February 12 2025

Who Holds the Keys? The Fight Over Encryption and Governments’ Access

Could plans to introduce a backdoor into iCloud encryption be a step towards mass surveillance?

In this blog, Dr Mahdi Aiash, an Associate Professor of Computer Science and Cyber Security, looks at the potential impact of Apple introducing a backdoor into iCloud encryption.

A recent report claims that the UK government is pressuring Apple to introduce a backdoor into iCloud encryption, arguing that end-to-end encryption makes criminal investigations harder. But here’s the catch— there’s no official confirmation from the UK government on this demand. While law enforcement agencies have long voiced concerns about encryption blocking access to vital evidence, it’s crucial to approach these claims with healthy scepticism until more details emerge.

This debate isn’t new. In 2023, I discussed these very concerns in an interview on encryption and cybersecurity. Back then, the UK’s focus was on weakening encryption in messaging apps like WhatsApp and Signal under the Online Safety Act. My stance remains the same—it’s not about choosing between privacy and security; both are essential. Governments need tools to fight crime, but encryption plays a critical role in protecting users from cyber threats, identity theft, and surveillance.

Now, the conversation has shifted. Instead of focusing on real-time messaging, the reported demand is for a backdoor into iCloud storage, which Apple recently made fully end-to-end encrypted. This means not even Apple can access stored user data—a major shift in digital security.

If these reports are accurate, this demand goes far beyond accessing messages—this is about potential access to a person’s entire cloud-stored data, including messages, photos, and sensitive documents. That raises a pressing question:

Is this about protecting public safety, or is it a step toward mass surveillance?

Why Governments See Encryption as a Threat

Encryption is a double-edged sword. It secures our personal data, protects businesses from cyber threats, and upholds privacy. But it also creates blind spots for law enforcement, making it harder to track criminals who exploit it to stay under the radar.

Some high-profile cases highlight this challenge:

• EncroChat & Sky ECC – Encrypted networks used extensively by criminal organizations for drug trafficking and cybercrime. Law enforcement had to hack into them just to break their operations. The EncroChat investigation led to over 6,500 arrests, while the Sky ECC operation in 2024 resulted in 119 convictions in Belgium
• Terrorist Communications – Groups like ISIS have leveraged encrypted apps to recruit members, plan attacks, and distribute propaganda, making it difficult for intelligence agencies to track them
• Child Exploitation Networks – Encrypted platforms have been used to share illegal content, making it harder to track and prosecute offenders—a major argument behind the UK’s Online Safety Act in 2023.

Law enforcement’s stance is simple: If encryption blocks access to crucial evidence, how can they protect the public?

The Unintended Consequences of Weakening Encryption

While the UK and other Western democracies have legal safeguards, the same cannot be said for authoritarian governments. In countries with weaker civil liberties protections, encryption backdoors could easily be used for mass surveillance, political repression, and silencing dissent. This isn’t just about crime prevention anymore; it’s about trust in governments and tech companies.

At the same time, law enforcement concerns are real but creating a backdoor in encrypted systems is a risky move. Here’s why:

• Weakens Security for Everyone: A backdoor can be exploited not just by law enforcement, but also by hackers, foreign adversaries, and cybercriminals. Take the NSA’s EternalBlue exploit, which was leaked and later weaponized in the WannaCry ransomware attacks, crippling hospitals, businesses, and individuals worldwide.
• Criminals Will Adapt: If iCloud encryption is weakened, serious criminals will simply switch to more secure alternatives, making law enforcement’s efforts ineffective while putting ordinary users at greater risk.
• Sets a Dangerous Precedent: If Apple complies, I believe other governments—including authoritarian regimes— could demand similar access, leading to mass surveillance and loss of privacy protections worldwide.

At the same time, restricting encryption too much can backfire, pushing criminals to become more creative. History shows that when authorities introduce tighter controls, criminals find new ways to evade them:

• The Dark Web & Anonymous Networks: When mainstream encrypted services faced crackdowns, criminals moved to Tor-based chatrooms, self-hosted encryption tools, and decentralized networks.
• Custom Encryption Tools: Criminal organizations are now building their own encryption platforms, making law enforcement’s job even tougher.
• Encrypted USB Drops & Offline Communications: Some groups bypass digital surveillance entirely by using encrypted USB drives, dead drops, and air-gapped networks.

Forcing mainstream platforms to introduce backdoors may not be as effective as intended. While it could provide short-term access to data, determined criminals will likely shift to more secure and decentralized alternatives, making long-term investigations even more complex. This raises a key concern: How can law enforcement balance security and privacy without driving criminals deeper underground?

Beyond Government Access: How Encryption Limits AI’s Role in Safety & Security

Beyond the government access debate, encryption also impacts AI-driven safety tools used by tech platforms:

• Content Moderation & Harm Detection: AI models that flag hate speech, misinformation, or child exploitation content can’t scan encrypted messages, limiting their ability to prevent abuse.
• Cybersecurity & Threat Prevention: AI-driven security tools that detect phishing links, scams, and malware lose their ability to scan messages, making users more vulnerable.
• AI-Powered Law Enforcement Tools: Authorities rely on AI to analyse communication patterns for criminal activity, but encryption forces them to depend on metadata instead of message content, reducing investigative effectiveness.

Are There Other Alternatives?

There’s no simple answer to this debate. Some approaches try to find a middle ground between security and privacy, but each has its own drawbacks:

• Judicially Approved Access: Courts authorize decryption only when necessary. However, this requires tech companies’ full cooperation and could be slow and bureaucratic.
• AI-Powered Metadata Analysis: AI detects suspicious behaviour without accessing message content, but metadata alone may not provide enough context, and criminals can find ways to evade detection.
• Advanced Cyber Forensics: Law enforcement uses device forensics and AI-driven investigations without weakening encryption. However, this is labour-intensive and may require physical access to devices.
• Homomorphic Encryption: A promising method allowing authorities to analyse encrypted data without decrypting it. However, it’s computationally expensive and not widely implemented yet.
• Post-Quantum Cryptography (PQC) & Quantum Key Distribution (QKD): Future-proof encryption could make today’s debates obsolete, but these technologies are not yet mainstream, and their implications for law enforcement remain uncertain.

Each option balances privacy and security differently, but none offer a perfect solution. The real challenge is finding scalable, legally sound methods that don’t compromise global cybersecurity

About the author

Dr Mahdi Aiash

Dr Mahdi Aiash is an Associate Professor of Computer Science and Cybersecurity at Middlesex University, where he leads the Cybersecurity Research Group. He also serves as a Director of CATS², spearheading research and policy development at the intersection of cybersecurity, technology safety, and societal impact.

His expertise spans AI-driven cybersecurity, exploitation research, and emerging threats. With extensive industry experience, Mahdi actively collaborates with businesses to bridge the gap between academia and real-world cybersecurity challenges. He also sits on multiple advisory panels in cybersecurity, contributing to policy discussions and shaping best practices. His work has been featured in national media as a leading expert in AI and cybersecurity.

Share this post

 

Tags: AI, Encryption, government, human rights, iCloud