{"id":223760,"date":"2025-05-19T12:00:00","date_gmt":"2025-05-19T12:00:00","guid":{"rendered":"https:\/\/www.internetsociety.org\/?p=223760"},"modified":"2025-08-29T17:54:41","modified_gmt":"2025-08-29T17:54:41","slug":"encryption-under-threat-the-uks-backdoor-mandate-and-its-impact-on-online-safety","status":"publish","type":"post","link":"https:\/\/www.internetsociety.org\/blog\/2025\/05\/encryption-under-threat-the-uks-backdoor-mandate-and-its-impact-on-online-safety\/","title":{"rendered":"Encryption Under Threat: The UK\u2019s Backdoor Mandate and Its Impact on Online Safety"},"content":{"rendered":"\n<p>Encryption is an essential component of a safe and trustworthy Internet. Weakening it not only undermines personal privacy but also jeopardizes national security and global cybersecurity standards.&nbsp;<\/p>\n\n\n\n<p>Earlier this year, the UK government used a secret Technical Capacity Notice under the amended 2016 Investigatory Powers Act to demand that Apple modify its iCloud service to grant law enforcement access to encrypted user data, challenging Apple\u2019s longstanding commitment to privacy.&nbsp;<\/p>\n\n\n\n<p>The secret nature of this order is particularly concerning. Policy changes, decisions, or bills that threaten encryption are usually public, which provides an opportunity for the technical community, civil society, and the general public to voice their concerns. Additionally, while the secret order to Apple was leaked to the press, it is unclear whether other companies may have received similar orders.<\/p>\n\n\n\n<div class=\"wp-block-uagb-blockquote uagb-block-72d4cd98 uagb-blockquote__skin-quotation uagb-blockquote__align-left uagb-blockquote__style-style_2 uagb-blockquote__stack-img-none\"><blockquote class=\"uagb-blockquote\"><span class=\"uagb-blockquote__icon\"><svg width=\"20\" height=\"20\" viewBox=\"0 0 32 32\"><path d=\"M7.031 14c3.866 0 7 3.134 7 7s-3.134 7-7 7-7-3.134-7-7l-0.031-1c0-7.732 6.268-14 14-14v4c-2.671 0-5.182 1.040-7.071 2.929-0.364 0.364-0.695 0.751-0.995 1.157 0.357-0.056 0.724-0.086 1.097-0.086zM25.031 14c3.866 0 7 3.134 7 7s-3.134 7-7 7-7-3.134-7-7l-0.031-1c0-7.732 6.268-14 14-14v4c-2.671 0-5.182 1.040-7.071 2.929-0.364 0.364-0.695 0.751-0.995 1.157 0.358-0.056 0.724-0.086 1.097-0.086z\"><\/path><\/svg><\/span><div class=\"uagb-blockquote__content\">This really erodes trust in the system, trust in the technology. In that way, it\u2019s even more damaging than some of the other encryption threats we see around the world.&#8221;<\/div><footer><div class=\"uagb-blockquote__author-wrap uagb-blockquote__author-at-left\"><cite class=\"uagb-blockquote__author\">Callum Voge, Director of Government Affairs and Advocacy, Internet Society<\/cite><\/div><\/footer><\/blockquote><\/div>\n\n\n\n<p>Because of the interconnected nature of the Internet, encryption issues are truly global. This mandate, if enforced, would create a dangerous precedent and force Apple to create vulnerabilities that affect users far beyond UK borders. Users worldwide could have their data exposed to unauthorized surveillance.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Encryption and the Risks of Backdoors<\/h4>\n\n\n\n<p>Encryption plays a critical and irreplaceable role in safeguarding our personal data. While governments cite national security and crime prevention as justifications for backdoors\u2014ways to access encrypted data\u2014they inherently weaken the integrity of encryption, increasing the risk of malicious third parties accessing sensitive information.