In January 2025, the UK government secretly ordered Apple to unlock its end-to-end encrypted iCloud backups, demanding “blanket access” to user data worldwide under the Investigatory Powers Act. Apple, facing an impossible choice, halted its Advanced Data Protection service in the UK, leaving millions without robust privacy safeguards. This isn’t an isolated incident—it’s a global assault on secure communication, with governments pushing for encryption backdoors that weaken the digital defenses we all rely on. As a member of the Global Encryption Coalition, The Center for Online Safety and Liberty (COSL) is sounding the alarm: mandatory backdoors threaten your privacy, security, and freedom. Here’s why we must fight back.
The Bedrock of Digital Freedom
Encryption is the cornerstone of secure communication. It ensures your messages, photos, and backups remain private, readable only by you and your intended recipients. End-to-end encryption (E2EE), used by apps like Signal and WhatsApp, locks out everyone else—even the service provider. This technology protects journalists exposing corruption, activists organizing against oppression, and everyday people shielding their personal lives from prying eyes. Without it, our digital world becomes an open book for hackers, corporations, and overreaching governments.
Yet, governments worldwide are attacking E2EE, claiming backdoors are needed to combat crime. The UK’s move against Apple is just one example. In the US, the TAKE IT DOWN Act passed in April 2025 without safeguards for encrypted services, and an even broader bill, the EARN IT Act has also resurfaced, threatening to sue or prosecute companies that don’t weaken encryption. Australia’s 2018 encryption law already fines companies millions for refusing to comply, while individuals face jail time. These policies don’t just erode privacy—they create vulnerabilities that endanger everyone.
The Human Cost of Backdoors
Mandatory encryption backdoors come with devastating consequences. Here are three critical threats:
Threat 1: Universal Vulnerability
A backdoor is a deliberate flaw in encryption, a key that governments claim only they can use. But there’s no such thing as a “good guys only” backdoor. If it exists, hackers, hostile states, or rogue insiders can exploit it. The 2024 Salt Typhoon attacks, where Chinese hackers breached US telecom systems, exposed the risks of mandated access points. Weakening encryption doesn’t just expose your data—it could compromise entire networks, from banks to hospitals.
Threat 2: Targeting the Vulnerable
Marginalized communities bear the brunt of surveillance. LGBTQ+ activists in repressive regimes rely on E2EE to organize safely. In the US, post-Roe v. Wade, women seeking reproductive care use encrypted apps to avoid prosecution. Backdoors would expose their communications to governments or vigilantes, chilling free expression and endangering lives. Privacy isn’t a luxury—it’s a lifeline.
Threat 3: Global Domino Effect
The UK’s order to Apple didn’t just affect British users—it targeted data worldwide. If one nation forces a backdoor, others will follow, creating a race to the bottom for privacy. Tech companies, pressured to comply, may weaken encryption globally or exit markets altogether, as Signal threatened in Sweden. This fragments the internet, leaving users in authoritarian states with fewer secure options.
The Myth of “Responsible” Backdoors
Governments argue backdoors are necessary for public safety, citing terrorism or child exploitation. But these claims don’t hold up. The FBI itself accessed a San Bernardino shooter’s iPhone without Apple’s help, proving alternative methods exist. Meanwhile, technologies like Fully Homomorphic Encryption (FHE) allow data analysis without decrypting it, offering a path for law enforcement without systemic vulnerabilities. Yet policymakers often ignore these solutions, favoring blunt mandates that weaken security for all.
The irony? Even the FBI now urges E2EE to counter cyber threats, as seen in their response to Salt Typhoon. Governments can’t have it both ways—demanding backdoors while warning of their risks. COSL believes we can balance security and privacy, but only by rejecting flawed policies that put us all at risk.
COSL’s Fight for Your Rights
What is COSL doing in the fight to preserve secure communications? As a new and small nonprofit, we know that we can’t do much on our own. So we joined the Global Encryption Coalition (GEC), a coalition of over 400 members across 103 countries, which is dedicated to promoting and defending strong encryption globally. By adding our voice to that of our GEC partners, we help to oppose global efforts to weaken encryption—such as the UK government’s move on Apple—and support companies offering encrypted services.
