Encryption is an essential component of a safe and trustworthy Internet. Weakening it not only undermines personal privacy but also jeopardizes national security and global cybersecurity standards.
Earlier this year, the UK government used a secret Technical Capacity Notice under the amended 2016 Investigatory Powers Act to demand that Apple modify its iCloud service to grant law enforcement access to encrypted user data, challenging Apple’s longstanding commitment to privacy.
The secret nature of this order is particularly concerning. Policy changes, decisions, or bills that threaten encryption are usually public, which provides an opportunity for the technical community, civil society, and the general public to voice their concerns. Additionally, while the secret order to Apple was leaked to the press, it is unclear whether other companies may have received similar orders.
Because of the interconnected nature of the Internet, encryption issues are truly global. This mandate, if enforced, would create a dangerous precedent and force Apple to create vulnerabilities that affect users far beyond UK borders. Users worldwide could have their data exposed to unauthorized surveillance. Encryption plays a critical and irreplaceable role in safeguarding our personal data.
While governments cite national security and crime prevention as justifications for backdoors—ways to access encrypted data—they inherently weaken the integrity of encryption, increasing the risk of malicious third parties accessing sensitive information.
We need strong encryption to protect everyday communications, financial transactions, and even national security information. Vulnerable groups—including journalists, activists, and marginalized communities—rely on robust encryption to shield their identities and sensitive communications from harassment and oppression.
Introducing backdoors into encryption systems creates inherent security flaws. Once a vulnerability exists, it’s not only available to law enforcement, but it could also be exploited by cybercriminals and hostile state actors. Ironically, while claiming to increase safety, governments that allow backdoors actually put their citizens at risk.
Beyond the technical risks, encryption backdoors have human rights implications as well.
Weakening encryption erodes trust, stifles freedom of expression, and could lead to mass surveillance, impacting not just UK citizens but users globally.
Global Implications
Backdoor mandates contribute to Internet fragmentation. Following the UK government’s order, Apple has already withdrawn its encrypted backup services from the UK. This means that UK Apple users do not have the same options for data security, and their experience is different from that of other users worldwide; they are already less safe.
Online safety for children is a huge global issue, and there is a lot of pressure on governments and law enforcement to find a solution. The UK’s order could inspire similar legislation in countries worldwide, limiting encryption, threatening the privacy of even more people, and putting those very children in harm’s way. What children deserve is legislation that tackles the issue effectively and proportionally, without inhibiting security, rights, and privacy for all.
Enforcing backdoor mandates could also drive international tech companies to exit markets like the UK. To maximize profit and efficiency, tech corporations want to offer consistent methods and services. When a government requests a backdoor, they might exit the market instead of reworking their systems, further fragmenting the global digital ecosystem and impeding technological innovation.
Alternatively, and more dangerously, if many governments request backdoors, tech companies might normalize them in their services and make them available in as many markets as possible.
(Internet society)
UK’s backdoor mandate: Online safety implications
