From 'encryption backdoor' to 'lawful access' — is a compromise between privacy, security, and law enforcement needs actually possible? | Tech Radar

Overview

News, deals, reviews, guides and more on the newest computing gadgets

Start exploring exclusive deals, expert advice and more

Details

Unlock and manage exclusive Techradar member rewards.

Unlock instant access to exclusive member features.

Get full access to premium articles, exclusive features and a growing list of member rewards.

From 'encryption backdoor' to 'lawful access' — is a compromise between privacy, security, and law enforcement needs actually possible?

Canada is the latest country pushing for "lawful access" to data

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

(Image credit: Colin Andreson Productions pty ltd/via Getty Images)

When privacy advocates thought they had won the Crypto Wars in the 1990s, they probably wouldn’t have guessed they’d still be discussing whether decrypting private data is a bad or good idea 30 years later. But since at least 2020, a stream of governments have been trying to create a backdoor to encryption under the new name of "lawful access".

Canada's C-22 bill is the latest such proposal. It seeks to force all "electronic service providers" to install "technical capabilities" to allow law enforcement access to all communications and sensitive data of Canadian citizens.

For law enforcement, it’s about modernising the data access rights and equipping officers with the tools to fight back the most serious crimes — organized crime, human trafficking, and online sexual exploitation.

Australia 'Swiss cheese-like age verification' may lead to a VPN ban, and digital safety is at risk

EU Parliament said no mass surveillance of your chats — but the Chat Control saga isn't done

'Trust me bro': Experts warn the UK's new digital ID approach lacks robust data protections

For cryptographers, data scientists, security experts, and privacy advocates, however, creating a backdoor to encryption is, of course, a major concern – a false step that will lead to far more problems than it might solve.

Then, there are the political divisions that it creates and the seemingly endless back-and-forth debates, which take up precious parliamentary time.

In the EU, what’s been called Chat Control took over three years of failed attempts to reach a final stage and produce a watered-down version where the encryption backdoor may be “voluntary” instead, and with experts believing it’s "a disaster waiting to happen". And that’s only if politicians can push it through.

The hot mess that is Chat Control might even be considered a success story in comparison. The French Parliament rejected an encryption backdoor in 2025. A similar proposal in Sweden went quiet after a strong backlash from privacy and security experts around the same time. In 2023, the UK also decided to halt a similar provision within its Online Safety Act “until it is technically feasible” to do so.

But despite these failures, the desire for the ability to decrypt data when convenient to the authorities does not seem to have been blunted.

Under the Protect EU strategy, European policymakers are looking at how to meet Europol’s demands — decrypting citizens’ data by 2030. And the UK has resorted to another law of its own – the controversial 2016 Investigatory Powers Act – to hit Apple with at least two encryption backdoor requests to bypass i Cloud’s Advanced Data Protection feature.

Canada’s recent move highlights the appearance of a change in approach that governments seem to think will ease the passage of this kind of legislation. "Lawful access" is the growing rebranding of the hobbling of encryption, but will this softer appearing approach be enough to get the same demands over the line?

The EU’s age verification app has a privacy problem — and it may be more than just a 'bug in an app'

The price to pay — This is why 400+ scientists are calling for a halt to mandatory age verification

'A violation of fundamental rights' – Civil society calls on Switzerland to abandon data retention proposals

Is it even possible to find a compromise between the encryption access requirements of law enforcement and the level of privacy and security that citizens deserve?

I’ve been following these legal attempts closely since the beginning of 2023, and there’s something that I keep hearing as a mantra when I talk with the people working in cybersecurity: encryption is maths. It either works for everyone or it’s broken for everyone. A backdoor, that only the good guys can use, cannot exist.

It’s not just digital rights groups that are aware of this. I once attended an event where a former investigator was arguing how encryption is also "vital for law enforcement" because it keeps both citizens and organizations safe.

When the Salt Typhoon occurred — the unprecedented cyberattacks that targeted all the major US telecom systems — FBI and CISA agents were quick to urge all citizens to switch to encrypted services under the refrain "Encryption is your friend." This is surely not something that the authorities really wish to weaken?

Former General Counsel of the US Federal Bureau of Investigation James A. Baker argued that creating a backdoor “won't help law enforcement to protect the people they want to protect, but it will expose them to more threats".

It’s bad for both sides, then: private citizens and law enforcement. Undermining encryption not only threatens rights but it’s bad for security, too.

"Imagine being able to attack the digital infrastructure of a country by using a botnet that is exploiting every single Android phone," Society's Senior Director for Internet Trust, Robin Wilton, once explained to me. “It would be catastrophic. Yet, that's what happens if you build a systemic vulnerability into a monoculture of devices."

That’s a huge risk, for something that many believe won’t do much to stop criminals in practice, and, all the while people will keep using encryption anyway through illegal apps, as the Co-Founder of Matrix and encrypted platform Element told me back in March 2023.

As a new encryption backdoor bill makes headlines, 30 organizations and more than 20 cybersecurity experts have already signed the open letter, published by the Global Encryption Coalition, on Tuesday, joining the call to the Canadian federal government to withdraw Bill C-22.

Exactly one week before, on April 21, another coalition, made up of 14 civil liberty groups, refugee rights campaigners, academics, and digital rights organizations, alongside 15 of Canada's most prominent privacy scholars and legal experts, also sent a letter to Prime Minister Mark Carney and every Member of Parliament to call for a full withdrawal.

The hard truth is that the people building the software aren’t on board, either. The likes of Signal, Whats App, and Telegram have said over and over that they would rather leave the market than undermine their encryption protections. Apple even decided to kill its i Cloud’s end-to-end encryption feature in the UK altogether, instead of creating a false sense of security with a backdoor.

Whether all of this will be enough to make Canadian politicians — and others thinking of introducing the same — step back, is a story for another time. What’s clear, though, is that this recent outcry against lawful access is a perfect echo of what we've heard each time a backdoor to encryption is suggested.

Perhaps, Proton’s CEO and Founder, Andy Yen, is right. To find a compromise, the first step is for the tech industry to acknowledge that, yes, privacy can be misused, "but the cost of a world without is so much higher".

The second step may be for law enforcement to accept, too, that — exactly as happens in the offline world — there is some information that they may not be able to access.

Follow Tech Radar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life – wherever cybersecurity, markets, and politics tangle up. She believes an open, uncensored, and private internet is a basic human need and wants to use her knowledge of VPNs to help readers take back control. She writes news, interviews, and analysis on data privacy, online censorship, digital rights, tech policies, and security software, with a special focus on VPNs, for Tech Radar and Tech Radar Pro. Got a story, tip-off, or something tech-interesting to say? Reach out to chiara.castro@futurenet.com

You must confirm your public display name before commenting

17 new movies and TV shows to watch on Netflix, Prime Video, HBO Max, and more this weekend (May 1)

2 Connecticut considers school cell phone ban as more states restrict device use

3 This 'otherworldly’ Mavic 3 Pro shot just won the world’s biggest drone photo prize

4 Zuckerberg blames Meta layoffs on AI costs - with more job cuts possibly to come

54 great Star Wars movies join Disney+ rival ahead of Star Wars Day 2026

Tech Radar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.

© Future US, Inc. Full 7th Floor, 130 West 42nd Street, New York, NY 10036.

Key Takeaways

• News, deals, reviews, guides and more on the newest computing gadgets
• Start exploring exclusive deals, expert advice and more
• Unlock and manage exclusive Techradar member rewards
• Unlock instant access to exclusive member features
• Get full access to premium articles, exclusive features and a growing list of member rewards