Governments Continue Losing Efforts to Gain Backdoor Access to Secure Communications

The debate over encrypted communications has been raging for years, with governments pushing for backdoor access to secure messages and private conversations. However, despite their efforts, they continue to lose ground in this battle. As a cybersecurity researcher, I've followed the debate for nearly 30 years and remain convinced that this is not a fight that governments can easily win.

In the early days of encryption, strong encryption capabilities were considered military technologies crucial to national security and not available to the public. However, with the release of Pretty Good Privacy (PGP) in 1991, this changed. PGP allowed people to exchange email and files securely, accessible only to those with the shared decryption key. This was a major turning point in the development of encryption technology.

Fearing that terrorists or criminals might use such technology to plan attacks, arrange financing or recruit members, the Clinton administration advocated for a system called the Clipper Chip, based on a concept of key escrow. The idea was to give a trusted third party access to the encryption system and the government could use that access when it demonstrated a law enforcement or national security need.

However, this approach never gained traction outside the U.S. government, in part because its encryption algorithm was classified and couldn't be publicly peer-reviewed. Instead, governments around the world have continued to embrace the golden key concept as they grapple with the constant stream of technology developments reshaping how people access and share information.

In recent years, governments have tried various approaches to gain backdoor access to encrypted messages and social media platforms. In France, a proposal was made to provide the government with the ability to add a hidden "ghost" participant to any encrypted chat for surveillance purposes. However, legislators removed this from the final proposal after civil liberties and cybersecurity experts warned that such an approach would undermine basic cybersecurity practices and trust in secure systems.

In 2025, the U.K. government secretly ordered Apple to add a backdoor to its encryption services worldwide. Rather than comply, Apple removed the ability for its iPhone and iCloud customers in the U.K. to use its Advanced Data Protection encryption features. This decision was seen as a victory for user security and privacy.

In the United States, provisions were removed from the 2020 EARN IT bill that would have forced companies to scan online messages and photos to guard against child exploitation by creating a golden-key-type hidden backdoor. Opponents viewed this as a stealth way of bypassing end-to-end encryption.

The Laws of Math and Physics, Not Politics

Governments often claim that weakening encryption is necessary to fight crime and protect the nation. However, when that argument fails to win the day, they often turn to claiming to need backdoors to protect children from exploitation.

From a cybersecurity perspective, it is nearly impossible to create a backdoor to a communications product that is only accessible for certain purposes or under certain conditions. If a passageway exists, it's only a matter of time before it is exploited for nefarious purposes.

In other words, creating what is essentially a software vulnerability to help the good guys will inevitably end up helping the bad guys, too. This lack of online privacy and security is especially dangerous for journalists, activists, domestic violence survivors, and other at-risk communities around the world.

Encryption Obeys the Laws of Math and Physics

Once invented, encryption can't be un-invented, even if it frustrates governments. Along those lines, if governments are struggling with strong encryption now, how will they contend with a world when everyone is using significantly more complex techniques like quantum cryptography?

The Challenge Ahead

Governments remain in an unenviable position regarding strong encryption. Reconciling their desire for surveillance with the need to protect user privacy and security will be a difficult challenge to overcome.

Ironically, one of the countermeasures the government recommended in response to China's hacking of global telephone systems in the Salt Typhoon attacks was to use strong encryption in messaging apps such as Signal or iMessage. Reconciling this with their ongoing quest to weaken or restrict strong encryption for their own surveillance interests will be a difficult challenge to overcome.

The debate over encrypted communications is far from over, and it's likely that governments will continue to face challenges in finding a balance between security and privacy. As a cybersecurity researcher, I'll continue to monitor this issue and provide expert analysis on the latest developments.