&nbsp;<\/p>\n\n\n\n<div class=\"wp-block-uagb-blockquote uagb-block-50b8c441 uagb-blockquote__skin-quotation uagb-blockquote__align-left uagb-blockquote__style-style_2 uagb-blockquote__stack-img-none\"><blockquote class=\"uagb-blockquote\"><span class=\"uagb-blockquote__icon\"><svg width=\"20\" height=\"20\" viewBox=\"0 0 32 32\"><path d=\"M7.031 14c3.866 0 7 3.134 7 7s-3.134 7-7 7-7-3.134-7-7l-0.031-1c0-7.732 6.268-14 14-14v4c-2.671 0-5.182 1.040-7.071 2.929-0.364 0.364-0.695 0.751-0.995 1.157 0.357-0.056 0.724-0.086 1.097-0.086zM25.031 14c3.866 0 7 3.134 7 7s-3.134 7-7 7-7-3.134-7-7l-0.031-1c0-7.732 6.268-14 14-14v4c-2.671 0-5.182 1.040-7.071 2.929-0.364 0.364-0.695 0.751-0.995 1.157 0.358-0.056 0.724-0.086 1.097-0.086z\"><\/path><\/svg><\/span><div class=\"uagb-blockquote__content\">Because you are creating a system that would allow bypassing encryption, that usually will mean also the level of encryption that you provide in your algorithm will be made lower, and so it is, by design, less secure.&#8221;<\/div><footer><div class=\"uagb-blockquote__author-wrap uagb-blockquote__author-at-left\"><cite class=\"uagb-blockquote__author\">Charles Mok, Trustee, Internet Society<\/cite><\/div><\/footer><\/blockquote><\/div>\n\n\n\n<p>We need strong encryption to protect everyday communications, financial transactions, and even national security information. Vulnerable groups\u2014including journalists, activists, and marginalized communities\u2014rely on robust encryption to shield their identities and sensitive communications from harassment and oppression.&nbsp;<\/p>\n\n\n\n<p>Introducing backdoors into encryption systems creates inherent security flaws. Once a vulnerability exists, it\u2019s not only available to law enforcement, but it could also be exploited by cybercriminals and hostile state actors. Ironically, while claiming to increase safety, governments that allow backdoors actually put their citizens at risk.&nbsp;<\/p>\n\n\n\n<p>Beyond the technical risks, encryption backdoors have human rights implications as well.&nbsp;<\/p>\n\n\n\n<div class=\"wp-block-uagb-blockquote uagb-block-d55da881 uagb-blockquote__skin-quotation uagb-blockquote__align-left uagb-blockquote__style-style_2 uagb-blockquote__stack-img-none\"><blockquote class=\"uagb-blockquote\"><span class=\"uagb-blockquote__icon\"><svg width=\"20\" height=\"20\" viewBox=\"0 0 32 32\"><path d=\"M7.031 14c3.866 0 7 3.134 7 7s-3.134 7-7 7-7-3.134-7-7l-0.031-1c0-7.732 6.268-14 14-14v4c-2.671 0-5.182 1.040-7.071 2.929-0.364 0.364-0.695 0.751-0.995 1.157 0.357-0.056 0.724-0.086 1.097-0.086zM25.031 14c3.866 0 7 3.134 7 7s-3.134 7-7 7-7-3.134-7-7l-0.031-1c0-7.732 6.268-14 14-14v4c-2.671 0-5.182 1.040-7.071 2.929-0.364 0.364-0.695 0.751-0.995 1.157 0.358-0.056 0.724-0.086 1.097-0.086z\"><\/path><\/svg><\/span><div class=\"uagb-blockquote__content\">Another problem is the chilling effect. Even the perception that encryption is no longer trustworthy causes people to self-censor, disengage, or stop organizing. Civic space is going to be weaker around the world.\u201d<\/div><footer><div class=\"uagb-blockquote__author-wrap uagb-blockquote__author-at-left\"><cite class=\"uagb-blockquote__author\">Farzaneh Badiei, Founder, Digital Medusa<\/cite><\/div><\/footer><\/blockquote><\/div>\n\n\n\n<p>Weakening encryption erodes trust, stifles freedom of expression, and could lead to mass surveillance, impacting not just UK citizens but users globally.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Global Implications<\/h4>\n\n\n\n<p>Backdoor mandates contribute to Internet fragmentation. Following the UK government\u2019s order, Apple has already withdrawn its encrypted backup services from the UK. This means that UK Apple users do not have the same options for data security, and their experience is different from that of other users worldwide; they are already less safe.