Keep End-to-End Encryption Strong, No Backdoors

Governments are once again pressuring tech companies to weaken end-to-end encryption in the name of fighting serious crime. In the UK, authorities want on-demand access to encrypted messages and data—an approach echoed in other countries—but delivering that access would require software backdoors that undermine security for everyone.

Why backdoors don’t work

• Backdoors break the core promise of end-to-end encryption: only the sender and recipient can read the data.
• Per-country restrictions are inherently unenforceable. Travelers, expats, and anyone using multiple devices or app stores can easily bypass them.
• Limiting compliance to local app developers or app store settings would simply drive people to alternatives outside the jurisdiction.

A case study: Apple’s ADP in the UK
In February, Apple pulled Advanced Data Protection (ADP) for UK users after receiving a non-public notice under the Investigatory Powers Act that would have required an encryption backdoor. Apple’s stance was clear: “We have never built a backdoor or master key to any of our products or services and we never will.” ADP is truly end-to-end encrypted—only the account holder can decrypt their files. WhatsApp publicly backed Apple’s position.

The policy gap and easy workarounds
The UK argues that anyone physically in the country should be accountable to a UK court. Yet Apple’s current geofencing appears to hinge on the Apple ID’s country/region setting rather than physical location. Switching your account region outside the UK re-enables ADP. While that may limit app availability for a moment, users can enable ADP and switch back—ADP stays active. And once enabled, turning encryption off requires decrypting data first, adding practical friction to any enforcement attempt.

Border control chaos
If the goal is to enforce decryption at the border, the logistics are unworkable. Each traveler would need to:

• Decrypt all end-to-end encrypted content
• Disable affected apps or features across every device
• Repeat for multiple phones, tablets, and laptops
  This is unrealistic at scale and would grind border processing to a halt. Meanwhile, users with simple setups—like two phones with different region settings—can already bypass restrictions with minimal effort.

Who actually gets hurt
Criminals will continue to use foreign services, stronger tools, or simple region workarounds. The result: only law-abiding residents in regulated countries end up with weaker privacy and greater exposure. A system that’s easy to bypass and impossible to enforce is, simply put, unfit for purpose.

What a better balance looks like
ESET’s position is clear: strong encryption is essential for privacy, data security, and cybercrime prevention. When one government mandates weaker encryption, others tend to follow—often with fewer safeguards for citizens. The sustainable approach is not backdoors, but lawful access through court warrants with robust oversight and accountability.

Bottom line
The tech industry should continue to reject backdoors and protect end-to-end encryption. It keeps users safe, preserves trust, and avoids creating vulnerabilities that bad actors—and hostile states—would inevitably exploit.

Source: WeLiveSecurity