Tag: encryption

Canada Moves to Destroy Encryption – Demands Backdoor Access to ALL Available Data

Canada is walking into extremely dangerous territory and most people do not understand the implications because governments always package surveillance laws as “public safety.” That is how this begins every single time historically. They sell fear first, then quietly expand state power behind the scenes while claiming only criminals should worry.

Now even Apple, Google, Meta, Signal, privacy experts, cybersecurity professionals, and members of the U.S. Congress are warning that Canada’s Bill C-22 could force technology companies to weaken encryption and build government access mechanisms directly into their systems.

People need to understand what encryption actually is. Encryption is not some toy used only by criminals. Encryption protects bank accounts, corporate systems, private medical data, government communications, journalists, dissidents, businesses, lawyers, and ordinary citizens. Every time you use secure banking, send a private message, or protect sensitive data online, encryption is standing between you and cybercriminals.

The government always frames these laws as targeting terrorists, child exploitation, organized crime, or national security threats. But the mechanism itself never stays limited. Once governments establish the legal right to force “lawful access” into encrypted systems, the infrastructure for surveillance already exists. The temptation to expand those powers becomes overwhelming.

Apple warned directly that Bill C-22 could allow Canada to “force companies to break encryption by inserting backdoors into their products.” Meta warned the bill could require companies to “break, weaken, or circumvent encryption” and potentially install government spyware capabilities directly into systems. Signal reportedly stated it would rather leave Canada entirely than compromise its encryption promises.

Keep reading

AI Safety Institute Debuts with Big-Name Backers and a Censorship Agenda

Common Sense Media’s Youth AI Safety Institute arrived at the Danish Parliament this week and the guest list is stacked with people who think you can’t be trusted to speak freely online.

Hillary ClintonUrsula von der Leyen, former Biden Surgeon General Vivek Murthy, Ofcom chief Melanie Dawes, and the head of an organization that wants to break end-to-end encryption are all gathering at Christiansborg Palace in Copenhagen to announce what they’d like to do next about AI and children.

The “next” part is where it gets concerning. The Youth AI Safety Institute, launched by Common Sense Media on May 5, says it will “complement efforts by regulators and policymakers to translate frameworks such as the EU AI Act, the Digital Services Act, and the UK Online Safety Act into practical protections for child-safe AI.”

Those three censorship laws represent the most aggressive government-directed speech suppression regimes currently operating in the Western world. The Institute isn’t questioning them. In fact, it wants to help implement them and push them further.

The summit, titled “Keeping Our Children and Families Safe in the AI Era,” is co-hosted by Common Sense Media, Save the Children Denmark, and Margrethe Vestager, who spent years as the European Commission’s executive vice president building the regulatory architecture that now lets EU officials order platforms to delete content.

More than 200 policymakers, tech executives, and civil society figures are expected. King Frederik X of Denmark is giving the opening address. The Duchess of Edinburgh will attend. Danish Prime Minister Mette Frederiksen is on the bill.

And so is Pinterest CEO Bill Ready, whose company helped pay for the Institute’s creation.

Keep reading

France Moves to Break Encrypted Messaging

France’s intelligence delegation in parliament has formally backed breaking the encryption that protects WhatsApp, Signal, and Telegram conversations, recommending that magistrates and intelligence agents be granted what lawmakers describe as targeted access to messages that platforms currently cannot read even themselves.

The delegation, an eight-member body composed of four deputies and four senators, published its conclusions on Monday after months of work on a question that keeps returning to the French Parliament. “The inability to access the content of encrypted communications constitutes a major obstacle for the work of the justice system and intelligence services,” the delegation wrote, framing end-to-end encryption as a problem to be solved rather than a protection to be preserved.

The technology end-to-end encryption uses is precisely the thing the delegation wants weakened. Decryption keys live on user devices, not on company servers, which means the platforms holding your messages genuinely cannot read them. That’s the design and the point. Strip that property away and the protection collapses because a system that lets investigators read messages on demand is also a system that can be abused, leaked, subpoenaed, or hacked.

French police and intelligence services have spent years complaining about this tech. They can still intercept old-fashioned phone calls and SMS messages with a judge’s warrant but encrypted platforms route around that capability entirely.

Keep reading

Apple Fixes Bug That Allowed FBI To Read Deleted Signal Messages

Tech giant Apple has fixed a security flaw that had allowed the FBI to access a Signal user’s deleted messages through their phone’s push notification database, despite the app being deleted and messages being set to disappear.

In a security advisory released on Wednesday, Apple said it had fixed a bug that allowed “notifications marked for deletion” to be “unexpectedly retained on the device.”

In an X post on Wednesday, Signal said the update fixed the issue that made a user’s messages retrievable by law enforcement.

“Apple’s advisory confirmed that the bugs that allowed this to happen have been fixed in the latest iOS release,” Signal said.

