Become a TechRadar Insider
When privacy advocates thought they had won the Crypto Wars in the 1990s, they probably wouldn’t have guessed they’d still be discussing whether decrypting private data is a bad or good idea 30 years later. But since at least 2020, a stream of governments have been trying to create a backdoor to encryption under the new name of "lawful access".
Canada's C-22 bill is the latest such proposal. It seeks to force all "electronic service providers" to install "technical capabilities" to allow law enforcement access to all communications and sensitive data of Canadian citizens.
For law enforcement, it’s about modernising the data access rights and equipping officers with the tools to fight back the most serious crimes — organized crime, human trafficking, and online sexual exploitation.
For cryptographers, data scientists, security experts, and privacy advocates, however, creating a backdoor to encryption is, of course, a major concern – a false step that will lead to far more problems than it might solve.
In the EU, what’s been called Chat Control took over three years of failed attempts to reach a final stage and produce a watered-down version where the encryption backdoor may be “voluntary” instead, and with experts believing it’s "a disaster waiting to happen". And that’s only if politicians can push it through.
The hot mess that is Chat Control might even be considered a success story in comparison. The French Parliament rejected an encryption backdoor in 2025. A similar proposal in Sweden went quiet after a strong backlash from privacy and security experts around the same time. In 2023, the UK also decided to halt a similar provision within its Online Safety Act “until it is technically feasible” to do so.
Under the ProtectEU strategy, European policymakers are looking at how to meet Europol’s demands — decrypting citizens’ data by 2030. And the UK has resorted to another law of its own – the controversial 2016 Investigatory Powers Act – to hit Apple with at least two encryption backdoor requests to bypass iCloud’s Advanced Data Protection feature.
Canada’s recent move highlights the appearance of a change in approach that governments seem to think will ease the passage of this kind of legislation. "Lawful access" is the growing rebranding of the hobbling of encryption, but will this softer appearing approach be enough to get the same demands over the line?
Lawful access: what could go wrong?
I’ve been following these legal attempts closely since the beginning of 2023, and there’s something that I keep hearing as a mantra when I talk with the people working in cybersecurity: encryption is maths. It either works for everyone or it’s broken for everyone. A backdoor, that only the good guys can use, cannot exist.
It’s not just digital rights groups that are aware of this. I once attended an event where a former investigator was arguing how encryption is also "vital for law enforcement" because it keeps both citizens and organizations safe.
When the Salt Typhoon occurred — the unprecedented cyberattacks that targeted all the major US telecom systems — FBI and CISA agents were quick to urge all citizens to switch to encrypted services under the refrain "Encryption is your friend." This is surely not something that the authorities really wish to weaken?
Former General Counsel of the US Federal Bureau of Investigation James A. Baker argued that creating a backdoor “won't help law enforcement to protect the people they want to protect, but it will expose them to more threats".
It’s bad for both sides, then: private citizens and law enforcement. Undermining encryption not only threatens rights but it’s bad for security, too.
"Imagine being able to attack the digital infrastructure of a country by using a botnet that is exploiting every single Android phone," Society's Senior Director for Internet Trust, Robin Wilton, once explained to me. “It would be catastrophic. Yet, that's what happens if you build a systemic vulnerability into a monoculture of devices."
That’s a huge risk, for something that many believe won’t do much to stop criminals in practice, and, all the while people will keep using encryption anyway through illegal apps, as the Co-Founder of Matrix and encrypted platform Element told me back in March 2023.
A never ending backlash?
As a new encryption backdoor bill makes headlines, 30 organizations and more than 20 cybersecurity experts have already signed the open letter, published by the Global Encryption Coalition, on Tuesday, joining the call to the Canadian federal government to withdraw Bill C-22.
Exactly one week before, on April 21, another coalition, made up of 14 civil liberty groups, refugee rights campaigners, academics, and digital rights organizations, alongside 15 of Canada's most prominent privacy scholars and legal experts, also sent a letter to Prime Minister Mark Carney and every Member of Parliament to call for a full withdrawal.
The hard truth is that the people building the software aren’t on board, either. The likes of Signal, WhatsApp, and Telegram have said over and over that they would rather leave the market than undermine their encryption protections. Apple even decided to kill its iCloud’s end-to-end encryption feature in the UK altogether, instead of creating a false sense of security with a backdoor.
Whether all of this will be enough to make Canadian politicians — and others thinking of introducing the same — step back, is a story for another time. What’s clear, though, is that this recent outcry against lawful access is a perfect echo of what we've heard each time a backdoor to encryption is suggested.
Perhaps, Proton’s CEO and Founder, Andy Yen, is right. To find a compromise, the first step is for the tech industry to acknowledge that, yes, privacy can be misused, "but the cost of a world without is so much higher".
The second step may be for law enforcement to accept, too, that — exactly as happens in the offline world — there is some information that they may not be able to access.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
