Zerodayhub

News and articles for the modern cyber security professional

The Vault They Cannot Crack: Britain’s War on Encryption Is a War on You

They do not want to protect your children.

They want your keys.

Everything else — the legislation, the language of safeguarding, the carefully cultivated spectre of predators lurking inside encrypted apps — is the vehicle for that desire. The destination was always the same: a Britain in which no citizen may whisper anything the state cannot, if it chooses, one day overhear.

This month, Ofcom is expected to deliver its long-awaited report on encryption backdoors under the Online Safety Act. The machinery of Britain’s surveillance ambitions is turning. And if you still believe this is a debate about child safety, you have been watching the wrong hand entirely.

The Vilification of Complacency

The comfortable position — the position peddled in parliamentary press releases and laundered through sympathetic headlines — is that this is a reasonable, proportionate measure. That backdoors can be built cleanly. That governments can be trusted to hold the keys responsibly. That you, the ordinary citizen, have nothing to fear because you have nothing to hide.

This position is not merely wrong.

It is the most dangerous idea in British politics today.

The forces that benefit from your acceptance of it are considerable. The Home Office, which has spent years lobbying for expanded surveillance powers. The security establishment, which views the proliferation of strong encryption the way feudal lords once viewed the printing press — a catastrophic democratisation of something that was never meant to belong to the common person. And the quiet, comfortable class of politicians who have never once considered that the powers they vote themselves today will, one day, be inherited by a government they would not vote for.

Complacency here is not a passive crime. It is participation.

The Vivisection

Let us be precise about what is being proposed, because precision is the first casualty of this debate.

End-to-end encryption means that when you send a message on Signal or WhatsApp, it is scrambled on your device and unscrambled only on your recipient’s device. No intermediate server holds the readable content. Not the app company. Not your network provider. Not the government.

The Online Safety Act empowers Ofcom to require platforms to deploy “accredited technology” to scan messages for child sexual abuse material — even within end-to-end encrypted communications. The mechanism for doing so is, mathematically, impossible to achieve without breaking the encryption entirely.

This is not a technical nuance. It is the whole argument.

There is no such thing as a backdoor that only good people can walk through. Every cryptographer worth their credentials has stated this, repeatedly and unanimously, for decades. A vulnerability installed by design is still a vulnerability. Once the vault has a second door, every lockpick on earth begins looking for it.

Signal’s president, Meredith Whittaker, has said she would rather pull Signal from both the UK and Sweden than compromise the architecture. WhatsApp’s leadership has made the same vow. These are not bluffs from corporations protecting profit margins. These are engineers telling you, plainly, that what the government is demanding is technically incompatible with the safety it claims to provide.

And yet, the January 2026 guidance from the UK’s National Security Technology Centre ventured somewhere remarkable — suggesting that the creation of apps like Signal or WhatsApp could constitute “hostile activity.” Read that again. Building a tool that allows two people to speak privately, without state observation, may now be framed as an act of aggression against the British state.

The mask is not slipping. It has been removed entirely.

Phone tapped

Across the Channel, the European Union is pressing toward a vote on the Child Sexual Abuse Regulation — colloquially known as Chat Control — which would require messaging platforms to voluntarily scan private communications for offending content. The word “voluntary” is doing extraordinary violence to the English language in that sentence. When the alternative is regulatory annihilation, no choice is voluntary.

The human cost of this is not abstract. Journalists communicating with sources. Domestic abuse survivors organising their escape. Lawyers discussing client matters. Activists in the country that imprisons them. Whistleblowers. Dissidents. Everyone who has ever needed to say something true to someone they trust, without the world watching.

When you hollow out encryption, you do not only hollow it out for criminals. You hollow it out for every one of them.

The Vindication

Now let us hear the counterargument — because it deserves to be named before it is dismantled.

The counterargument says: child sexual abuse is real. Terrorism is real. Encrypted platforms are genuinely used by those who perpetrate both. Surely some compromise is reasonable when children’s lives are at stake?

This argument is designed to be unanswerable because it moves the target. It asks you to evaluate the emotional weight of the harm rather than the practical effect of the cure.

Here is the practical effect: the National Centre for Missing and Exploited Children received 36.2 million reports of suspected child sexual abuse material in 2023. The overwhelming majority came from unencrypted platforms — Facebook Messenger, email, cloud storage. The encrypted dark corners are genuinely difficult, and that is genuinely troubling. But breaking encryption on Signal does not fix that problem. The criminals simply move to self-hosted, open-source, offshore tools that no Westminster legislation can touch. What remains, stripped of its protection, is the private communication of the innocent.

You do not make children safer by dismantling the locks on every door in the city because some criminals use doors.

The counterargument also implies that this power, once granted, will be used precisely as promised. History grants no such assurance. The Regulation of Investigatory Powers Act 2000 was sold to the British public as a counter-terrorism tool. Within years, it was being used by local councils to surveil families suspected of living outside school catchment areas. Powers do not shrink. They metastasise.

The moment you grant your government a key to every private conversation, you have not struck a bargain. You have made a concession that can never be retrieved.

secret meeting

The Vow

If you are reading this and thinking that this is someone else’s problem — that you are not a journalist, not an activist, not a person of interest — then V3ndta asks you to consider one further thing.

You do not know what will make you a person of interest in ten years’ time.

Here is what you can do, today, to defend the vault:

1. Move your conversations to Signal — now. Not eventually. Now. Signal is free, open-source, and audited. It is available on every platform. The more people who use it, the stronger the social norm of private communication becomes. Download it at signal.org and encourage three people in your life to do the same.

2. Respond to the Ofcom consultation. Ofcom is a regulatory body that is required to consider public submissions. Individuals can and should submit responses on matters of this gravity. Visit ofcom.org.uk and make your voice part of the record. A regulator that hears only from government and industry will produce a report that serves only government and industry.

3. Contact your MP — in writing. Not an automated form. A letter or a substantive email that articulates, in your own words, why you believe backdoored encryption is a threat to civil liberties. MPs are required to respond to constituents. Find yours at parliament.uk/mps-lords-and-offices/mps.

4. Support the organisations fighting on your behalf. The Open Rights Group (openrightsgroup.org) is the most prominent UK digital rights organisation actively litigating and campaigning against surveillance overreach. Privacy International (privacyinternational.org) operates across Europe and beyond. Both accept donations. Both deserve them.

5. Audit your digital life for unnecessary exposure. Enable disappearing messages on Signal. Use an encrypted email provider like ProtonMail for sensitive correspondence. Review what cloud services hold your data and where those servers physically reside. Every layer of protection you add is a layer the state must work harder to remove.

The defence of encryption is not the work of hackers and technologists alone. It is the work of citizens.

Phone unencrypted

The Verdict

The British government is not asking for a backdoor to your messages.

It is asking you to agree that you never deserved a door in the first place.

The laws being written in Westminster today will be inherited by governments you have not yet voted for, enforced against causes you have not yet stood for, wielded against people whose only crime will be that someone, somewhere, decided they merited watching.

The vault must hold. Or we all live in the open.

The revolution is encrypted. 🎭🔒

Leave a Reply

Navigation

About

Writing on the Wall is a newsletter for freelance writers seeking inspiration, advice, and support on their creative journey.

Discover more from Zerodayhub

Subscribe now to keep reading and get access to the full archive.

Continue reading