Encryption is an essential component of a safe and trustworthy Internet. Weakening it not only undermines personal privacy but also jeopardizes national security and global cybersecurity standards.
Earlier this year, the UK government used a secret Technical Capacity Notice under the amended 2016 Investigatory Powers Act to demand that Apple modify its iCloud service to grant law enforcement access to encrypted user data, challenging Apple’s longstanding commitment to privacy.
The secret nature of this order is particularly concerning. Policy changes, decisions, or bills that threaten encryption are usually public, which provides an opportunity for the technical community, civil society, and the general public to voice their concerns. Additionally, while the secret order to Apple was leaked to the press, it is unclear whether other companies may have received similar orders.
This really erodes trust in the system, trust in the technology. In that way, it’s even more damaging than some of the other encryption threats we see around the world.”
Because of the interconnected nature of the Internet, encryption issues are truly global. This mandate, if enforced, would create a dangerous precedent and force Apple to create vulnerabilities that affect users far beyond UK borders. Users worldwide could have their data exposed to unauthorized surveillance.
Encryption and the Risks of Backdoors
Encryption plays a critical and irreplaceable role in safeguarding our personal data. While governments cite national security and crime prevention as justifications for backdoors—ways to access encrypted data—they inherently weaken the integrity of encryption, increasing the risk of malicious third parties accessing sensitive information.
Because you are creating a system that would allow bypassing encryption, that usually will mean also the level of encryption that you provide in your algorithm will be made lower, and so it is, by design, less secure.”
We need strong encryption to protect everyday communications, financial transactions, and even national security information. Vulnerable groups—including journalists, activists, and marginalized communities—rely on robust encryption to shield their identities and sensitive communications from harassment and oppression.
Introducing backdoors into encryption systems creates inherent security flaws. Once a vulnerability exists, it’s not only available to law enforcement, but it could also be exploited by cybercriminals and hostile state actors. Ironically, while claiming to increase safety, governments that allow backdoors actually put their citizens at risk.
Beyond the technical risks, encryption backdoors have human rights implications as well.
Another problem is the chilling effect. Even the perception that encryption is no longer trustworthy causes people to self-censor, disengage, or stop organizing. Civic space is going to be weaker around the world.”
Weakening encryption erodes trust, stifles freedom of expression, and could lead to mass surveillance, impacting not just UK citizens but users globally.
Global Implications
Backdoor mandates contribute to Internet fragmentation. Following the UK government’s order, Apple has already withdrawn its encrypted backup services from the UK. This means that UK Apple users do not have the same options for data security, and their experience is different from that of other users worldwide; they are already less safe.
Online safety for children is a huge global issue, and there is a lot of pressure on governments and law enforcement to find a solution. The UK’s order could inspire similar legislation in countries worldwide, limiting encryption, threatening the privacy of even more people, and putting those very children in harm’s way. What children deserve is legislation that tackles the issue effectively and proportionally, without inhibiting security, rights, and privacy for all.
Enforcing backdoor mandates could also drive international tech companies to exit markets like the UK. To maximize profit and efficiency, tech corporations want to offer consistent methods and services. When a government requests a backdoor, they might exit the market instead of reworking their systems, further fragmenting the global digital ecosystem and impeding technological innovation.
Alternatively, and more dangerously, if many governments request backdoors, tech companies might normalize them in their services and make them available in as many markets as possible.
What Can You Do?
Collaboration between civil society, tech companies, and policymakers is vital. When these spheres stand together, they become stronger and are better positioned to resist measures threatening online safety and privacy.
You can join advocacy efforts, connect with like-minded individuals, and mobilize. The Global Encryption Coalition promotes and defends encryption where it is under threat. Join the coalition today.
Your voice is powerful; use it to stand up for encryption. If you live in the UK, join our letter-writing campaign and let your elected officials know that you oppose orders that force technology companies to weaken encryption.
Want to learn more about the UK’s backdoor mandate and its impact on online safety? Watch the full webinar from our Online Safety Special Interest Group.
Image © Chris Robert on Unsplash