We’re also actively fighting for secure communications in the United States. In early April this year, we were among a select group of 20 groups, led by the Internet Society, who engaged with lawmakers to improve the TAKE IT DOWN Act, which is aimed at protecting individuals from the non-consensual publication of intimate images, including deepfakes.
While non-consensual intimate imagery is a problem that COSL takes seriously, there is a hidden trap in its requirement for Internet platforms not only to remove such content when reported to them, but also to “make reasonable efforts to identify and remove any known identical copies”. Since encrypted messaging services are not exempted from this requirement, it could subject them to penalties—or shut them down—if they fail to bypass encryption in carrying out the law’s mandate. We and out partners wrote:
The consequences are severe: it could be impossible for providers of encrypted services to comply with the Act’s obligations without breaking encryption and introducing systemic security flaws. This is because providers of encrypted services do not have access to the content that can be reported under the Act, which will incentivize them to break encryption or implement invasive content monitoring technologies to shield themselves from liability.
Unfortunately on April 28, the Act was passed into law without the safeguards that we had advocated for. Unless a future court challenge reverses the law’s effects, this now leaves U.S. Internet companies in an invidious position. Either rip out encryption from their products, or face potential legal liability for failing to report deepfake content as the TAKE IT DOWN Act requires.
Call to Action: Join the Fight
The UK government’s move against Apple, and the TAKE IT DOWN Act in the United States, don’t even scratch the surface of the threats to secure communication that are mounting worldwide. So this won’t be our only blog post on the topic, nor your only opportunity to take action. In fact, from this month, we’re making the fight for secure communications one of our ongoing campaigns, along with the campaign against online ID checks that we launched last month.
Here’s how you can help:
- Subscribe to our newsletter: New threats pile up fast, and we need a quick way to inform you about them and give you an opportunity to take action. While you can follow us on social media, subscribing to our newsletter is a surer way to ensure that you don’t miss a deadline for a petition, or miss out on news that affects your rights. Our newsletter also contains exclusive content that isn’t available on our website or social accounts. It’s free to subscribe.
- Contribute secure open source code: Although governments may mock the supremacy of the laws of math, there’s no getting around them. Encrypted apps are out there already, and if law-abiding citizens don’t have access to them, criminals still will. A key solution is open source software, that can’t be owned or controlled by a single company or government, and can be easily peer-reviewed. That’s why COSL is fiscally sponsoring privacy-first open source software development projects. You can contribute to that work either by contributing code or contributing money.
- Donate: Fund COSL’s advocacy battles, community support, and tech development. COSL has only just started, and we have big plans. But we can’t realize them without your help. If you can just spare $20 per month, you will be single-handedly offsetting the cost of one of our project’s hosting costs. How’s that for a real impact? Even just $10 a month at c4osl.org/support-us, or whatever you can afford, fuels our work to protect your rights and to build support for your communities.
- Volunteer: COSL is always looking for new volunteer activists, from all countries of the world. You can help develop work on our global advocacy campaigns, or start a new local campaign of your own. You can also raise money through COSL for local community projects. And there are two ways to do this: you can volunteer for a position on our team, or you can propose your own independent project.
- Spread the Word: Share this article and COSL’s mission on social platforms such as Bluesky and LinkedIn, and use #ProtectEncryption to amplify the conversation.
The fight for strong encryption is far from over—but together, we can win it. Governments may hope to quietly chip away at your rights, but when we raise our voices, organize, and demand better, we force them to listen. Secure communication is not a privilege; it is a fundamental right that underpins democracy, safety, and human dignity around the world. COSL stands ready to defend that right—but we can’t do it alone. Join us, stay informed, get involved, and help build a future where privacy, security, and freedom remain non-negotiable.
Support the campaign through a donation
COSL’s Protect Secure Communications campaign is proudly supported by our Legal Advocacy fundraiser. Every donation helps run and maintain projects that fall under this priority area. Thank you for your support!