Tag: encryption

The Encryption Double Life of Canberra

The Australian government is quietly relying on encrypted messaging to conduct sensitive business, even as it hardens its stance against public use of secure communications.

While the public faces increasing surveillance and legal pressure for using end-to-end encryption, senior officials are steering policy conversations into private digital spaces, shielding them from scrutiny under Freedom of Information (FOI) laws.

Since midyear, ministerial staff have been advising lobbyists, peak bodies and industry groups to avoid email altogether and submit reform proposals through the encrypted messaging app Signal.

Some of these exchanges have been requested using disappearing messages, ensuring there is no record retained on government systems.

Several sources confirmed to the Saturday Paper that this guidance is now common across a number of policy areas.

In addition to Signal, stakeholders have been encouraged to use phone calls for detailed conversations and limit the content of any written communications.

In at least one case, after a formal meeting, the follow-up came in the form of a verbal summary rather than the usual written recap sent by email.

While the government has maintained formal channels for official submissions, a secondary mode of policymaking is taking shape.

This mode operates out of reach of archiving protocols and public oversight.

One participant in this informal process described it as an effort to protect the early phases of policy development from outside scrutiny, arguing that “fluid thoughts and ideas” should be exempt from public record.

Yet the effect of these practices is to create a shadow layer of government consultation that leaves no trace and falls outside the accountability mechanisms intended to safeguard democratic participation.

Keep reading

Chat Control 2.0: EU Moves Toward Ending Private Communication

Between the coffee breaks and the diplomatic niceties of Brussels bureaucracy, a quiet dystopian revolution might be taking place. On November 26, a roomful of unelected officials could nod through one of the most consequential surveillance laws in modern European history, without ever having to face the public.

The plan, politely titled EU Moves to End Private Messaging with Chat Control 2.0, sits on the agenda of the Committee of Permanent Representatives, or Coreper, a club of national ambassadors whose job is to prepare legislation for the European Council. This Wednesday, they may “prepare” it straight into existence.

According to MEP Martin Sonneborn, Coreper’s diplomats could be ready to endorse the European Commission’s digital surveillance project in secret.

It was already due for approval a week earlier before mysteriously vanishing from the schedule. Now it’s back, with privacy advocates watching like hawks who suspect the farmer’s got a shotgun.

The Commission calls Chat Control 2.0 a child-protection measure. The branding suggests moral urgency; the text suggests mass surveillance. The proposal would let governments compel messaging services such as WhatsApp or Signal to scan users’ messages before they’re sent.

Officials insist that the newest version removes mandatory scanning, which is a bit like saying a loaded gun is safer because you haven’t pulled the trigger yet.

Keep reading

The Disguised Return of The EU’s Private Message Scanning Plot

A major political confrontation over online privacy is approaching as European governments prepare to decide on “Chat Control 2.0,” the European Commission’s revised proposal for monitoring private digital communications.

The plan, which could be endorsed behind closed doors, has drawn urgent warnings from Dr. Patrick Breyer, a jurist and former Member of the European Parliament, who says the draft conceals sweeping new surveillance powers beneath misleading language about “risk mitigation” and “child protection.”

In a release sent to Reclaim The Net, Breyer, long a defender of digital freedom, argues that the Commission has quietly reintroduced compulsory scanning of private messages after it was previously rejected.

He describes the move as a “deceptive sleight of hand,” insisting that it transforms a supposedly voluntary framework into a system that could compel all chat, email, and messaging providers to monitor users.

“This is a political deception of the highest order,” Breyer said.

“Following loud public protests, several member states, including Germany, the Netherlands, Poland, and Austria, said ‘No’ to indiscriminate Chat Control. Now it’s coming back through the back door disguised, more dangerous, and more comprehensive than ever. The public is being played for fools.”

Under the new text, providers would be obliged to take “all appropriate risk mitigation measures” to prevent abuse on their platforms. While the Commission presents this as a flexible safety requirement, Breyer insists it is a loophole that could justify forcing companies to scan every private message, including those protected by end-to-end encryption.

“The loophole renders the much-praised removal of detection orders worthless and negates their supposed voluntary nature,” he said.

He warns that it could even lead to the introduction of “client-side scanning,” where users’ devices themselves perform surveillance before messages are sent.

Unlike the current temporary exemption known as “Chat Control 1.0,” which allows voluntary scanning of photos and videos, the new draft would open the door to text and metadata analysis. Algorithms and artificial intelligence could be deployed to monitor conversations and flag “suspicious” content.

Keep reading

UK Crime Agency Backs “Upload Prevention” Plan to Scan Encrypted Messages

Britain’s Internet Watch Foundation (IWF) has decided that privacy needs a chaperone.

