The Return of Lawful Access: Why the EU’s Encryption Roadmap Is a Trojan Horse
ProtectEU isn’t about security — it’s about power. And encryption is the battlefield.
On April 1st, the European Commission released its five-year internal security strategy, ProtectEU. Buried among its various goals — from fighting terrorism to improving border control — lies a quiet but deeply troubling initiative: a “Technology Roadmap on Encryption.”
End-to-End Encryption Under Fire: The Trojan Horse of “Public Safety”
On 11 October 2020, a coalition of governments led by major Western powers issued an International Statement on End-to-End Encryption and Public Safety. At first glance, it reads like a balanced attempt to reconcile privacy and national security. In reality, it’s a diplomatically worded attempt to undermine strong encryption — dressed up as a plea for “lawful access.”
To the untrained eye, that might sound productive. Maybe even progressive. After all, we all want better technology, right? But let’s not kid ourselves — this roadmap isn’t about strengthening encryption. It’s about circumventing it.
The stated goal?
“To identify and assess technological solutions that would enable law enforcement authorities to access encrypted data in a lawful manner.”
That phrase — “lawful access to encrypted data” — should set off alarm bells for anyone who cares about digital security, privacy, or the basic idea that your messages shouldn’t have an open door for authorities (or hackers, or hostile governments) to waltz through.
There is no such thing as a “backdoor” only good guys can use
The Trojan Horse of “Lawful Access”
Let’s be blunt. You can’t weaken encryption just a little bit. There is no such thing as a “backdoor” only good guys can use. Once you build in access for law enforcement, you build in access — full stop. Encryption is either end-to-end and mathematically secure, or it isn’t. There is no halfway.
Why True Security Has No Backdoors
The UK's Demand for iMessage Backdoors Puts Everyone at Risk—Here’s Why That Matters to You
This is not a new fight. In fact, it's the same tired debate repackaged in new buzzwords. We've seen this before: from the UK’s Investigatory Powers Act to Australia’s anti-encryption laws, and even calls from Five Eyes nations for “exceptional access.” Now the EU wants its own version — wrapped in the language of “roadmaps” and “balance.”
A Security Strategy That Makes Us Less Secure
The irony is staggering. The ProtectEU strategy is being sold as a way to strengthen Europe’s internal security. But by weakening encryption, it does the opposite.
Strong encryption protects:
Critical infrastructure from cyber attacks.
Banks and financial systems from data breaches.
Activists, journalists, and whistleblowers from authoritarian surveillance.
Businesses from corporate espionage.
Everyday citizens from identity theft, blackmail, and exploitation.
You cannot say you’re defending democracy while simultaneously undermining the technologies that protect democratic discourse. You can’t claim to fight cybercrime while introducing the very weaknesses attackers will exploit.
The EU’s Threat to Personal Privacy
As Europe faces increasing cyber threats, the Hungarian president’s continuing proposal to gain access to personal communications, allegedly to combat child sexual abuse material (CSAM), has sparked a troubling debate. While framed as a necessity for protecting children, this argument serves as a Trojan horse to weaken encryption and erode personal privacy rights. This tactic is neither new nor unique to Hungary, but it raises significant concerns for privacy advocates, civil liberties groups, and tech experts. The argument threatens to undermine the very encryption protocols that safeguard sensitive data, both personal and corporate, across the continent and, potentially around the globe.
Society Isn’t Buying It
Thankfully, voices from civil society are already raising red flags. The Centre for Democracy & Technology Europe, the Internet Society, and dozens of digital rights organisations are rallying to oppose the encryption roadmap as it's currently framed.
any roadmap that only listens to the police is not a roadmap. It’s a power grab.
Their joint letter to the Commission urges three critical changes:
Acknowledge that strong encryption is essential for security, not a barrier to it.
Reframe the roadmap to promote encryption as a tool for resilience and defence.
Open the conversation beyond law enforcement to include cybersecurity experts, rights advocates, and the private sector.
Because here’s the truth: any roadmap that only listens to the police is not a roadmap. It’s a power grab.
What Comes Next?
The roadmap itself hasn’t been finalised — which means there’s still time to steer this ship away from the rocks. But make no mistake: this is a live threat to encryption in Europe. And because of the EU’s influence, it could set a dangerous precedent for the rest of the world.
We should support legitimate efforts to combat crime. But breaking encryption doesn’t just hit the bad guys — it hits everyone. There’s no such thing as “lawful access” without collateral damage.
In a time of rising authoritarianism, cross-border cyber warfare, and mass data exploitation, the last thing we need is a European strategy that invites surveillance under the guise of protection.
Defending encryption is not about hiding. It's about preserving power — your power to speak, think, and live freely in a digital world.