Tag: encryption

The EU’s Two-Tier Encryption Vision Is Digital Feudalism

Sam Altman, CEO of OpenAI, recently showed a moment of humanity in a tech world that often promises too much, too fast. He urged users not to share anything with ChatGPT that they wouldn’t want a human to see. The Department of Homeland Security in the United States has already started to take notice.

His caution strikes at a more profound truth that underpins our entire digital world. In a realm where we can no longer be certain whether we’re dealing with a personit is clear that software is often the agent communicating, not people. This growing uncertainty is more than just a technical challenge. It strikes at the very foundation of trust that holds society together. 

This should cause us to reflect not just on AI, but on something even more fundamental, far older, quieter and more critical in the digital realm: encryption.

In a world increasingly shaped by algorithms and autonomous systems, trust is more important than ever. 

Encryption is our foundation

Encryption isn’t just a technical layer; it is the foundation of our digital lives. It protects everything from private conversations to global financial systems, authenticates identity and enables trust to scale across borders and institutions.

Crucially, it’s not something that can be recreated through regulation or substituted with policy. When trust breaks down, when institutions fail or power is misused, encryption is what remains. It’s the safety net that ensures our most private information stays protected, even in the absence of trust.

A cryptographic system isn’t like a house with doors and windows. It is a mathematical contract; precise, strict and meant to be unbreakable. Here, a “backdoor” is not just a secret entry but a flaw embedded in the logic of the contract, and one flaw is all it takes to destroy the entire agreement. Any weakness introduced for one purpose could become an opening for everyone, from cybercriminals to authoritarian regimes. Built entirely on trust through strong, unbreakable code, the entire structure begins to collapse once that trust is broken. And right now, that trust is under threat. 

Keep reading

Signal Threatens to Exit Europe Over EU Push for Messaging App Scanning Law

Signal is warning it will walk away from Europe rather than participate in what privacy defenders describe as one of the most dangerous surveillance schemes ever proposed by the EU.

Lawmakers in Brussels are pressing for a law that would compel messaging apps to break their own security by installing scanning systems inside private communications.

Meredith Whittaker, president of Signal, said the company will never compromise on encryption to satisfy government demands.

“Unfortunately, if we were given the choice of either undermining the integrity of our encryption and our data protection guarantees or leaving Europe, we would make the decision to leave the market,” she told the dpa news agency.

The draft legislation is framed as a child protection measure, but would require all major messengers, from WhatsApp to Signal to Telegram, to monitor every message before it is encrypted.

This would eliminate true private communication in Europe and create tools that could be abused for mass surveillance.

Privacy advocates have repeatedly warned that once a backdoor exists, there is no way to restrict who uses it or for what purpose.

Whittaker was clear about the stakes. “It guarantees the privacy of millions upon millions of people around the world, often in life-threatening situations as well.”

She added that Signal refuses to enable chat control because “it’s unfortunate that politicians continue to fall prey to a kind of magical thinking that assumes you can create a backdoor that only the good have access to.”

Any such system, she argued, would make everyone less safe.

The European Parliament already rejected the scanning mandate with a strong cross-party majority, recognizing the threat it poses to basic rights.

But within the Council of Member States, the push for chat control remains alive. Denmark’s presidency could renew momentum for the proposal, even though countries like Germany have so far resisted.

Germany’s position is pivotal. The coalition agreement of its current government promises to defend “the confidentiality of private communications and anonymity online.”

Yet the inclusion of the phrase “in principle” raises alarms, suggesting exceptions could open the door to backdoors in messaging apps.

If Germany wavers, Europe could be on the verge of losing secure communication altogether.

Keep reading

X Urges EU to Reject “Chat Control 2.0” Surveillance Law Threatening End-to-End Encryption

X is urging European governments to reject a major surveillance proposal that the company warns would strip EU citizens of core privacy rights.

In a public statement ahead of a key Council vote scheduled for October 14, the platform called on member states to “vigorously oppose measures to normalize surveillance of its citizens,” condemning the proposed regulation as a direct threat to end-to-end encryption and private communication.

The draft legislation, widely referred to as “Chat Control 2.0,” would require providers of messaging and cloud services to scan users’ content, including messages, photos, and links, for signs of child sexual abuse material (CSAM).

Central to the proposal is “client-side scanning” (CSS), a method that inspects content directly on a user’s device before it is encrypted.

