Encryption vs. Access: A Privacy Law Debate

“Age verification laws threaten individual privacy by requiring individuals to submit highly sensitive personal data, such as government-issued IDs or biometric scans, to access material online,” EFF’s Rin Alajaji told WIRED - and VPNs aren’t a solution. https://lnkd.in/gdBbpV4f

The UK government has abandoned its demand for Apple to create a “backdoor” into its encrypted services, a controversial request that had already led Apple to withdraw Advanced Data Protection (ADP) for UK users earlier this year.   The demand, issued under the Investigatory Powers Act (often referred to as the “Snooper’s Charter”), would have compelled Apple to make end-to-end encrypted iCloud data accessible to law enforcement. Privacy advocates, technology leaders and governments warned that this wasn’t simply a UK issue, it would have weakened global security, creating new opportunities for cybercriminals and hostile states.   Our Principal Consultant, Nathan Webb, commented in the piece on the broader implications: “Apple noted that the encryption technologies used meant even they themselves could not access user data encrypted with the Advanced Data Protection (ADP) feature. Campaigners and other governments said a backdoor in this feature would threaten security and privacy for all Apple users.”   While this specific demand has now been dropped, the Investigatory Powers Act remains in force, leaving the possibility that future governments could revisit similar measures.   This case highlights the ongoing tension between national security interests and the need to preserve strong encryption to protect businesses, citizens, and critical data worldwide.   Thank you to Joanna England at Intelligent CISO for featuring Nathan’s perspective in this important debate. Read the full coverage here: https://lnkd.in/ez9ngzmt #CyberSecurity #DataPrivacy #Encryption #InfoSec #CyberResilience

Swiss government may disable privacy tech, stoking fears of mass surveillance - The Swiss government could soon require service providers with more than 5,000 users to collect government-issued identification, retain subscriber data for six months and, in many cases, disable encryption. The proposal, which is not subject to parliamentary approval, has alarmed privacy and digital-freedoms advocates worldwide because of how it will destroy anonymity online, including for people located outside of Switzerland. A large number of virtual private network (VPN) companies and other privacy-preserving firms are headquartered in the country because it has historically had liberal digital privacy laws alongside its famously discreet banking ecosystem. Proton, which offers secure and end-to-end encrypted email along with an ultra-private VPN and cloud storage, announced on July 23 that it is moving most of its physical infrastructure out of Switzerland due to the proposed law. The company is investing more than €100 million in the European Union, the announcement said, and plans to help develop a “sovereign EuroStack for the future of our home continent.” Switzerland is not a member of the EU. Proton said the decision was prompted by the Swiss government’s attempt to “introduce mass surveillance.” Proton founder and CEO Andy Yen told Radio Télévision Suisse (RTS) that the suggested regulation would be illegal in the EU and United States. "The only country in Europe with a roughly equivalent law is Russia," Yen said. Internet users would no longer be able to register for a service with just an email address or anonymously and would instead have to provide their passport, drivers license or another official ID to subscribe, said Chloé Berthélémy, senior policy adviser at European Digital Rights (eDRI), an association of civil and human rights organizations from across Europe. The regulation also includes a mass data retention obligation requiring that service providers keep users’ email addresses, phone numbers and names along with IP addresses and device port numbers for six months, Berthélémy said. Port numbers are unique identifiers that send data to a specific application or service on a computer. All authorities would need to do to obtain the data, Berthélémy said, is make a simple request that would circumvent existing legal control mechanisms such as court orders. “The right to anonymity is supporting a very wide range of communities and individuals who are seeking safety online,” Berthélémy said. “In a world where we have increasing attacks from governments on specific minority groups, on human rights defenders, journalists, any kind of watchdogs and anyone who holds those in power accountable, it's very crucial that we … preserve our privacy online in order to do those very crucial missions.” Source: Swiss government looks to undercut privacy tech, stoking fears of mass surveillance

