From the UK to Sweden, encrypted communications are increasingly under attack as authorities seek ways to better monitor people’s chats to combat crime. Signal, one of the best encrypted messaging apps, however, isn’t willing to compromise its privacy and security.
“Signal’s position on this is very clear – we will not walk back, adulterate, or otherwise perturb the robust privacy and security guarantees that people depend on,” said Signal President Meredith Whittaker during a panel at RightsCon 25 conference on Tuesday, February 25.
“Whether that perturbation or backdoor is called client-side scanning or the stripping of the encryption protections from one or another features similar to what Apple was pushed into doing in the UK,” she added.
Whittaker’s comments come days after Apple was forced to kill its iCloud’s end-to-end encryption feature in the UK following a government’s order to create an encryption backdoor to allow law enforcement access to users’ data. Sweden is also considering introducing a new law requiring all encrypted communications apps to create a similar backdoor.
UK’s attack on encryption
For almost a week—since Friday, February 21, to be exact—people in the UK have been unable to use Apple’s Advanced Data Protection (ADP) feature on iCloud.
While it’s not a default feature, Apple launched ADP in 2022 to provide an extra layer of protection on all iCloud-stored data via end-to-end encryption technology. This means not even the provider can access these files.
The Big Tech giant removed the feature instead of complying with the UK’s encryption backdoor order, ensuring this decision won’t affect iCloud data categories that are end-to-end encrypted by default. These include users’ health data, passwords, iCloud messages, and Apple card transactions. You can see all the others on Apple’s support page.
“As we have said many times before, we have never built a backdoor or master key to any of our products or services and we never will,” explained Apple in a written statement at the time.
However, it isn’t yet clear the impact this move will have on users’ privacy in and out of the country. What would happen when UK users go abroad, for instance? And what about foreign users traveling in the UK? Most importantly, perhaps, will removing ADP be enough for UK authorities?
These are some of the questions that still need an answer. For Signal, however, it isn’t negotiable and ensures, once again, that the company is ready to leave the UK market instead of undermining encryption.
Sweden and further anti-encryption efforts
The UK isn’t the only country pushing to pick the lock of encrypted communications to facilitate criminal investigations.
Sweden has recently joined the list of governments considering passing legislation to make it mandatory for the likes of Signal, WhatsApp, and iMessage to create an encryption backdoor into their software. If successful, the new rules could come into force as early as March 2026.
Again, talking to Swedish media SVT Nyheter, Whittaker has recently reiterated the company’s stance. She said: “This means asking us to break the encryption that is the foundation of our entire business. Asking us to store data would undermine our entire architecture and we would never do that. We would rather leave the Swedish market completely.
This is because, Whittaker added: “Our responsibility is to offer technology that upholds human rights in an era where those rights are being violated in more and more places.”
Do you know?
Encryption refers to the scrambling of data into an unreadable form to prevent third-party access. End-to-end encryption is the reiteration that messaging apps and secure email services, among other tools, use to protect data in transit by keeping private between the sender and the receiver – end to end.
Outside Sweden, the EU has also been trying to pass a proposal to scan citizens’ private communications, those encrypted included, since 2022 to halt the spread of child sexual abuse material (CSAM). Deemed Chat Control by its critics, the bill keeps receiving pushback from experts and lawmakers alike, who couldn’t yet find a compromise after almost three years and two lighter versions.
In January, Europol’s chief Catherine De Bolle reiterated such efforts to break encryption, arguing “anonymity is not a fundamental right” and technology giants have a “social responsibility” to give the police access to encrypted messages used by criminals.
At the same time, however, recent events like the Salt Typhoon attack on all the major US telecoms have shown how encryption is crucial for the privacy and safety of everyone’s data. On that occasion, even FBI and CISA experts have been calling citizens to switch to encrypted services in the aftermath of this unprecedented cyberattack.
What’s next?
Signal isn’t alone among the tech community calling out on the campaign against encryption. For instance, a group of over 100 civil society organizations, tech companies, and cybersecurity experts have also been urging the UK government to rescind its order to Apple, warning how an iCloud backdoor “jeopardizes the security and privacy of millions.”
The path to mitigate legal actions against encryption is certainly filled with challenges for privacy and tech experts. Yet, users can be reassured Signal is committed to fighting back.
“We’ll we continue to push back,” said Whittaker, pointing out how incidents like Salt Typhoon are a tangible example of what cryptographers, human rights experts, journalists and the technical community at large have been saying for decades – “you cannot build a safe backdoor.”
She added: “Our position doesn’t change. It doesn’t change based on the year, it doesn’t change based on jurisdiction. It’s actually fairly simple.”
https://cdn.mos.cms.futurecdn.net/c8Y4H6WfJAGczJbx98DLc-1200-80.jpg
Source link
chiara.castro@futurenet.com (Chiara Castro)