X stated plainly that it cannot support any policy that would force the creation of “de facto backdoors for government snooping,” even as it reaffirmed its longstanding commitment to fighting child exploitation.

The company has invested heavily in detection and removal systems, but draws a clear line at measures that dismantle secure encryption for everyone.

Privacy experts, researchers, and technologists across Europe have echoed these warnings.

By mandating that scans occur before encryption is applied, the regulation would effectively neutralize end-to-end encryption, opening private conversations to potential access not only by providers but also by governments and malicious third parties.

The implications reach far beyond targeted investigations. Once CSS is implemented, any digital platform subject to the regulation would be forced to scrutinize every message and file sent by its users.

This approach could also override legal protections enshrined in the EU Charter of Fundamental Rights, specifically Articles 7 and 8, which safeguard privacy and the protection of personal data.

A coalition of scientists issued a public letter warning that detection tools of this kind are technically flawed and unreliable at scale.

High error rates could lead to false accusations against innocent users, while actual abuse material could evade detection.

Keep reading

U.S. Secret Service disrupts telecom network that threatened NYC during U.N. General Assembly

The Secret Service has disrupted a sprawling telecommunications network in the New York tri-state area that investigators say posed a serious potential disruption to New York’s telecom systems and a possible threat to the United Nations General Assembly meetings this week.

In the largest seizure of its kind, the U.S. Secret Service announced Tuesday that the agency found active SIM farms at abandoned apartment buildings located at more than five sites. In total, law enforcement discovered 300 SIM servers – over 100,000 SIM cards – enabling encrypted, anonymous communication and capable of sending 30 million text messages per minute. Officials say the servers were so powerful they could have disabled cell phone towers and launched distributed denial of services attacks with the ability to block emergency communications like EMS and police dispatch. 

“This network had the potential to disable cell phone towers and essentially shut down the cellular network in New York City,” U.S. Secret Service Special Agent in Charge Matt McCool said in a video released by the agency.

An official briefed on the investigation told reporters that this week, the sophisticated network “could text message the entire country within 12 minutes,” later adding, “This was well organized and well funded.”

Telephonic threats to multiple senior U.S. officials this past spring – including multiple people protected by the Secret Service – first triggered the investigation, but officials say the network was seized within the last three weeks.

“We cannot share which officials were targeted out of concerns for their privacy, but as the forensics investigation continues, we do expect that we will find more targeted officials once we get through that data,” McCool said. 

Early analysis shows the network was used for communication between foreign governments and individuals known to U.S. law enforcement, including members of known organized crime gangs, drug cartels and human trafficking rings, according to multiple officials briefed on the investigation. The U.S. Secret Service says it is combing through the more than 100,000 SIM cards in an ongoing, exhaustive forensic analysis.

“Each SIM basically has the equivalent data of a cell phone. So we’re working through every call, every text, every search made on those SIM cards,” an official told CBS News, adding, “Early analysis indicates that this network was used for communication between foreign governments and individuals that are known to federal law enforcement here in the U.S.”

The equipment was found within 35 miles of the United Nations in New York, ahead of the U.N. General Assembly. Investigators also found 80 grams of cocaine, illegal firearms, plus computers and phones.

“This isn’t a group of people in a basement playing a video game and trying to play a prank,” one official said. “This was well organized and well funded.”

Keep reading

What Is ICE Doing With This Israeli Spyware Firm?

The deployment of Paragon’s Graphite spyware was a major scandal in Italy. Earlier this year, the messaging app WhatsApp revealed that 90 journalists and civil society figures had been targeted by the military-grade surveillance tech, which gives “total access” to a victim’s messages. The Italian government admitted to spying on refugee rights activists, and Paragon cancelled its contract with the government almost immediately after the story broke.

Now the same software may be coming to America—and again with an immigration focus. Last week, the U.S. Department of Homeland Security quietly lifted a stop-work order on a $2 million contract that Immigration and Customs Enforcement (ICE) had with Paragon for a “fully configured proprietary solution including license, hardware, warranty, maintenance, and training.”

The deal was first signed by the Biden administration, and it was frozen in October 2024, less than a week after Wired broke the news of the contract. An administration official later insisted to Wired that, rather than reacting to bad publicity, they were reviewing the contract to comply with President Joe Biden’s order to ensure that commercial spyware use by the U.S. government “does not undermine democracy, civil rights and civil liberties.”