&nbsp;<\/p>\n\n\n\n<p>Online safety for children is a huge global issue, and there is a lot of pressure on governments and law enforcement to find a solution. The UK\u2019s order could inspire similar legislation in countries worldwide, limiting encryption, threatening the privacy of even more people, and putting those very children in harm\u2019s way. What children deserve is legislation that tackles the issue effectively and proportionally, without inhibiting security, rights, and privacy for all.&nbsp;<\/p>\n\n\n\n<p>Enforcing backdoor mandates could also drive international tech companies to exit markets like the UK. To maximize profit and efficiency, tech corporations want to offer consistent methods and services. When a government requests a backdoor, they might exit the market instead of reworking their systems, further&nbsp;fragmenting&nbsp;the global digital ecosystem and impeding technological innovation.&nbsp;<\/p>\n\n\n\n<p>Alternatively, and more dangerously, if many governments request backdoors, tech companies might normalize them in their services and make them available in as many markets as possible.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">What Can You Do?<\/h4>\n\n\n\n<p>Collaboration between civil society, tech companies, and policymakers is vital. When these spheres stand together, they become stronger and are better positioned to resist measures threatening online safety and privacy.&nbsp;<\/p>\n\n\n\n<p>You can join advocacy efforts, connect with like-minded individuals, and mobilize. The Global Encryption Coalition promotes and defends encryption where it is under threat.&nbsp;<a href=\"https:\/\/www.globalencryption.org\/get-involved\/\">Join the coalition today.<\/a><\/p>\n\n\n\n<p>Your voice is powerful; use it to stand up for encryption. If you live in the UK,&nbsp;<a href=\"https:\/\/actionnetwork.org\/letters\/keep-backups-secure-in-the-uk\/\">join our letter-writing campaign<\/a> and let your elected officials know that you oppose orders that force technology companies to weaken encryption.&nbsp;<\/p>\n\n\n\n<h5 class=\"wp-block-heading has-accent-purple-color has-text-color has-link-color wp-elements-a74c354ff20b628a45d30d3e06ff146a\">Want to learn more about the UK\u2019s backdoor mandate and its impact on online safety?&nbsp;<a href=\"https:\/\/isoc.live\/19040\/\">Watch the full webinar from our Online Safety Special Interest Group.<\/a><\/h5>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Image \u00a9&nbsp;<a href=\"https:\/\/unsplash.com\/@chris_robert?utm_content=creditCopyText&amp;utm_medium=referral&amp;utm_source=unsplash\">Chris Robert<\/a>&nbsp;on&nbsp;<a href=\"https:\/\/unsplash.com\/photos\/a-flag-on-a-pole-vwHhC2NVBbA?utm_content=creditCopyText&amp;utm_medium=referral&amp;utm_source=unsplash\">Unsplash<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Encryption is an essential component of a safe and trustworthy Internet. Weakening it not only undermines personal privacy but also jeopardizes national security and global cybersecurity standards.