A New Era of Attacks on Encryption Is Starting to Heat Up


Over the past decade, encrypted communication has become the norm for billions of people. Every day, Signal, iMessage, and WhatsApp keep billions of messages, photos, videos, and calls private by using end-to-end encryption by default—while Zoom, Discord, and various other services all have options to enable the protection. But despite the technology’s mainstream rise, long-standing threats to weaken encryption keep piling up.

Over the past few months, there has been a surge in government and law enforcement efforts that would effectively undermine encryption, privacy advocates and experts say, with some of the emerging threats being the most “blunt” and aggressive of those in recent memory. Officials in the UK, France, and Sweden have all made moves since the start of 2025 that could undermine or eliminate the protections of end-to-end encryption, adding to a multiyear European Union plan to scan private chats and Indian efforts that could damage encryption.

These latest assaults on encryption come as intelligence agencies and law enforcement officials in the United States have recently backtracked on years of anti-encryption attitudes and now recommend that people use encrypted communication platforms whenever they can. The drastic shift in attitude followed the China-backed Salt Typhoon hacker group’s widespread breach of major US telecoms, and it comes as the second Trump administration ramps up potential surveillance of millions of undocumented migrants living in the US. Simultaneously, the administration has been straining longtime, crucial international intelligence-sharing agreements and partnerships.

“The trend is bleak,” says Carmela Troncoso, a longtime privacy and cryptography researcher and the scientific director at the Max-Planck Institute for Security and Privacy in Germany. “We see these new policies coming up as mushrooms trying to undermine encryption.”

End-to-end encryption is designed so only the sender and receiver of messages have access to their contents—governments, tech companies, and telecom providers can’t snoop on what people are saying. Those privacy and security guarantees have made encryption a target for law enforcement and governments for decades, because officials claim that the protection makes it prohibitively difficult to investigate urgent threats such as child sexual abuse material and terrorism.

As a result, governments around the world have frequently proposed technical mechanisms to bypass encryption and allow access to messages for investigations. Cryptographers and technologists have repeatedly and definitively warned, though, that any backdoor created to access end-to-end encrypted communications could be exploited by hackers or authoritarian governments, compromising everyone’s safety. Additionally, it is likely that criminals would find ways to continue to use self-made encryption tools to conceal their messages, meaning that backdoors in mainstream products would succeed at undermining protections for the public without eliminating its use by bad actors.

Broadly, the recent threats to encryption have come in three forms, says Namrata Maheshwari, the encryption policy lead at international nonprofit Access Now. First, there are those where governments or law enforcement agencies are asking for backdoors to be built into encrypted platforms to gain “lawful access” to content. At the end of February, for example, Apple pulled its encrypted iCloud backup system, called Advanced Data Protection, from use in the UK after the country’s lawmakers reportedly hit the Cupertino company with a secret order demanding Apple provide access to encrypted files. To do so, Apple would have had to create a backdoor. The order, which has been criticized by the Trump administration, is set to be challenged in a secret court hearing on March 14.



Source link