The details of that review—or even the contract itself—were never publicly disclosed. But the results are clear: ICE now has a green light to use whatever software Paragon was offering. (Neither Paragon nor ICE responded to requests for comment from The Guardian.)

The Citizen Lab at the University of Toronto, dedicated to researching electronic surveillance, found that Graphite targeted users through a “zero-click exploit.” By adding someone to a WhatsApp group in a certain way, Graphite can force their phones to read an infected PDF file without the user’s input. In other words, a cyberattack can be disguised as a spam text—and works even if victims ignore it.

After discovering the vulnerability with the Citizen Lab’s help, WhatsApp said in a statement that it was “constantly working to stay ahead of threats” and “build new layers of protection into WhatsApp.”

Paragon was co-founded by Ehud Barak, a former Israeli prime minister and general in charge of military intelligence, and Ehud Schneorson, a former head of Unit 8200, the Israeli equivalent of the National Security Agency. Last year, an American private equity firm bought Paragon for $500 million with the intention of merging it into RED Lattice, a firm connected to former U.S. intelligence officials. Paragon has positioned itself as a more ethical alternative to NSO Group, a spyware company similarly run by Unit 8200 veterans.

In 2021, NSO Group suffered a series of scandals after it was revealed that its Pegasus spyware was sold to police states around the world and was possibly used to spy on journalists who were murdered. NSO Group accused the media of running a “vicious and slanderous campaign” and promised to “thoroughly investigate any credible proof of misuse.” The Biden administration hit NSO Group with economic sanctions in response.

Around the time that the Pegasus scandal was breaking, a Paragon executive boasted to Forbes that their company would only deal with customers who “abide by international norms and respect fundamental rights and freedoms.”

Keep reading

Mullvad Introduces QUIC-Based WireGuard Obfuscation to Bypass Censorship and VPN Blocks

Mullvad has begun rolling out a new feature that hides WireGuard connections inside QUIC traffic, a technique designed to help users slip past aggressive censorship systems.

By making VPN traffic look more like ordinary encrypted browsing, the update gives people in tightly controlled regions, including Russia and China, a better chance of maintaining stable access to the internet.

It also helps with accessing websites that are increasingly trying to ban VPNs.

The addition comes as Mullvad prepares to move away from OpenVPN, which it will no longer support starting January 2026.

With that change on the horizon, the company is putting its weight behind WireGuard while also making sure it remains usable in countries where standard WireGuard connections are heavily throttled or blocked.

QUIC itself is not new. Originally created by Google and now the backbone of HTTP/3, the protocol is prized for its speed, ability to handle multiple streams of data at once, and resilience against network issues.

Services like YouTube already rely on it, making QUIC traffic extremely common. Mullvad takes advantage of that by wrapping WireGuard’s UDP packets inside QUIC, effectively disguising VPN usage as something indistinguishable from normal web activity.

To make this possible, Mullvad has turned to MASQUE, a standard that allows UDP traffic to be tunneled through HTTP/3 connections.

The result is traffic that appears identical to everyday browsing, far harder for censors to single out and shut down.

The feature is included in Mullvad’s desktop apps for Windows and macOS beginning with version 2025.9.

Users can activate it in the VPN settings, though if multiple connection attempts fail, the client will automatically switch over to QUIC on its own. Support for Android and iOS devices is also planned.

Different VPN companies are taking different routes to achieve similar goals. Proton VPN relies on its Stealth protocol, which disguises WireGuard traffic inside TLS.

Keep reading

JD Vance Stops UK Apple Backdoor Order Threatening Americans’ Privacy

Vice President J.D. Vance played a decisive role in persuading the United Kingdom to drop its demand that Apple provide the government with a “backdoor” into personal user data, according to U.S. officials.

The negotiations followed months of quiet but direct engagement between American and British leaders on the matter, as reported by Fox News.

A U.S. official told Fox News Digital that Vance was “in charge and was personally involved in negotiating a deal, including having direct conversations with the British government.”

The official said Vance worked with U.K. partners to negotiate “a mutually beneficial understanding” that led the British government to withdraw the order.

The agreement, the official added, ensures “each country’s sovereignty while maintaining close cooperation on data sharing.”

