With so much of our daily communications happening online, strengthening digital security with strong encryption seems like a logical step forward. And yet the demand from governments to create encryption backdoors for scanning private communications is on the rise. Privacy enthusiasts and policymakers present clashing, yet convincing arguments that might put you on the fence. So let’s examine both viewpoints to get a clearer picture of what’s at stake.
To understand why encryption backdoors are a privacy risk, you should be familiar with what encryption is. Encryption is a method for protecting digital information by scrambling or ciphering it so it can’t be accessed, changed, or compromised. Encrypted information can only be read by an authorized party who has a decryption key. Most modern algorithms use 256-bit-length keys, making encrypted data virtually uncrackable for cybercriminals. Communication service providers use this method to secure their user’s private data, such as login and banking credentials and digital communications.
A backdoor is a method for bypassing the required authorization and accessing secured data. An encryption backdoor uses an entry point into the encryption mechanism, or a weakness, put in place on purpose by the service provider to allow access to the information that would otherwise be protected from all entities. But this raises a question — why weaken a security mechanism in the first place?
Governments and lawmakers base their proposals for encryption backdoors on the argument that criminals use encrypted communication services, like email and messaging platforms, for unlawful activities. Creating a backdoor would enable the monitoring of communications and, possibly, the detection and prevention of criminal wrongdoing.
However, this is a one-legged argument because if lawmakers can use a backdoor, it means that cybercriminals can use it too. No one can guarantee that hackers will never get their hands on these encryption weaknesses. Backdoors would compromise the main goal of encrypted services — their security, let alone breach the privacy of their users. But let’s look at a real-life example to get a clearer picture.
The recent developments on the EU’s legal front reflect the tendency for lawmakers to push for unrestricted access to encrypted digital communications. In July 2021, the European Parliament passed a regulation, Chat Control 1.0, that allows digital companies to detect and report child sexual abuse on their platforms without fear of violating Europe’s privacy laws. In other words, this bill allows communication services to scan their users’ private communications for explicit material with the aim of curbing child abuse.
In May 2022, the European Commission presented a proposal, known as Chat Control 2.0, that takes Chat Control 1.0 even further. This regulation would make it mandatory for communication service providers to search their users’ private chats, messages, and emails, including encrypted ones, for suspicious content. In essence, this means mandatory mass surveillance using fully automated real-time surveillance technology (artificial intelligence). Suspicious messages flagged by AI would be reported to law enforcement and investigated. The bill was stalled due to fears that it undermines EU’s privacy laws and possibly opens the door for companies to monitor other private communications.
But what would it mean to you, as a user of communication services? Chat Control 2.0 would mandate companies to comb through your private encrypted communications in search of triggers, such as phrases, images, and videos associated with child abuse. Imagine your spouse sending you photos of your child. You look at the photos and text back something perfectly innocent, unaware that AI has just flagged your conversation as suspicious and transferred the images of your child to a special database.
Privacy supporters oppose this large-scale monitoring of communications, including end-to-end encrypted content, saying it’s a breach of privacy. Let’s take the example of Chat Control 2.0:
Any type of abuse of children is a serious crime that requires clear, efficient, and concerted action to fight it, concentrating on the root causes and social policies. Scanning millions of messages, most of which have nothing to do with the problem, seems ineffective and raises privacy concerns. Even if the scanning were consensual, the implementation has flaws and is unlikely to produce the desired result of fighting child abuse, namely because:
In 1948, the United Nations declared privacy a human right in its Universal Declaration of Human Rights, Article 12. Most people who use encryption services are law-abiding citizens who have a right to privacy and security as well as the use of the relevant tools. Backdoors violate these rights. If you provide a backdoor to encrypted communication once, pretty soon, no encryption service will be truly private.
Without end-to-end encryption, independent journalists, whistleblowers, and dissidents would not be able to communicate online without facing the risk of arrest. Lots of NGOs working in repressive countries also rely on encrypted communication. Human rights activists, doctors, and lawyers would not be able to confidentially communicate with their clients online or protect them without encrypted services.
The words “privacy” and “anonymity” are often used interchangeably even though they mean different things. This is confusing, especially when discussing encryption services.
Anonymity implies hiding your identity. In the digital world, this could mean creating a fake profile and spreading information without disclosing your true identity. Anonymity plays a major role in whistleblowing movements and the fight for human rights and freedom of speech under restrictive regimes, but it can also become a threat in the hands of criminals. However, it is practically impossible to achieve full anonymity online.
Privacy, on the other hand, is never about hiding something — it’s about what you’re willing to share. It means keeping certain information, like personal chats, images, and videos, to yourself and having control over who can access it. Encryption services provide the privacy that we all need in our digital lives. At NordVPN, we advocate for online privacy and keeping in line with the law.
At NordVPN, we support the right of every internet user to have a private and secure digital life.
NordVPN offers an encrypted VPN service that adds to your online privacy and security. It encrypts all of your online traffic by means of sophisticated algorithms and hides your virtual location by routing your traffic through remote servers, allowing you to browse with increased safety and privacy.
Online security starts with a click.
Stay safe with the world’s leading VPN
We value your privacy