Governments Continue Losing Efforts To Gain Backdoor Access To Secure Communications

Reports that prominent American national security officialsuseda freely available encrypted messaging app, coupled with the rise of authoritarian policies around the world, have led to a surge in interest inencrypted appslike Signal and WhatsApp. These apps prevent anyone, including the government and the app companies themselves, from reading messages they intercept.

The spotlight on encrypted apps is also a reminder of the complex debate pitting government interests against individual liberties. Governments desire tomonitor everyday communicationsfor law enforcement, national security and sometimes darker purposes. On the other hand, citizens and businesses claim theright to enjoy private digital discussionsin today's online world.

The positions governments take often are framed as a war on encryption" by technology policy experts and civil liberties advocates. As acybersecurity researcher, I've followed the debate for nearly 30 years and remain convinced that this is not a fight that governments can easily win.

Understanding the golden key'

Traditionally, strong encryption capabilities were considered military technologies crucial to national security and not available to the public. However, in 1991, computer scientist Phil Zimmermann released a new type of encryption software calledPretty Good Privacy(PGP). It was free, open-source software available on the internet that anyone could download. PGP allowed people to exchange email and files securely, accessible only to those with the shared decryption key, in ways similar to highly secured government systems.

Following an investigation into Zimmermann, the U.S. government came to realize thattechnology develops faster than lawand began to explore remedies. It also began to understand that once something is placed on the internet, neither laws nor policy can control its global availability.

Fearing that terrorists or criminals might use such technology to plan attacks, arrange financing or recruit members, the Clinton administration advocated a system called theClipper Chip, based on a concept ofkey escrow. The idea was to give a trusted third party access to the encryption system and the government could use that access when it demonstrated a law enforcement or national security need.

Clipper was based on the idea of a golden key," namely, a way for those with good intentions - intelligence services, police - to access encrypted data, while keeping people with bad intentions - criminals, terrorists - out.

Clipper Chip devicesnever gained tractionoutside the U.S. government, in part because its encryption algorithm was classified and couldn't be publicly peer-reviewed. However, in the years since, governments around the world have continued to embrace the golden key concept as they grapple with the constant stream of technology developments reshaping how people access and share information.

Following Edward Snowden'sdisclosures about global surveillanceof digital communications in 2013, Google and Apple took steps to make it virtually impossible for anyone but an authorized user to access data on a smartphone. Even a court order was ineffective, much to the chagrin of law enforcement. In Apple's case, the company's approach to privacy and security was tested in 2016 when the companyrefused to build a mechanismtohelp the FBIbreak into an encrypted iPhone owned by a suspect in the San Bernardino terrorist attack.

At its core, encryption is, fundamentally, very complicated math. And while the golden key concept continues to hold allure for governments, it is mathematically difficult to achieve with an acceptable degree of trust. And even if it was viable, implementing it in practicemakes the internet less safe. Security experts agree that any backdoor access, even if hidden or controlled by a trusted entity, is vulnerable to hacking.

Competing justifications and tech realities

Governments around the worldcontinue to wrestle with the proliferationof strong encryption in messaging tools, social media and virtual private networks.

For example, rather than embrace a technical golden key, a recent proposal in France would have provided the government the ability to add a hidden ghost" participant to any encrypted chat for surveillance purposes. However, legislators removed this from the final proposal after civil liberties and cybersecurity experts warned that such an approach wouldundermine basic cybersecurity practicesand trust in secure systems.

In 2025, the U.K. government secretly ordered Apple toadd a backdoorto its encryption services worldwide. Rather than comply, Apple removed the ability for its iPhone and iCloud customers in the U.K. to use its Advanced Data Protection encryption features. In this case, Apple chose to defend its users' security in the face of government mandates, which ironically now means that users in the U.K. may be less secure.

In the United States, provisions removed from the 2020 EARN IT bill would haveforced companies to scan online messagesand photos to guard against child exploitation by creating a golden-key-type hidden backdoor. Opponents viewed this as a stealth way of bypassing end-to-end encryption. The bill did not advance to a full vote when it waslast reintroducedin the 2023-2024 legislative session.

Opposing scanning for child sexual abuse material is a controversial concern when encryption is involved: Although Apple received significantpublic backlashover its plans to scan user devices for such material in ways that users claimed violated Apple's privacy stance, victims of child abuse havesued the companyfor not better protecting children.

Even privacy-centricSwitzerlandand theEuropean Unionare exploring ways of dealing with digital surveillance and privacy in an encrypted world.

The laws of math and physics, not politics

Governments usually claim that weakening encryption is necessary to fight crime and protect the nation - and there is a valid concern there. However, when that argument fails to win the day, they often turn to claiming to need backdoors toprotect childrenfrom exploitation.

From a cybersecurity perspective, it is nearly impossible to create a backdoor to a communications product that is only accessible for certain purposes or under certain conditions. If a passageway exists, it's only a matter of time before it is exploited for nefarious purposes. In other words, creating what is essentially a software vulnerability to help the good guys will inevitably end up helping the bad guys, too.

Often overlooked in this debate is that if encryption is weakened to improve surveillance for governmental purposes, it will drive criminals and terrorists further underground. Using different or homegrown technologies, they will still be able to exchange information in ways that governments can't readily access. But everyone else's digital security will be needlessly diminished.

This lack of online privacy and security is especially dangerous forjournalists,activists,domestic violence survivorsand other at-risk communities around the world.

Encryption obeys the laws of math and physics, not politics. Once invented, it can't be un-invented, even if it frustrates governments. Along those lines, if governments are struggling with strong encryption now, how will they contend with a world when everyone is using significantly more complex techniques like quantum cryptography?

Governments remain in an unenviable position regarding strong encryption. Ironically, one of thecountermeasuresthe government recommended in response to China's hacking of global telephone systems in theSalt Typhoon attackswas to use strong encryption in messaging apps such as Signal or iMessage.

Reconciling that with theirongoing questto weaken or restrict strong encryption for their own surveillance interests will be a difficult challenge to overcome.

Richard Forno is Teaching Professor of Computer Science and Electrical Engineering, and Assistant Director, UMBC Cybersecurity Institute, University of Maryland, Baltimore County. This article is republished from The Conversation under a Creative Commons license. Read the original article.