The group has launched a campaign urging tech companies to install client-side scanning in encrypted apps, a proposal that would make every private message pass through a local checkpoint before being sent.

The IWF calls it an “upload prevention” system. Critics might call it the end of private communication disguised as a safety feature.

Under the plan, every file or image shared on a messaging app would be checked for sexual abuse material (CSAM).

The database would be maintained by what the IWF describes as a “trusted body.” If a match is found, the upload is blocked before encryption can hide it. The pitch is that nothing leaves the device unless it’s cleared, but that is like claiming a home search is fine as long as the police do not take anything.

As has been shown in Germany, this technology would not only catch criminals. Hashing errors and false positives happen, which means lawful material could be stopped before it ever leaves a phone.

And once the scanning infrastructure is built, there is nothing stopping it from being redirected toward new categories of “harmful” or “illegal” content. The precedent would be set: your phone would no longer be a private space.

Although the IWF is running this show, it has plenty of political muscle cheering it on.

Safeguarding Minister Jess Phillips praised the IWF campaign, saying: “It is clear that the British public want greater protections for children online and we are working with technology companies so more can be done to keep children safer. The design choices of platforms cannot be an excuse for failing to respond to the most horrific crimes…If companies don’t comply with the Online Safety Act they will face enforcement from the regulator. Through our action we now have an opportunity to make the online world safer for children, and I urge all technology companies to invest in safeguards so that children’s safety comes first.”

That endorsement matters. It signals that the government is ready to use the already-controversial Online Safety Act to pressure companies into surveillance compliance.

Ofcom, armed with new regulatory powers under that Act, can make “voluntary” ideas mandatory with little more than a memo.

The UK’s approach to online regulation is becoming increasingly invasive. The government recently tried to compel Apple to install a back door into its encrypted iCloud backups under the Investigatory Powers Act. Apple refused and instead pulled its most secure backup option from British users, leaving the country with weaker privacy than nearly anywhere else in the developed world.

Keep reading

The EU’s Two-Tier Encryption Vision Is Digital Feudalism

Sam Altman, CEO of OpenAI, recently showed a moment of humanity in a tech world that often promises too much, too fast. He urged users not to share anything with ChatGPT that they wouldn’t want a human to see. The Department of Homeland Security in the United States has already started to take notice.

His caution strikes at a more profound truth that underpins our entire digital world. In a realm where we can no longer be certain whether we’re dealing with a personit is clear that software is often the agent communicating, not people. This growing uncertainty is more than just a technical challenge. It strikes at the very foundation of trust that holds society together. 

This should cause us to reflect not just on AI, but on something even more fundamental, far older, quieter and more critical in the digital realm: encryption.

In a world increasingly shaped by algorithms and autonomous systems, trust is more important than ever. 

Encryption is our foundation

Encryption isn’t just a technical layer; it is the foundation of our digital lives. It protects everything from private conversations to global financial systems, authenticates identity and enables trust to scale across borders and institutions.

Crucially, it’s not something that can be recreated through regulation or substituted with policy. When trust breaks down, when institutions fail or power is misused, encryption is what remains. It’s the safety net that ensures our most private information stays protected, even in the absence of trust.

A cryptographic system isn’t like a house with doors and windows. It is a mathematical contract; precise, strict and meant to be unbreakable. Here, a “backdoor” is not just a secret entry but a flaw embedded in the logic of the contract, and one flaw is all it takes to destroy the entire agreement. Any weakness introduced for one purpose could become an opening for everyone, from cybercriminals to authoritarian regimes. Built entirely on trust through strong, unbreakable code, the entire structure begins to collapse once that trust is broken. And right now, that trust is under threat. 

Keep reading

Signal Threatens to Exit Europe Over EU Push for Messaging App Scanning Law

Signal is warning it will walk away from Europe rather than participate in what privacy defenders describe as one of the most dangerous surveillance schemes ever proposed by the EU.

Lawmakers in Brussels are pressing for a law that would compel messaging apps to break their own security by installing scanning systems inside private communications.

Meredith Whittaker, president of Signal, said the company will never compromise on encryption to satisfy government demands.

“Unfortunately, if we were given the choice of either undermining the integrity of our encryption and our data protection guarantees or leaving Europe, we would make the decision to leave the market,” she told the dpa news agency.

The draft legislation is framed as a child protection measure, but would require all major messengers, from WhatsApp to Signal to Telegram, to monitor every message before it is encrypted.

This would eliminate true private communication in Europe and create tools that could be abused for mass surveillance.

Privacy advocates have repeatedly warned that once a backdoor exists, there is no way to restrict who uses it or for what purpose.

Whittaker was clear about the stakes. “It guarantees the privacy of millions upon millions of people around the world, often in life-threatening situations as well.”

