Disclaimer
This article includes insights and analysis generated with the assistance of an experimental AI. While efforts have been made to ensure factual accuracy, readers are encouraged to cross-reference information from multiple reputable sources.
The war on encryption is alive and well, often beginning with the usual “we don’t hate encryption, we hate what people do with it” speech. This statement, about as effective as “no offense,” is a rhetorical ploy to silence the educated and dissolve reasoned arguments with a powerful appeal to fear. The moment you hear the typical “think of the children” plea, it’s a signal to stop trusting what you’re reading or hearing. This is a calculated tactic used to instill panic and get what they want, appearing only when the underlying argument is either ignorant or, worse, actively malicious.
The undeniable truth is that there are dark parts of the internet where encryption hides foul things, from child sexual abuse material to terrorist plots. But banning encryption will not stop these criminals. Like it or not, they are a constant, and they will continue to use encryption because they don’t care about our laws. The only thing a ban accomplishes is to hurt us, the law-abiding citizens. It won’t bring terrorists or traffickers to justice any more than it will fix the current ecological crisis. This debate is a clash between outdated thinking and the complex realities of modern technology.
The Shifting Landscape of Surveillance and Privacy
The arguments against encryption are evolving, but their core intent remains the same. The appeals have shifted from simple “think of the children” pleas to more sophisticated-sounding justifications, often under the guise of new legislation. The UK’s Online Safety Act 2023 (OSA) serves as a key example. While framed as a measure to protect children, a contentious provision, Clause 122, grants the media regulator, Ofcom, the power to mandate that end-to-end encrypted (E2EE) services implement mechanisms to scan private messages [Ref. 1]. This provision, which has drawn fierce backlash from nearly seventy civil society organizations and cybersecurity experts, is fundamentally incompatible with the integrity of E2EE.
The report notes a crucial juxtaposition: the government admits the technology to do this “did not yet exist,” while experts are “made clear that even message scanning… would inevitably ‘erode end-to-end encryption'” [Ref. 1]. This legislative “sword of Damocles” hangs over encrypted services, creating long-term uncertainty and, as the Global Encryption Coalition has warned, risks undermining trust in the British tech industry, thereby impeding its ability to compete globally [Ref. 1]. Amnesty International has publicly stated that the act is a “dreadful example of a government… legislating to weaken technology that is essential for our security and privacy” [Ref. 2].
This new front in the war on privacy is being fought with emerging technologies. While governments and law enforcement agencies find encryption difficult to crack, they are increasingly turning to new tools. The rise of artificial intelligence (AI) and machine learning is creating a more insidious form of surveillance that seeks to bypass encryption entirely. As the report details, AI is used to analyze vast amounts of unencrypted metadata to identify patterns of communication, build social graphs, and predict behavior, all without ever needing to read the content of a message. This makes the argument for weakening encryption feel even more disingenuous, as it seems agencies are pursuing multiple paths to achieve the same end goal: total surveillance [Ref. 1].
This brings us to a darker side of this debate: the opaque zero-day market. This is a multi-million-pound industry where security flaws in software are discovered and secretly sold, often to governments and intelligence agencies [Ref. 1]. The infamous Pegasus spyware, developed by the NSO Group, serves as a chilling example, having been used to target journalists, dissidents, and human rights activists globally [Ref. 3]. This market undermines the security of all technology, as flaws are kept secret for exploitation rather than being patched, leaving everyone vulnerable to hackers, criminals, and rogue states.
The Myth of “Nothing to Hide”
“If you have nothing to hide, you have nothing to worry about,” is a common refrain. But this is a fallacy, a dangerous and outdated way of thinking. As security expert Edward Snowden famously said, “Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say” [Ref. 4]. Privacy, as renowned cryptographer Bruce Schneier argues, is a form of power—the power to selectively reveal ourselves to the world [Ref. 5]. We all have something to hide. Think about your passwords, bank accounts, confidential conversations, or even just the plans for a birthday surprise. These are all secrets protected by encryption, and their exposure could hurt people, mostly you, even if you’ve done nothing wrong.
The danger of the “nothing to hide” myth has been amplified in the age of data. With the sheer volume of personal data collected by companies and governments, even seemingly innocuous information can become dangerous when aggregated. The report challenges the notion of privacy as a luxury for the privileged, instead showing that the average individual’s online activities generate a staggering amount of data every day [Ref. 1]. This includes everything from your location data and browsing history to your social media activity, all of which can be used to build a comprehensive and invasive profile of your life. The Information Commissioner’s Office (ICO), the UK’s data protection authority, has repeatedly highlighted the tangible harms of data breaches, with major incidents leading to financial loss, identity theft, and severe emotional distress [Ref. 6].
The True Path to Safety: Social Policy over Technological Control
If removing encryption won’t help the children, what can we do? The solution lies not in technological control, but in a renewed commitment to parental responsibility and social policy. The report challenges the efficacy of parental monitoring tools (spyware), highlighting that such technologies can erode a child’s trust and inhibit healthy psychological development [Ref. 1]. Instead, it advocates for a paradigm shift toward “trust-based interventions” and “holistic societal solutions” [Ref. 1]. This is a sentiment echoed by the NSPCC, which has consistently stressed the importance of parental guidance, open communication, and digital literacy as more effective tools for online child safety than invasive monitoring [Ref. 7].
On a broader scale, we need a new push for digital literacy and education. Instead of trying to ban encryption, we should be teaching both children and parents how to navigate the internet safely, how to identify threats, and how to use privacy-enhancing tools. The report highlights the growing recognition of the need for such education, and finds that successful community-based initiatives in the UK, such as the “Supporting Families” program, offer a non-technological alternative to blanket surveillance [Ref. 1]. We can also celebrate the growing movement of “privacy-by-design,” where technology is built from the ground up with user privacy as a core principle. This is a positive, forward-looking counterpoint to the more negative trends and represents a future where security and privacy are not seen as a zero-sum game.
The path forward is not to dismantle the tools that protect us all, but to empower individuals and communities with the knowledge and support they need to thrive in a digital world. We must demand that our leaders and organizations work to protect us without compromising our fundamental rights.
References
- Digital Crossroads: A Data-Backed Analysis of Encryption, Privacy, and the Path to True Online Safety. Report.
- Amnesty International. (2023). UK Online Safety Bill: A Human Rights Analysis.
- Citizen Lab. (2021). ForcedEntry: NSO Group’s Pegasus Spyware*.
- Snowden, E. (2015). An interview with Edward Snowden.
- Schneier, B. (2015). Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World.
- Information Commissioner’s Office (ICO). (2022). Annual Report on Data Breaches.
- National Society for the Prevention of Cruelty to Children (NSPCC). (2023). Online Safety Strategy Report.