The vice president’s background in technology, along with his stated commitment to privacy rights and the U.S.-U.K. alliance, shaped his involvement.

Keep reading

Civil liberties group opposes Garda access to messages

Plans to force encrypted messaging apps like WhatsApp and Signal to give Gardaí access to private conversations would “profoundly undermine” digital security, the Irish Council for Civil Liberties (ICCL) has said.

In a statement issued this week, the group said cybersecurity experts were unanimous that so-called “backdoors” for law enforcement could not be created without also leaving users vulnerable to hackers and malicious actors.

“It is impossible to create ‘backdoor’ access pathways for law enforcement that can’t also be exploited,” the organisation said.

The ICCL added that encryption protects not only personal conversations but also online banking, shopping and wider digital activity.

“We all rely on encryption to safeguard our sensitive personal data when browsing, communicating or doing business online,” it said.

“Forcing companies to break their own encryption would profoundly undermine our digital security, as well as our fundamental rights to privacy and data protection.”

The council cited the position of the United Nations and the European Court of Human Rights in opposing laws that compromise encryption. It also highlighted the recent example of the UK government withdrawing a demand for Apple to install a backdoor into its cloud services, after the company refused.

“Apple stated it had never built – and never would build – backdoor access into any of its encrypted products,” the ICCL noted.

“Instead, Apple disabled its advanced data protection service in the UK and challenged the order in court.”

The group urged Justice Minister Jim O’Callaghan to reconsider his planned legislation, describing the proposals as “neither proportionate nor technically sound.”

It called for “transparent consultation with cybersecurity experts, civil society and technologists before proposing any legislation that could irreversibly damage digital privacy and cybersecurity.”

Last month, O’Callaghan told an audience that Gardaí must have powers to intercept modern communications.

“None of us would like to imagine living in a surveillance State,” he said.

Keep reading

Ireland’s Dangerous War on Encryption

The Irish government’s proposed Communications (Interception and Lawful Access) Bill would significantly expand the state’s ability to monitor digital communications, thereby striking at the very foundation of end-to-end encryption. 

This form of encryption, used by services like WhatsApp, iMessage, and Signal, ensures that only the sender and the recipient can access the content of a message. Under the new bill, Gardaí, the Defence Forces, and the Garda Ombudsman would be allowed to intercept private messages in real time. Achieving this would require altering or bypassing encryption entirely.

Such a measure would introduce a permanent vulnerability into digital infrastructure. Once a system is designed to allow access for one party, others can and will exploit it. 

Backdoors do not stay private. They create a single point of failure that can be used by cybercriminals, hostile foreign governments, or commercial spyware operations. 

The government claims that oversight and warrant requirements will ensure the powers are used responsibly. However, no legal safeguard can address the underlying technical risk created by breaking encryption. 

The presence of a backdoor makes every message on a platform more exposed, whether or not it is the target of surveillance. Encryption cannot be selectively weakened. Any interference compromises the security of the system for all users.

Major technology companies have already taken strong positions against laws that would force them to degrade encryption. 

Apple recently removed some of its data protection features from the UK rather than comply with legislation that would have weakened user privacy. 

Keep reading

Austria Approves Spyware Law to Infiltrate Encrypted Messaging Platforms

Austria is moving forward with legislation that would authorize law enforcement to infiltrate encrypted communications, marking a pivotal shift in the country’s surveillance powers and stirring a fierce debate over digital privacy.

The federal cabinet’s approval of the plan comes after months of negotiations, with proponents citing national security needs and opponents warning of expansive overreach.

The proposed law targets messaging platforms widely used for private communication, including WhatsApp, Signal, and Telegram.

It introduces the use of spyware, formally known as source TKÜ, which would allow authorities to bypass encryption and monitor conversations directly on suspects’ devices. The change represents a major escalation in surveillance capabilities for a country that has traditionally lagged behind its European counterparts in digital interception laws.

Backers of the measure, such as Social Democrat Jörg Leichtfried, who oversees the Directorate for State Security and Intelligence (DSN), framed the move as a preventative strategy. “The aim is to make people planning terrorist attacks in Austria feel less secure; and increase everyone else’s sense of security.”

Leichtfried called the cabinet’s approval an “important milestone.”

Austria’s domestic intelligence services have until now been dependent on international partners, including the UK and the US, to provide warnings of potential threats.

Keep reading