She added that Signal refuses to enable chat control because “it’s unfortunate that politicians continue to fall prey to a kind of magical thinking that assumes you can create a backdoor that only the good have access to.”

Any such system, she argued, would make everyone less safe.

The European Parliament already rejected the scanning mandate with a strong cross-party majority, recognizing the threat it poses to basic rights.

But within the Council of Member States, the push for chat control remains alive. Denmark’s presidency could renew momentum for the proposal, even though countries like Germany have so far resisted.

Germany’s position is pivotal. The coalition agreement of its current government promises to defend “the confidentiality of private communications and anonymity online.”

Yet the inclusion of the phrase “in principle” raises alarms, suggesting exceptions could open the door to backdoors in messaging apps.

If Germany wavers, Europe could be on the verge of losing secure communication altogether.

Keep reading

X Urges EU to Reject “Chat Control 2.0” Surveillance Law Threatening End-to-End Encryption

X is urging European governments to reject a major surveillance proposal that the company warns would strip EU citizens of core privacy rights.

In a public statement ahead of a key Council vote scheduled for October 14, the platform called on member states to “vigorously oppose measures to normalize surveillance of its citizens,” condemning the proposed regulation as a direct threat to end-to-end encryption and private communication.

The draft legislation, widely referred to as “Chat Control 2.0,” would require providers of messaging and cloud services to scan users’ content, including messages, photos, and links, for signs of child sexual abuse material (CSAM).

Central to the proposal is “client-side scanning” (CSS), a method that inspects content directly on a user’s device before it is encrypted.

X stated plainly that it cannot support any policy that would force the creation of “de facto backdoors for government snooping,” even as it reaffirmed its longstanding commitment to fighting child exploitation.

The company has invested heavily in detection and removal systems, but draws a clear line at measures that dismantle secure encryption for everyone.

Privacy experts, researchers, and technologists across Europe have echoed these warnings.

By mandating that scans occur before encryption is applied, the regulation would effectively neutralize end-to-end encryption, opening private conversations to potential access not only by providers but also by governments and malicious third parties.

The implications reach far beyond targeted investigations. Once CSS is implemented, any digital platform subject to the regulation would be forced to scrutinize every message and file sent by its users.

This approach could also override legal protections enshrined in the EU Charter of Fundamental Rights, specifically Articles 7 and 8, which safeguard privacy and the protection of personal data.

A coalition of scientists issued a public letter warning that detection tools of this kind are technically flawed and unreliable at scale.

High error rates could lead to false accusations against innocent users, while actual abuse material could evade detection.

Keep reading

U.S. Secret Service disrupts telecom network that threatened NYC during U.N. General Assembly

The Secret Service has disrupted a sprawling telecommunications network in the New York tri-state area that investigators say posed a serious potential disruption to New York’s telecom systems and a possible threat to the United Nations General Assembly meetings this week.

In the largest seizure of its kind, the U.S. Secret Service announced Tuesday that the agency found active SIM farms at abandoned apartment buildings located at more than five sites. In total, law enforcement discovered 300 SIM servers – over 100,000 SIM cards – enabling encrypted, anonymous communication and capable of sending 30 million text messages per minute. Officials say the servers were so powerful they could have disabled cell phone towers and launched distributed denial of services attacks with the ability to block emergency communications like EMS and police dispatch. 

“This network had the potential to disable cell phone towers and essentially shut down the cellular network in New York City,” U.S. Secret Service Special Agent in Charge Matt McCool said in a video released by the agency.

An official briefed on the investigation told reporters that this week, the sophisticated network “could text message the entire country within 12 minutes,” later adding, “This was well organized and well funded.”

Telephonic threats to multiple senior U.S. officials this past spring – including multiple people protected by the Secret Service – first triggered the investigation, but officials say the network was seized within the last three weeks.

“We cannot share which officials were targeted out of concerns for their privacy, but as the forensics investigation continues, we do expect that we will find more targeted officials once we get through that data,” McCool said. 

Early analysis shows the network was used for communication between foreign governments and individuals known to U.S. law enforcement, including members of known organized crime gangs, drug cartels and human trafficking rings, according to multiple officials briefed on the investigation. The U.S. Secret Service says it is combing through the more than 100,000 SIM cards in an ongoing, exhaustive forensic analysis.

“Each SIM basically has the equivalent data of a cell phone. So we’re working through every call, every text, every search made on those SIM cards,” an official told CBS News, adding, “Early analysis indicates that this network was used for communication between foreign governments and individuals that are known to federal law enforcement here in the U.S.”

The equipment was found within 35 miles of the United Nations in New York, ahead of the U.N. General Assembly. Investigators also found 80 grams of cocaine, illegal firearms, plus computers and phones.