Signal uses end-to-end encryption to secure messages between its users. The bug is a reminder that messaging encryption may not be enough to keep data protected when using certain devices or operating systems.

Keep reading

Meta is Ending Instagram Direct Message End-to-End Encryption

Meta is quietly dismantling one of its few genuine privacy commitments. Starting May 8, end-to-end encryption for Instagram direct messages disappears, taking with it the one technical guarantee that kept those conversations private from Meta itself.

“If you have chats that are impacted by this change, you will see instructions on how you can download any media or messages you may want to keep,” the company said in a help document, framing the loss of message privacy as a data export problem. Collect your things, the walls are coming down.

The feature being removed was never universal anyway. End-to-end encryption for Instagram DMs had been available only in certain regions, not enabled by default, since Meta began testing it in 2021 as part of what CEO Mark Zuckerberg called his “privacy-focused vision for social networking.”

That vision apparently has an expiration date. Meta also made encrypted DMs available to all adult users in Ukraine and Russia in February 2022, weeks after the Russian invasion began. That access, too, is ending.

The timing is revealing. TikTok told the BBC last week that it has no plans to bring end-to-end encryption to its DMs, arguing that privacy makes users less safe. Meta is now arriving at the same destination from a different direction.

The stakes are straightforward. End-to-end encryption means only the people in a conversation can read it, a technical lock that excludes the platform, third parties, and anyone who might later obtain a warrant.

When that lock disappears, Meta and its employees can read Instagram DMs, law enforcement can subpoena them, and advertisers may eventually benefit from what gets learned.

Instagram users who relied on encrypted DMs have until May 8 to decide what to archive. After that, their private conversations are Meta’s to read.

Keep reading

TikTok Says Privacy Makes Users Less Safe

Over the past five years, the largest social platforms settled on a clear position about private messaging. Lock it down. Facebook turned on end-to-end encryption. Instagram and Messenger did the same. X joined the club. Yes, metadata is still an issue and the protocols used matter; but, generally speaking, the move was toward more privacy of actual messages.

TikTok looked at that trend and made a different choice. Then it scheduled a briefing in London with the BBC to explain the reasoning.

The explanation was safety.

In the UK, TikTok belongs to ByteDance, a Chinese technology company that operates under Beijing’s jurisdiction. China maintains strict limits on end-to-end encryption inside its borders. TikTok, after its own review of the issue, reached the same policy outcome for its messaging system.

Alan Woodward, a cybersecurity professor at Surrey University, raised that point directly. The company’s “Chinese influence might be behind the decision,” he said, adding that end-to-end encryption is “largely banned in China.”

TikTok declined to engage with that suggestion, of course. The remark hung in the air. However, it’s worth adding that the US operation of TikTok has made no indication that it is moving towards private messaging standards either.

End-to-end encryption is simple in theory. Only the people in a conversation can read the messages. The platform running the service cannot access the content. Governments cannot request it. Engineers inside the company cannot view it.

TikTok’s system operates in a different way. Messages on the platform remain readable to the company. Employees can access them under defined circumstances. Law enforcement agencies can request them through legal channels.

TikTok argues that readable messages allow the company to identify harmful activity.

The debate turns on a basic technical fact. “We can read your messages to catch predators,” and “we can read your messages” describe the same system.

Keep reading

Zohran Mamdani Has Already Broken His Promise to Be Transparent

New York City Mayor Zohran Mamdani has come under fire for using the encrypted messaging app Signal to communicate with elected officials while conducting government business.

On the campaign trail, Mamdani repeatedly promised his administration would be transparent. Yet, a Politico report revealed that the mayor used Signal from a personal phone number to communicate with elected officials and political strategists. In at least one of these exchanges, he discussed official city business.

Three people with knowledge of the matter told POLITICO that as mayor Mamdani has used the encrypted messaging app to communicate with fellow elected officials and political advisers. In at least one instance, he’s discussed government business over the app, according to one of those people, who like the others, was granted anonymity to discuss the sensitive issue.

POLITICO independently confirmed that Mamdani’s Signal account, registered to his personal cell phone number, remains active.

Norman Siegel, a veteran First Amendment lawyer who previously helmed the New York Civil Liberties Union, said mayors should never use Signal to communicate with other government officials as a rule of thumb — and that there’s another particularly important reason why Mamdani himself should avoid the app.

“With our new mayor, so much of what he’s articulating is a breath of fresh air,” Siegel said. ”I would urge him to not engage in Signal or similar kinds of applications that basically are meant to hide information and prevent the public from knowing the inner workings of government.”

Keep reading

Republican Lawmakers Demand Answers on UK’s iCloud Encryption Backdoor Order

Two senior Republican lawmakers are demanding answers from the British government about its secret order forcing Apple to break its own encryption. The UK has until March 11 to respond.

House Judiciary Committee Chairman Jim Jordan and Foreign Affairs Committee Chairman Brian Mast sent a joint letter on Wednesday to Home Secretary Shabana Mahmood, pressing for a formal briefing on the Technical Capability Notice (TCN) served on Apple under the UK’s Investigatory Powers Act.

