Our private conversations, personal data, and digital security are under attack. Around the world, governments are escalating efforts to undermine encryption — the very technology that protects everything from your messages and photos to sensitive business and banking information. These attacks are being justified under the guise of safety — but in reality, undermining encryption makes everyone less safe.
We call on governments around the world to:
- Reject encryption backdoors & client-side scanning – No "special access" for governments that weakens encryption for everyone.
- Consult cryptographers and privacy experts – Work with those who understand encryption to find effective, proportionate solutions to digital challenges.
- Support encryption and the right to privacy – Governments must commit to respecting, protecting, and fulfilling our right to privacy online.
Sign this petition now to defend encryption and protect our privacy online.
How does encryption work?
End-to-end encryption keeps our personal data — like photos, messages, and notes — safe from hackers, surveillance, and misuse. When data is encrypted, all stored files, photos, and backups are converted into unreadable code, accessible only with a unique key.
This ensures that the encrypted data remains private and secure. Strong encryption is essential for protecting privacy and security. Weakening it creates vulnerabilities that bad actors can exploit, putting our data — and even our safety — at risk.
What do encryption “backdoors”, “ghost keys” and “client-side scanning” mean?
- Encryption “backdoors” are efforts to allow third parties (like governments) to access messages — supposedly only for "lawful" purposes. But any so-called backdoor creates a security vulnerability that could be exploited by… well anyone.
- “Ghost Keys” is a similar idea, and would force services to modify their software and encryption keys to allow governments or law enforcement to secretly add themselves to an encrypted conversation. This would weaken their encryption and deceive users.
- Client-side scanning (CSS) scans messages or files on your device before they're encrypted — comparing them against a secret database of prohibited content. While often proposed to combat crimes like the sharing of child exploitation material, CSS breaks the privacy promise of encryption and opens the door to broader surveillance.
And here’s the thing you should know — these methods of weakening encryption don’t just make access to your personal data easier for the “good guys”. Once encryption is weakened, anyone with the right tools can exploit it. That means hackers could steal personal data, people can target activists and journalists, and foreign governments could spy on citizens in their own country, and beyond.
What are commonly used encrypted products under attack?
Whether you know it or not, there’s a good chance you already use encrypted products to keep your personal data safe.
Many widely used apps and platforms are caught up in these various attacks on encryption, including:
- Messaging apps — like WhatsApp, Signal, Telegram (Secret Chats only), iMessage and Facebook Messenger.
- Email services — like Proton Mail and Tutanota.
- Cloud storage — Apple iCloud Advanced Data Protection, Tresorit and MEGA.
- Password managers — like Bitwarden, 1Password and LastPass.
- Encrypted VPNs — like Mozilla VPN, Mullvad and ProtonVPN.
What specific attacks on encryption are underway right now?
Encryption is facing mounting threats from lawmakers around the world. Mozilla is closely monitoring several key developments in several countries, including:
United Kingdom — The UK government has secretly issued demands for access to encrypted personal data stored in Apple’s iCloud, putting the privacy of millions at risk. In response, Apple has paused the rollout of its encrypted iCloud services for users in the UK — a move that leaves everyone less secure online. A legal challenge to these demands is currently underway, but it’s being heard in secret by the Investigatory Powers Tribunal (IPT).
Sweden – Lawmakers in Sweden are considering a bill that would force platforms to retain data for law enforcement, effectively breaking end-to-end encryption. Signal’s president called it “an existential threat to privacy.” If passed, the law could set a dangerous precedent across the EU and beyond.
France — Lawmakers in the French National Assembly recently voted down an amendment that would have weakened encrypted messaging apps like WhatsApp and Signal. But despite this, some governments and lawmakers are already exploring new ways to undermine encryption.
European Union — Versions of the EU’s controversial ‘chat control’ proposal risked mandating client-side scanning of private messages. Meanwhile, the EU’s new security strategy includes a “technology roadmap” on encryption, due later in 2025, which privacy advocates warn could pave the way for weakening end-to-end encryption across Europe.
United States — In the absence of strong federal privacy protections, encryption is increasingly under threat. Lawmakers have proposed multiple bills that could force companies to weaken secure messaging, including measures that promote client-side scanning or expand liability for encrypted platforms. With sensitive data already widely exposed through data brokers, surveillance, and breaches, weakening encryption would leave millions even more vulnerable.