As Britain sharpens its national security and online safety laws, a widening rift has emerged between lawmakers who see encryption as a barrier to policing and experts who warn that weakening it could expose the country to far greater risks.
A Parliamentary Push, Not a Retreat
On a recent Monday, Britain’s Parliament revisited one of the most contentious areas of modern governance: encryption. The debate was triggered by a public petition calling for the repeal of the Online Safety Act, legislation already controversial for its sweeping age-verification requirements and its reach into private digital communications. Instead of scaling back the law, however, Members of Parliament pressed for stricter enforcement and expanded scrutiny of encrypted technologies.
During the discussion, MPs went further, calling for reviews of other encrypted tools, including virtual private networks. The tone of the debate underscored a prevailing view within Westminster: that encryption is primarily an obstacle to law enforcement and intelligence agencies, rather than a foundational technology underpinning digital security.
To critics, what was missing was any sustained engagement with the technical and security risks of weakening encryption. Those concerns, raised briefly if at all, stood in stark contrast to the urgency lawmakers expressed about gaining greater visibility into online communications
Encryption as Threat or Safeguard?
That imbalance has alarmed digital rights advocates and cybersecurity specialists. Olivier Crépin-Leblond of the Internet Society said he was disappointed by the outcome of the debate, particularly the enthusiasm some lawmakers showed for client-side scanning—software that would scan messages on users’ devices before they are encrypted.
Such proposals, he argued, are often presented as “easy technological fixes” that could help police access illicit content, especially amid frustration over platforms like Facebook rolling out end-to-end encryption. But the risks, he warned, are poorly understood. Any software designed to bypass or pre-empt encryption could itself become a target for hackers, introducing systemic vulnerabilities rather than closing gaps.
For many experts, the framing of encryption as a threat reverses reality. Jemimah Steinfeld, the chief executive of Index on Censorship, has argued that breaking or weakening end-to-end encryption would itself pose a danger to national security, not just to individual privacy. Encrypted communications, she noted, are vital for journalists, dissidents, domestic abuse survivors, and ordinary citizens navigating an online environment marked by rising cybercrime and surveillance.
The Expanding Reach of Security Laws
The pressure on encrypted services does not exist in isolation. In recent years, a series of UK laws has steadily expanded the powers of the state in the name of security. Under the Investigatory Powers Act, Apple was served with a technical capability notice demanding that it weaken the encryption protecting iCloud data. Rather than creating a backdoor, the company disabled its Advanced Data Protection feature in the UK, highlighting the stark choices firms face when confronted with such demands.
More recently, a report by Jonathan Hall KC, the government’s Independent Reviewer of State Threats and Terrorism Legislation, warned that the scope of new national security laws is extraordinarily broad. In his review of the Counter-Terrorism and Border Security Act and the newly implemented National Security Act, Hall raised the possibility that developers of apps using end-to-end encryption could fall within legal definitions of “hostile activity” simply because their technology makes surveillance more difficult.
The implications extend beyond technology companies. Hall’s report suggested that journalists carrying confidential or politically sensitive material—potentially even information embarrassing to the prime minister during sensitive negotiations—could face similar scrutiny under the same expansive powers.
A Chilling Outlook for Encrypted Services
With these battle lines drawn, the coming year could prove decisive for encrypted messaging services such as Signal and WhatsApp. Both companies have previously said they would rather exit the UK market than compromise the privacy and security of their users. That threat, once hypothetical, now appears increasingly plausible as legislative pressure intensifies.