We obtained a copy of the letter for you here.

It’s the latest move in a surveillance fight that began over a year ago and has rattled the US-UK relationship at the highest levels.

In January 2025, UK security officials secretly ordered Apple to build a backdoor into iCloud that would allow them to decrypt any user’s data, anywhere in the world. Not just suspected criminals, not just UK citizens. Everyone.

The order targeted Apple’s Advanced Data Protection (ADP) feature, the optional end-to-end encryption that ensures even Apple can’t read iCloud backups. Apple’s response was to pull ADP from the UK market entirely in February 2025, stripping strong encryption options from roughly 35 million iPhone users rather than comply with a demand it couldn’t legally discuss.

UK law makes it a criminal offense for companies to confirm or deny the existence of such orders, even to their own government.

Apple couldn’t tell the US Department of Justice that the order existed. The DOJ couldn’t verify whether it complied with the CLOUD Act, the bilateral agreement governing how the two countries share access to digital evidence. That agreement explicitly states it “shall not create any obligation that providers be capable of decrypting data.” The UK’s order appears to do exactly that.

The reaction in Washington was bipartisan. Senator Ron Wyden and Congressman Andy Biggs slammed the order as “effectively a foreign cyber attack waged through political means.”

President Trump compared the UK’s conduct directly to China’s. Speaking to the Spectator after meeting Prime Minister Keir Starmer, Trump said: “We actually told [Starmer] . . . that’s incredible. That’s something, you know, that you hear about with China.” DNI Secretary Tulsi Gabbard called any attempt to compel Apple to create security weaknesses an “egregious violation” of privacy and confirmed legal and intelligence teams were assessing the implications.

Keep reading

UK Government Plans to Use Delegated Powers to Undermine Encryption and Expand Online Surveillance

The UK government wants to scan people’s photos before they send them. Not just children’s photos. Everyone’s.

Technology Secretary Liz Kendall spelled it out on BBC Breakfast, floating a proposal to “block photographs being sent that are potentially nude photographs by anybody or block children from sending those.” That second clause is the tell. Blocking “anybody” from sending potentially nude images requires scanning everybody’s messages. There’s no technical path to that outcome that doesn’t involve reading content the sender assumed was private.

Kendall said the government is conducting a consultation on “whether we should have age limits on things like live streaming” and whether there should be “age limits on what’s called stranger pairing, for example, on games online.” The consultation, she said, will look at all of these. That list now covers messaging apps, photo sharing, gaming, and live streaming. Any feature that lets you share an image with another person potentially falls inside it.

This is how the mandate grows. The government announced a push for new delegated powers on February 16, framing them around age verification for social media and VPNs.

Keep reading

ProtonMail Logs Activist’s IP Address With Authorities After Swiss Court Order

End-to-end encrypted email service provider ProtonMail has drawn criticism after it ceded to a legal request and shared the IP address of anti-gentrification activists with law enforcement authorities, leading to their arrests in France.

The Switzerland-based company said it received a “legally binding order from the Swiss Federal Department of Justice” related to a collective called Youth for Climate, which it was “obligated to comply with,” compelling it to handover the IP address and information related to the type of device used by the group to access the ProtonMail account.

On its website, ProtonMail advertises that: “No personal information is required to create your secure email account. By default, we do not keep any IP logs which can be linked to your anonymous email account. Your privacy comes first.”

Despite its no IP logs claims, the company acknowledged that while it’s illegal for the company to abide by requests from non-Swiss law enforcement authorities, it will be required to do so if Swiss agencies agree to assist foreign services such as Europol in their investigations.

“There was no possibility to appeal or fight this particular request because an act contrary to Swiss law did in fact take place (and this was also the final determination of the Federal Department of Justice which does a legal review of each case),” the company said in a lengthy response posted on Reddit.

Put simply, ProtonMail will not only have to comply with Swiss government orders, it will be forced to hand over relevant data when individuals use the service to engage in activities that are deemed illegal in the country. This includes monitoring IP addresses from users in “extreme criminal cases,” according to its transparency report.

“Proton must comply with Swiss law. As soon as a crime is committed, privacy protections can be suspended and we’re required by Swiss law to answer requests from Swiss authorities,” ProtonMail founder and CEO Andy Yen tweetedadding “It’s deplorable that legal tools for serious crimes are being used in this way. But by law, [ProtonMail] must comply with Swiss criminal investigations. This is obviously not done by default, but only if legally forced.”

If anything, ProtonMail users who are concerned about the visibility of their IP addresses should use a VPN or access the email service over the Tor network for additional anonymity.

“The prosecution in this case seems quite aggressive. Unfortunately, this is a pattern we have increasingly seen in recent years around the world (for example in France where terror laws are inappropriately used),” the company said.

Keep reading