrypted email apps), during a session at RightsCon 25 in Taipei last February.
"Sure, there are going to be negative externalities of privacy, but the cost of a world without privacy is so much higher," said Yen. "Without privacy, you don't have freedom of speech, you don't have democracy. The choice is pretty obvious."
Encryption, "a misguided target"
Encryption refers to scrambling data into an unreadable form to prevent third-party access. Services like WhatsApp and Signal offer everyday access to encrypted messaging to help improve personal privacy.
Law enforcement and policymakers have long argued that this level of privacy interferes with criminal investigations, de facto preventing them from catching the bad guys. Again, Yen believes that the reasons for this aren't limited to the fact that criminals may be using privacy tools.
"The problem is that [police officers] cannot identify this person, but it doesn't matter whether they are using ProtonMail, Facebook, or Twitter. They have the same issue," Yen said, pointing out how investigators are failing to adjust from fighting crime in the real world to online.
"And this has led to the misguided targeting of encryption services," said Yen.
Digital privacy advocates saved encryption in France, yet again, lately. After harsh criticism, in fact, MPs finally rejected the controversial Article 8 of the proposed Drug Trafficking Act that would have required all encrypted messaging apps and secure email services to decrypt user data upon an authority's request.
That said, authorities increasingly recognize the need for strong encryption to protect against widespread cyberattacks.
Take the Salt Typhoon case, the unprecedented cyberattacks that targeted all the major US telecom systems. In the aftermath of the attack, FBI and CISA agents have urged all citizens to switch to encrypted services under the refrain, "Encryption is your friend."
That's where the encryption backdoor concept comes in. Instead of banning much-needed encrypted tools, authorities want to be able to break through the cryptographic protections when it's needed.
Needless to say, the tech industry has long warned that this cannot be done without undermining the security infrastructure that encrypted tools are built on.
Commenting on this, Yen said: "Encryption is math – it either adds up or it doesn't. You're not able to create a backdoor that will preserve encryption. It is simply not possible."
What's next?
As mentioned earlier, the UK is only one of the countries actively pushing to pick the lock of encrypted communications under the guise of combating crimes.
Sweden is also considering passing a law requiring services like Signal, WhatsApp, and iMessage to create an encryption backdoor on similar grounds. If successful, the new rules could come into force as early as March 2026.
If you don't have privacy, you can never actually have security."
Andy Yen, Proton CEO
Signal President Meredith Whittaker has already reiterated that Signal would rather leave the country than undermine its encryption protections – as the company has on other occasions.
Since 2022, the European Commission has also been trying to pass a proposal to halt the spread of child sexual abuse material (CSAM). Deemed Chat Control by its critics, the law could require scanning all citizens' private communications, including encrypted messages. The bill has failed to attract the needed majority so far, yet it continues returning to lawmakers' agendas.
In January, Europol's chief Catherine De Bolle even stated that "anonymity is not a fundamental right," arguing that tech giants have a "social responsibility" to give the police access to encrypted messages from criminals.
Politicians, law enforcement, and policymakers remain on the opposite side of the spectrum from privacy experts, technologists, and cryptographers. So, what can be done to balance the encryption conundrum?
According to Yen, the first step is acknowledging that a grey zone exists within this technology.
He said: "If we protect privacy, there are going to be negative activities. There are going to be some problems that come as a result of that. Yet, we need to make it clear that if you don't have privacy, you can never actually have security."
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
