Living in the world today practically necessitates a strong connection to digital services. While it is still possible to go through life without doing everything digitally, our banking, businesses, healthcare, connections with family and friends, culture and so much more are all facilitated in part through digital participation. Our digital lives depend on knowing that our information will be kept safe — we don’t want to use a service if we don’t trust it to secure our data, and neither do any businesses or governments. But we currently live in an era where cybercrime and cyberattacks are becoming more common. To protect our data and ensure the security of the digital structures we all rely on, encryption is an essential tool.
As CCIA’s Jonathan McHale noted, encryption is “the digital equivalent of locking your private information in an unbreakable safe,” using algorithms to ensure the security of any information we desire to be highly protected. Generally, these algorithms scramble readable information into unreadable encrypted text using processes that are easy to perform and impractical to reverse without the proper authorization. In our increasingly digital world, encryption prevents unauthorized access to our text messages, credit cards, bank accounts, medical records, and other sensitive information. Without encryption, this information could not safely be stored or transmitted online, compromising not only personal privacy but highly sensitive and commercially valuable information.
Law enforcement authorities have often sought to circumvent encryption, believing it necessary to combat cybercrime. In 2015, the FBI sought to force Apple to create a backdoor circumventing the password attempt limit on the phone of a mass shooter at the Inland Regional Center in San Bernardino, California before ultimately withdrawing its request. More recently, the UK and Australia have passed laws allowing law enforcement to require that a business create an algorithmic backdoor allowing the government to view encrypted communications stored on the business’s servers. Just two weeks ago, the UK government ordered Apple to create a backdoor allowing law enforcement to access Apple’s data cloud.
Many information security professionals have spoken out against such measures, arguing that any mechanism allowing law enforcement access to encrypted data will also provide access to hackers and other malicious actors. Additionally, encryption backdoors make network security far more complicated and expensive, and, as former NSA director of research Fred Chang testified in 2013, “When it comes to security, complexity is not your friend…. as software systems grow more complex, they will contain more flaws and these flaws will be exploited by cyber adversaries.” Such security vulnerabilities would encompass much of our sensitive information. These concerns have led many information security professionals to share the view of cryptographer and Harvard Kennedy School lecturer Bruce Schneier that “We’re not being asked to choose between security and privacy. We’re being asked to choose between less security and more security.”
In recent years, intelligence officials have come to share these concerns. After the Salt Typhoon operation hacked several major U.S. telecommunications networks in late 2024, FBI and Cybersecurity and Infrastructure Security Agency (CISA) officials cautioned Americans against sending text messages through unencrypted apps, with CISA executive assistant director for cybersecurity Jeff Greene advising that “Encryption is your friend, whether it’s on text messaging or if you have the capacity to use encrypted voice communication. Even if the adversary is able to intercept the data, if it is encrypted, it will make it impossible.” An anonymous senior FBI official echoed this view, warning that “People looking to further protect their mobile device communications would benefit from… responsibly managed encryption.” CISA also released a “Mobile Communications Best Practice Guidance” report following the attack, advising Americans to “use only end-to-end encrypted communications” for their devices and online accounts. Such comments indicate that the intelligence community may at last be shifting away from its long-held view that encryption backdoors are necessary to fight cybercrime. After the recent onslaught of cybercrime against Americans’ unencrypted communications, these agencies have seen firsthand the dangers of undermining Americans’ best defense against such threats.
Moreover, authoritarian regimes have used encryption backdoors to weaken democracy and undermine civil liberties. As international law professor Antonio Alì notes, “The knowledge that private communications can be accessed by government authorities, even in compliance with legal procedures, could discourage the widespread adoption of encryption, much as if people stopped speaking freely for fear of being overheard.” Additionally, “[j]ournalists, activists and other vulnerable groups depend on these systems to operate securely, often in contexts where their own safety is at risk. For them, weakening encryption could mean the difference between being able to do their work safely and being exposed to real and tangible dangers.” Such dangers are not merely hypothetical: In 2016, Russia began requiring its messaging, telecommunications, and social media services to allow the FSB to access its citizens’ metadata and encrypted communications. A Brookings Institute report found that “Civil society groups and independent media have been the primary targets of legalized surveillance, repression, and censorship” as a result. Furthermore, without strong encryption, authoritarian regimes’ communication surveillance need not be limited to their own population– such backdoors could allow them to access the communications of foreign citizens using the same messaging services.
Because of these dangers, Americans’ security, privacy, and civil liberties depend on preserving strong encryption. While encryption backdoors may enable law enforcement to obtain convictions it otherwise could not, they massively increase Americans’ exposure to cybercrime and cyberattacks in the process while increasing the leverage of authoritarian regimes around the world. Encryption enables online safety in a world where our most sensitive information regularly comes under attack. Such threats underscore the need to strengthen, rather than weaken, the foundation of our digital security.