Governments continue losing efforts to gain backdoor access to secure communications
The spotlight on encrypted apps is also a reminder of the complex debate pitting government interests against individual liberties. Governments desire to monitor everyday communications for law enforcement, national security and sometimes darker purposes. On the other hand, citizens and businesses claim the right to enjoy private digital discussions in today's online world.
The positions governments take often are framed as a 'war on encryption' by technology policy experts and civil liberties advocates. As a cybersecurity researcher, I've followed the debate for nearly 30 years and remain convinced that this is not a fight that governments can easily win.
Traditionally, strong encryption capabilities were considered military technologies crucial to national security and not available to the public. However, in 1991, computer scientist Phil Zimmermann released a new type of encryption software called Pretty Good Privacy (PGP). It was free, open-source software available on the internet that anyone could download. PGP allowed people to exchange email and files securely, accessible only to those with the shared decryption key, in ways similar to highly secured government systems.
Following an investigation into Zimmermann, the U.S. government came to realize that technology develops faster than law and began to explore remedies. It also began to understand that once something is placed on the internet, neither laws nor policy can control its global availability.
Fearing that terrorists or criminals might use such technology to plan attacks, arrange financing or recruit members, the Clinton administration advocated a system called the Clipper Chip, based on a concept of key escrow. The idea was to give a trusted third party access to the encryption system and the government could use that access when it demonstrated a law enforcement or national security need.
Clipper was based on the idea of a 'golden key,' namely, a way for those with good intentions – intelligence services, police – to access encrypted data, while keeping people with bad intentions – criminals, terrorists – out.
Clipper Chip devices never gained traction outside the U.S. government, in part because its encryption algorithm was classified and couldn't be publicly peer-reviewed. However, in the years since, governments around the world have continued to embrace the golden key concept as they grapple with the constant stream of technology developments reshaping how people access and share information.
Following Edward Snowden's disclosures about global surveillance of digital communications in 2013, Google and Apple took steps to make it virtually impossible for anyone but an authorized user to access data on a smartphone. Even a court order was ineffective, much to the chagrin of law enforcement. In Apple's case, the company's approach to privacy and security was tested in 2016 when the company refused to build a mechanism to help the FBI break into an encrypted iPhone owned by a suspect in the San Bernardino terrorist attack.
At its core, encryption is, fundamentally, very complicated math. And while the golden key concept continues to hold allure for governments, it is mathematically difficult to achieve with an acceptable degree of trust. And even if it was viable, implementing it in practice makes the internet less safe. Security experts agree that any backdoor access, even if hidden or controlled by a trusted entity, is vulnerable to hacking.
Governments around the world continue to wrestle with the proliferation of strong encryption in messaging tools, social media and virtual private networks.
For example, rather than embrace a technical golden key, a recent proposal in France would have provided the government the ability to add a hidden 'ghost' participant to any encrypted chat for surveillance purposes. However, legislators removed this from the final proposal after civil liberties and cybersecurity experts warned that such an approach would undermine basic cybersecurity practices and trust in secure systems.
In 2025, the U.K. government secretly ordered Apple to add a backdoor to its encryption services worldwide. Rather than comply, Apple removed the ability for its iPhone and iCloud customers in the U.K. to use its Advanced Data Protection encryption features. In this case, Apple chose to defend its users' security in the face of government mandates, which ironically now means that users in the U.K. may be less secure.
In the United States, provisions removed from the 2020 EARN IT bill would have forced companies to scan online messages and photos to guard against child exploitation by creating a golden-key-type hidden backdoor. Opponents viewed this as a stealth way of bypassing end-to-end encryption. The bill did not advance to a full vote when it was last reintroduced in the 2023-2024 legislative session.
Opposing scanning for child sexual abuse material is a controversial concern when encryption is involved: Although Apple received significant public backlash over its plans to scan user devices for such material in ways that users claimed violated Apple's privacy stance, victims of child abuse have sued the company for not better protecting children.
Even privacy-centric Switzerland and the European Union are exploring ways of dealing with digital surveillance and privacy in an encrypted world.
Governments usually claim that weakening encryption is necessary to fight crime and protect the nation – and there is a valid concern there. However, when that argument fails to win the day, they often turn to claiming to need backdoors to protect children from exploitation.
From a cybersecurity perspective, it is nearly impossible to create a backdoor to a communications product that is only accessible for certain purposes or under certain conditions. If a passageway exists, it's only a matter of time before it is exploited for nefarious purposes. In other words, creating what is essentially a software vulnerability to help the good guys will inevitably end up helping the bad guys, too.
Often overlooked in this debate is that if encryption is weakened to improve surveillance for governmental purposes, it will drive criminals and terrorists further underground. Using different or homegrown technologies, they will still be able to exchange information in ways that governments can't readily access. But everyone else's digital security will be needlessly diminished.
This lack of online privacy and security is especially dangerous for journalists, activists, domestic violence survivors and other at-risk communities around the world.
Encryption obeys the laws of math and physics, not politics. Once invented, it can't be un-invented, even if it frustrates governments. Along those lines, if governments are struggling with strong encryption now, how will they contend with a world when everyone is using significantly more complex techniques like quantum cryptography?