TL;DR: The EU is about to vote on Chat Control, a law that could end encrypted private messaging. https://lnkd.in/gy-Y7eTa makes it easy to take action before September 12. I don’t usually post about politics, but this one hits close to home. The EU’s proposed Chat Control law would mean that every message, photo, or file we share could be scanned, no matter who we are, or what we’re doing. That’s not just bad for privacy, it’s dangerous for security, trust, and freedom of expression. FightChatControl.eu explains the risks, shows where each country stands, and even helps you contact your representatives directly. As of now, only a handful of Member States are pushing back, and the final vote is just days away. Whether you work in tech, law, or just care about your right to private communication, this is the moment to pay attention. Encryption is one of the last defenses we have for secure digital life, once it’s gone, it’s gone. Take a few minutes, check the site, and speak up while there’s still time. #Privacy #Encryption #DigitalRights #CyberSecurity #FightChatControl #StopChatControl #DataProtection #DigitalFreedom #PrivacyMatters #EUlaw

📌 The European Union's proposed "Chat Control" legislation is generating significant debate within the cybersecurity and digital rights communities. While aiming to combat child abuse material, the plan, which mandates technology companies to scan encrypted messages before transmission, faces strong opposition due to its potential to undermine end-to-end encryption. Security experts and cryptographers argue that such measures are technically unfeasible and could create critical vulnerabilities, exposing European citizens to hacking and state-sponsored surveillance. Concerns about false positives and mass surveillance are central to the objections raised by several member states and leading tech firms. This initiative highlights a growing tension between security objectives and fundamental privacy rights, prompting a reevaluation of how technological solutions can be implemented without compromising the foundational principles of a secure and open internet. The implications for digital trust and the future of encrypted communications in the EU are substantial, potentially shaping policy worldwide. #EUChatControl, #Encryption, #PrivacyRights, #DigitalSecurity

There is no such thing as a safe backdoor. If encryption is removed there is no safety or security in any messaging platform. Will encryption only be available for the select few? Ultimately the criminals they claim to be targeting will move to their own more secret channels, so all that will be exposed is the information of the general public. What a strange and terrible plan. #infosec #security #gdpr #dataprotection #encryption https://lnkd.in/epnKtfDZ

“Platforms were creating systems to harvest full, reconstructable identities despite the privacy risk, which undermined data protections and created a persistent danger that highly sensitive material could be compromised” https://lnkd.in/gd8e35mg

When it comes to data privacy, myths spread faster than facts. And the danger is; believing these myths can leave us exposed to real risks. Here are few myths and facts you should know: ❌ “Private browsing is completely anonymous.” ✅ It only hides your local history. ISPs, websites and search engines can still track you. ❌ “I have nothing to hide, so privacy doesn’t matter.” ✅ Privacy isn’t about secrecy—it’s about having control over your own data. ❌ “Social media is safe for sharing personal info.” ✅ Oversharing opens the door to identity theft, stalking and unwanted ads. The truth? Privacy isn’t about hiding. It is about protecting your freedom, safety, and control in the digital space. As usual, someone around you need this reminder. Share it and let’s build a more privacy-conscious community together. #TMLC #30DaysOfPrivacy #DataPrivacyAwareness #PrivacyFirst #StaySecureOnline #DigitalSafety

When it comes to data privacy, myths spread faster than facts. And the danger is; believing these myths can leave us exposed to real risks. Here are few myths and facts you should know: ❌ “Private browsing is completely anonymous.” ✅ It only hides your local history. ISPs, websites and search engines can still track you. ❌ “I have nothing to hide, so privacy doesn’t matter.” ✅ Privacy isn’t about secrecy—it’s about having control over your own data. ❌ “Social media is safe for sharing personal info.” ✅ Oversharing opens the door to identity theft, stalking and unwanted ads. The truth? Privacy isn’t about hiding. It is about protecting your freedom, safety, and control in the digital space. As usual, someone around you need this reminder. Share it and let’s build a more privacy-conscious community together. #TMLC #30DaysOfPrivacy #DataPrivacyAwareness #PrivacyFirst #StaySecureOnline #DigitalSafety