\u00a0<\/p>\n","protected":false},"author":1892,"featured_media":223766,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_uag_custom_page_level_css":"","footnotes":""},"categories":[5693,40,4898],"tags":[6049,2764],"region_news_regions":[5931],"content_category":[6085],"ppma_author":[6047],"class_list":["post-223760","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-community","category-encryption","category-strong-internet","tag-online-trust-and-safety","tag-sig","region_news_regions-global","content_category-blog-type"],"acf":[],"uagb_featured_image_src":{"full":["https:\/\/www.internetsociety.org\/wp-content\/uploads\/2025\/05\/UK-Flag.jpg",1200,550,false],"thumbnail":["https:\/\/www.internetsociety.org\/wp-content\/uploads\/2025\/05\/UK-Flag-150x150.jpg",150,150,true],"medium":["https:\/\/www.internetsociety.org\/wp-content\/uploads\/2025\/05\/UK-Flag-450x206.jpg",450,206,true],"medium_large":["https:\/\/www.internetsociety.org\/wp-content\/uploads\/2025\/05\/UK-Flag-768x352.jpg",768,352,true],"large":["https:\/\/www.internetsociety.org\/wp-content\/uploads\/2025\/05\/UK-Flag-1024x469.jpg",1024,469,true],"1536x1536":["https:\/\/www.internetsociety.org\/wp-content\/uploads\/2025\/05\/UK-Flag.jpg",1200,550,false],"2048x2048":["https:\/\/www.internetsociety.org\/wp-content\/uploads\/2025\/05\/UK-Flag.jpg",1200,550,false],"post-thumbnail":["https:\/\/www.internetsociety.org\/wp-content\/uploads\/2025\/05\/UK-Flag-250x115.jpg",250,115,true],"square":["https:\/\/www.internetsociety.org\/wp-content\/uploads\/2025\/05\/UK-Flag-600x550.jpg",600,550,true],"gform-image-choice-sm":["https:\/\/www.internetsociety.org\/wp-content\/uploads\/2025\/05\/UK-Flag.jpg",300,138,false],"gform-image-choice-md":["https:\/\/www.internetsociety.org\/wp-content\/uploads\/2025\/05\/UK-Flag.jpg",400,183,false],"gform-image-choice-lg":["https:\/\/www.internetsociety.org\/wp-content\/uploads\/2025\/05\/UK-Flag.jpg",600,275,false]},"uagb_author_info":{"display_name":"Godsway Kubi","author_link":"https:\/\/www.internetsociety.org\/author\/kubi\/"},"uagb_comment_info":0,"uagb_excerpt":"Encryption is an essential component of a safe and trustworthy Internet. Weakening it not only undermines personal privacy but also jeopardizes national security and global cybersecurity standards.\u00a0","authors":[{"term_id":6047,"user_id":1892,"is_guest":0,"slug":"kubi","display_name":"Godsway Kubi","avatar_url":"https:\/\/secure.gravatar.com\/avatar\/85ff14986234953f107d22b23878ed80811f7f3817f60efc7aaddd30012e8c1e?s=96&d=mm&r=g","author_category":"","last_name":"Kubi","first_name":"Godsway","job_title":"","user_url":"","description":""}],"_links":{"self":[{"href":"https:\/\/www.internetsociety.org\/wp-json\/wp\/v2\/posts\/223760","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.internetsociety.org\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.internetsociety.org\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.internetsociety.org\/wp-json\/wp\/v2\/users\/1892"}],"replies":[{"embeddable":true,"href":"https:\/\/www.internetsociety.org\/wp-json\/wp\/v2\/comments?post=223760"}],"version-history":[{"count":0,"href":"https:\/\/www.internetsociety.org\/wp-json\/wp\/v2\/posts\/223760\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.internetsociety.org\/wp-json\/wp\/v2\/media\/223766"}],"wp:attachment":[{"href":"https:\/\/www.internetsociety.org\/wp-json\/wp\/v2\/media?parent=223760"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.internetsociety.org\/wp-json\/wp\/v2\/categories?post=223760"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.internetsociety.org\/wp-json\/wp\/v2\/tags?post=223760"},{"taxonomy":"region_news_regions","embeddable":true,"href":"https:\/\/www.internetsociety.org\/wp-json\/wp\/v2\/region_news_regions?post=223760"},{"taxonomy":"content_category","embeddable":true,"href":"https:\/\/www.internetsociety.org\/wp-json\/wp\/v2\/content_category?post=223760"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.internetsociety.org\/wp-json\/wp\/v2\/ppma_author?post=223760"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}