Governments remain in an unenviable position regarding strong encryption. Ironically, one of the countermeasures the government recommended in response to China's hacking of global telephone systems in the Salt Typhoon attacks was to use strong encryption in messaging apps such as Signal or iMessage.
Reconciling that with their ongoing quest to weaken or restrict strong encryption for their own surveillance interests will be a difficult challenge to overcome.
This article is republished from The Conversation, a nonprofit, independent news organization bringing you facts and trustworthy analysis to help you make sense of our complex world. It was written by: Richard Forno, University of Maryland, Baltimore County
Read more:
Are private conversations truly private? A cybersecurity expert explains how end-to-end encryption protects you
Signal is not the place for top secret communications, but it might be the right choice for you – a cybersecurity expert on what to look for in a secure messaging app
EU law would require Big Tech to do more to combat child sexual abuse, but a key question remains: How?
Richard Forno has received research funding related to cybersecurity from the National Science Foundation (NSF), the Department of Defense (DOD), and the US Army during his academic career since 2010.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
New York Post
27 minutes ago
- New York Post
American dad DUPED into fighting on Russian frontlines after family fled US
An American dad has been duped into fighting on the front lines of Russia's army. Derek Huffman and his wife, DeAnna, moved their three daughters, ages 10, 11 and 12, across the globe to avoid 'woke ideology" in the US in March. He joined the Russian military in the hopes of expediting citizenship for his family. Despite being assured he would serve a non-combat role – either as a welder or a correspondent – his wife DeAnna claimed in a since-deleted YouTube video that he's being 'thrown to the wolves.' Here's everything we know about the 'anti-woke' family who fled the US to Russia – and the dangerous turn of events they didn't see coming.
Chicago Tribune
27 minutes ago
- Chicago Tribune
Billionaire owner of the Los Angeles Times says he will take the newspaper public in the coming year
LOS ANGELES — Dr. Patrick Soon-Shiong, the billionaire owner of the Los Angeles Times since 2018, said this week that he intends to take the newspaper public in the coming year. During an interview on Monday's 'The Daily Show With Jon Stewart,' Soon-Shiong said the move would allow the Times 'to be democratized and allow the public to have ownership of this paper.' Soon-Shiong said he's working with 'an organization that's putting that together right now.' He didn't identify the organization or say whether the deal would involve an initial public offer to sell shares of the company or another investment arrangement. 'Whether you're right, left, Democrat, Republican, you're an American. So the opportunity for us to provide a paper that is the voices of the people, truly the voices of the people, is important,' he said. Soon-Shiong, a biotech billionaire, acquired the Times as part of a $500 million deal, returning it to local ownership two decades after the Chandler family sold it to Tribune Co. Soon-Shiong's purchase raised hopes after years of cutbacks, circulation declines and leadership changes. But like much of the media industry, the Times has continued to face financial difficulties, losing money and subscribers. Last year the company said it would lay off at least 115 employees — more than 20% of the newsroom — in one of the largest staff cuts in the newspaper's history. Also in 2024, executive editor Kevin Merida suddenly stepped down after a 2 1/2-year tenure at the newspaper that spanned the coronavirus pandemic and three Pulitzer Prizes, as well as a period of layoffs and contentious contract negotiations.
Android Authority
27 minutes ago
- Android Authority
Google Photos starts rolling out the new look for its video player
Joe Maring / Android Authority TL;DR Google has started rolling out a new update to its Photos app, which includes a new video player UI. Additionally, the company has changed up its setup UI for new Photos users. These updates are part of Google's gradual rollout of its Material 3 Expressive redesign. Google has started rolling out some of its visual changes to the Photos app, which include a new video player progress bar with larger controls. While we spotted a few of the upcoming changes in an APK teardown back in June, users can now get access to the new UI by updating their Google Photos app to the latest version. The rollout was initially tipped by users in the Gapps Leaks Telegram group and we've since confirmed it by updating the app on our own devices. The video player now has a larger progress bar, along with a vertical indicator for easy navigation through the timeline. The volume button now sits above the progress bar. Rather than using the pause button in the center of the screen, there's a new pause button above the progress bar. Old player New player Fast forward indicator But instead of holding down on the left or right side of the video to adjust video playback speed and fast forward and rewind, the updated player allows you to double tap on the left or right of the video to skip ahead or rewind by five seconds. With additional taps, you can skip ahead or rewind further, with five seconds added per tap. Google has also tweaked the onboarding screen, making the user's profile picture and name more prominent. While this aligns with Google's Material Expressive 3 redesign, it lacks the useful mobile data toggle that we found nifty in our April onboarding UI teardown. Old New While there's something to be said for incremental changes, we're hoping that Google will continue to make more substantive updates to the app. I personally find the ability to share Google Photos albums with a QR code quite nice. Google is currently working on a bunch of redesigned elements for other apps which embrace the Material 3 Expressive design language. These include updates to Gmail, Phone, Meet, and plenty more. Got a tip? Talk to us! Email our staff at Email our staff at news@ . You can stay anonymous or get credit for the info, it's your choice.