“This isn’t a group of people in a basement playing a video game and trying to play a prank,” one official said. “This was well organized and well funded.”

Keep reading

What Is ICE Doing With This Israeli Spyware Firm?

The deployment of Paragon’s Graphite spyware was a major scandal in Italy. Earlier this year, the messaging app WhatsApp revealed that 90 journalists and civil society figures had been targeted by the military-grade surveillance tech, which gives “total access” to a victim’s messages. The Italian government admitted to spying on refugee rights activists, and Paragon cancelled its contract with the government almost immediately after the story broke.

Now the same software may be coming to America—and again with an immigration focus. Last week, the U.S. Department of Homeland Security quietly lifted a stop-work order on a $2 million contract that Immigration and Customs Enforcement (ICE) had with Paragon for a “fully configured proprietary solution including license, hardware, warranty, maintenance, and training.”

The deal was first signed by the Biden administration, and it was frozen in October 2024, less than a week after Wired broke the news of the contract. An administration official later insisted to Wired that, rather than reacting to bad publicity, they were reviewing the contract to comply with President Joe Biden’s order to ensure that commercial spyware use by the U.S. government “does not undermine democracy, civil rights and civil liberties.”

The details of that review—or even the contract itself—were never publicly disclosed. But the results are clear: ICE now has a green light to use whatever software Paragon was offering. (Neither Paragon nor ICE responded to requests for comment from The Guardian.)

The Citizen Lab at the University of Toronto, dedicated to researching electronic surveillance, found that Graphite targeted users through a “zero-click exploit.” By adding someone to a WhatsApp group in a certain way, Graphite can force their phones to read an infected PDF file without the user’s input. In other words, a cyberattack can be disguised as a spam text—and works even if victims ignore it.

After discovering the vulnerability with the Citizen Lab’s help, WhatsApp said in a statement that it was “constantly working to stay ahead of threats” and “build new layers of protection into WhatsApp.”

Paragon was co-founded by Ehud Barak, a former Israeli prime minister and general in charge of military intelligence, and Ehud Schneorson, a former head of Unit 8200, the Israeli equivalent of the National Security Agency. Last year, an American private equity firm bought Paragon for $500 million with the intention of merging it into RED Lattice, a firm connected to former U.S. intelligence officials. Paragon has positioned itself as a more ethical alternative to NSO Group, a spyware company similarly run by Unit 8200 veterans.

In 2021, NSO Group suffered a series of scandals after it was revealed that its Pegasus spyware was sold to police states around the world and was possibly used to spy on journalists who were murdered. NSO Group accused the media of running a “vicious and slanderous campaign” and promised to “thoroughly investigate any credible proof of misuse.” The Biden administration hit NSO Group with economic sanctions in response.

Around the time that the Pegasus scandal was breaking, a Paragon executive boasted to Forbes that their company would only deal with customers who “abide by international norms and respect fundamental rights and freedoms.”

Keep reading

Mullvad Introduces QUIC-Based WireGuard Obfuscation to Bypass Censorship and VPN Blocks

Mullvad has begun rolling out a new feature that hides WireGuard connections inside QUIC traffic, a technique designed to help users slip past aggressive censorship systems.

By making VPN traffic look more like ordinary encrypted browsing, the update gives people in tightly controlled regions, including Russia and China, a better chance of maintaining stable access to the internet.

It also helps with accessing websites that are increasingly trying to ban VPNs.

The addition comes as Mullvad prepares to move away from OpenVPN, which it will no longer support starting January 2026.

With that change on the horizon, the company is putting its weight behind WireGuard while also making sure it remains usable in countries where standard WireGuard connections are heavily throttled or blocked.

QUIC itself is not new. Originally created by Google and now the backbone of HTTP/3, the protocol is prized for its speed, ability to handle multiple streams of data at once, and resilience against network issues.

Services like YouTube already rely on it, making QUIC traffic extremely common. Mullvad takes advantage of that by wrapping WireGuard’s UDP packets inside QUIC, effectively disguising VPN usage as something indistinguishable from normal web activity.

To make this possible, Mullvad has turned to MASQUE, a standard that allows UDP traffic to be tunneled through HTTP/3 connections.

The result is traffic that appears identical to everyday browsing, far harder for censors to single out and shut down.

The feature is included in Mullvad’s desktop apps for Windows and macOS beginning with version 2025.9.

Users can activate it in the VPN settings, though if multiple connection attempts fail, the client will automatically switch over to QUIC on its own. Support for Android and iOS devices is also planned.

Different VPN companies are taking different routes to achieve similar goals. Proton VPN relies on its Stealth protocol, which disguises WireGuard traffic inside TLS.

Keep reading