For some time now, Governments worldwide have sought ways to access encrypted communications, all in the name of national security and law enforcement. 

From the FBI’s battle with Apple over unlocking a terrorist’s iPhone way back in 2016, to the latest push involving UK government officials, who secretly ordered Apple to build a backdoor so they can have blanket access to users’ encrypted iCloud data; requests have spanned decades.  

The latter demand - which emerged only last month and compelled Apple to reconsider its Advanced Data Protection service in the UK - may be the latest, but will unlikely be the last. 

Yes, the move underscores what we know has been persistent tension between governmental surveillance and privacy rights; crime and terrorism must be fought, while concerns among privacy advocates, tech businesses, and even governments themselves are equally valid.  

This latest push also begs the question: why, despite decades of technological advancements, is the debate over the need for encryption backdoors still a thing? How can we avoid bringing third-party hackers into the mix when weakened encryption is not granted? 

The underlying argument 

The argument for access is, of course, understandable. Take the 2022 “chat control” proposals by the European Commission (EC), which required the mass scanning of all encrypted communications for text, photos and videos that indicate child sexual abuse. 

The EC’s version of the regulation required technology companies to introduce backdoors or to use technology known as client-side scanning, which involves installing software on users’ devices to scan messages for illegal content before they are encrypted. If flagged content is detected, authorities are notified. 

A policy such as this one is framed as “necessary” for national security. While efforts to stop child abuse are most certainly necessary, the problem is when they undermine the very security they seek to protect. In fact, European tech firms - and many others - responded to the proposed regulation by urging EU ministers to reject it, warning it could weaken end-to-end encryption and compromise cybersecurity.  

As most will know, encryption serves as a cornerstone of digital security, protecting sensitive information for individuals, corporations, and governments alike. The introduction of backdoors, however, inherently weakens encryption protocols; it creates a crack of sorts that not only government officials can access, but also that malicious actors, whether it be cybercriminals, hostile nation-states, or rogue insiders, can access - and exploit. 

Weakening encryption across the board would not only expose private citizens and businesses to greater risks but could also compromise classified government communications.  

Client side-scanning may sound like a compromise, but is also flawed. Bad actors could simply disable or bypass the scanning mechanism, rendering it ineffective against its intended targets. Meanwhile, ordinary citizens would face an increased risk of false positives, where legitimate communications are misinterpreted as criminal activity; a huge waste of law enforcement resources. It opens the door for mission creep. A system designed to detect child abuse images or terrorist activity could be expanded to monitor political speech, dissenting opinions, or other content deemed undesirable by the government in power.  

Problems like these are not just theoretical either. In 2017, the NSA’s EternalBlue exploit, originally developed as a cybersecurity tool, was leaked and subsequently weaponised by ransomware groups. If government-mandated backdoors were implemented, they could suffer the same fate, leaving billions of users vulnerable to surveillance, fraud, and cyber-attacks. 

Furthermore, if one government forces a backdoor into encrypted systems, others will inevitably demand the same. If the UK succeeds in forcing Apple to provide access, what stops China, Russia, or North Korea from making similar demands? This could set a precedent that erodes global cybersecurity and the trust users place in digital services. 

In the European tech firms’ open letter to the EC, they were flagging much of the same points. Rather than mass scanning of encrypted email and messaging services, they urged EU leaders to back a more considered, more effective version of the regulation proposed.  

They wanted the EU governments to understand that the debate isn’t just a “dichotomy between privacy and child protection”, but that they can in fact exist side by side. 

Is there a better solution?  

The scanning of texts and voice messages has since been dropped in the latest proposal, but the scanning of other material, such as images and videos, remains, while cases such as Apple/UK Government continue to pop up.  

For me, the fact that backdoors are a recurrent debate in 2025 is somewhat shocking when we look at the technological advances that have happened over the last decade.  

Are there solutions that bolster cybersecurity and support law enforcement without undermining privacy? Yes. Are policymakers prioritising them? No.  

Look at privacy-preserving technologies like Fully Homomorphic Encryption (FHE) for example. FHE allows data to be processed while remaining encrypted, meaning that sensitive data can be analysed for criminal activity without exposing the raw contents to authorities or third parties. 

FHE and other cryptographic advancements may offer a way to balance privacy with security, enabling lawful investigations without introducing systemic vulnerabilities. However, it must be added - these solutions require thoughtful collaboration between governments, industry leaders, and privacy advocates—not rushed mandates that weaken encryption standards. 

One thing is certain: weakening encryption is not the answer. Ironically, just weeks before the UK’s renewed push for encryption backdoors, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) warned Americans to use end-to-end encryption to protect against cyber threats, particularly in response to the Salt Typhoon attack on call and phone records in the U.S. 

It’s time for governments to ditch the contradiction and the third-party hackers and explore tech that enables law enforcement to combat crime without compromising global security. 

Jeremy Bradley COO Zama