Every few years the argument comes back around, dressed in slightly different language, and 2026 is one of those years. The privacy of ordinary electronic communication faces new pressure as the UK and other governments push for greater capability to harvest and analyse the data of private citizens, and to make it harder for those citizens to protect what they say with end-to-end encryption. Over the coming year, more pressure is expected from the UK and from Europe to restrict the unencumbered use of end-to-end encrypted email and messaging services, the kind of thing most people now use every day without thinking about it: Signal, WhatsApp, and the rest.
We want to write about this carefully, because the topic invites bad writing. It is easy to reach for the word "surveillance" and the image of a boot, and harder to explain what is actually being asked for, why the people asking are not cartoon villains, and why the thing they are asking for cannot be built the way they imagine. So this is the policy half of the argument. It is about the encryption debate itself: what the demand is, what is right about the motivation behind it, and what is wrong about the method. The architecture half, the part about how you build a system that simply has nobody to serve the order to, we have written separately, and we will point you to it at the end.
§ 01What is actually being asked for
Strip away the press releases and the recurring demand is consistent. It is sometimes called "lawful access" and sometimes described, by its critics, as a "backdoor." Both names point at the same thing: a way for an authorised party to read the contents of a message that was supposed to be readable only by its sender and its intended recipient.
The framing is usually reasonable on its face. Nobody is proposing, in so many words, to abolish encryption. The proposal is narrower and more seductive than that. It says: keep your encryption, but build in a mechanism so that, when a court or an agency presents a lawful request, the content can be produced. A spare key, held responsibly, used only with proper authorisation, only against the right people. Encryption for everyone, with an exception for the law.
Put like that, it sounds almost administrative, the digital equivalent of a search warrant for a house. And that analogy is exactly where the trouble begins, because a message is not a house, and a cryptographic key is not a physical lock that a locksmith can open once and then walk away from.
§ 02The motivation is real, and worth saying out loud
We are not going to pretend the people pushing for this are acting in bad faith. The motivations are, for the most part, ones that any decent person shares. The two that come up most often are the protection of children from abuse and exploitation, and the investigation of serious organised crime. These are not rhetorical props. They are real harms, suffered by real people, and the investigators who deal with them are not inventing their frustration when encrypted channels make their work harder.
It would be dishonest to write a piece like this and skip over that. If you only ever hear the privacy side described in heroic terms and the safety side described as a pretext, you are being sold something. The desire to read a suspect's messages in order to protect a child is not sinister. It is human, and it is often correct as a desire.
The disagreement is not about whether those harms matter. It is about the method, and specifically about whether the method on offer does what it claims without doing a great deal that it does not claim. We concede the motivation freely. We do not concede the mechanism, and the rest of this piece is about why.
§ 03A backdoor for the good guys is a backdoor for everyone
Here is the part that gets lost in the policy language. A backdoor is not a policy. It is a property of a system. Once you build a mechanism that lets someone other than the sender and recipient read a message, that mechanism exists. It is code, or it is a key, or it is a process, and it sits there whether or not anyone is currently authorised to use it.
The promise attached to the mechanism, that it will only ever be used by the right people, against the right targets, with the right paperwork, is a promise about behaviour. The mechanism itself does not know about the promise. It does not check a warrant. It is simply a door, and a door can be opened by anyone who obtains the key, or who finds the flaw, or who compels the keyholder, regardless of what the rules say they are allowed to do.
This is not a hypothetical worry. The keyholder becomes a target the moment the key exists. A hostile state wants it. Organised crime wants it, the very crime the mechanism was built to fight. A future government with worse intentions than the present one inherits it as a standing capability. And the mechanism itself, however carefully engineered, is now an additional thing that can fail, can be stolen, can be misused, in a system that previously had no such thing to lose. You cannot build a lock that opens only for the virtuous. The lock does not know who is virtuous. It only knows the key.
Security engineers have been saying this for decades, and they do not say it because they are indifferent to child safety or to crime. They say it because the maths and the engineering are unsentimental. A communication channel is either end-to-end encrypted, meaning only the ends can read it, or it has a third position from which it can be read, in which case it is not end-to-end encrypted, and that third position is exposed to everyone capable of reaching it, not only to the people the law had in mind.
§ 04It is really a fight over who holds the keys
So the debate, underneath the language of safety and access, is a question about custody. Who holds the keys to your conversations? There are only really two answers, and most of the noise is an attempt to avoid admitting that there are only two.
The first answer is that the keys are held by the participants alone. The sender holds one, the recipient holds one, and nobody else has a copy or a way to make a copy. This is what end-to-end encryption means when it is done properly. It is awkward for investigators, by design, in the same way that a private conversation in a kitchen is awkward for anyone standing outside the house.
The second answer is that the keys, or a way to derive them, are held by someone else as well: the service provider, or an escrow agent, or whoever is designated as the responsible keyholder. This is the model the lawful-access proposals require, whether or not they use the word. And the problem with it is not that the designated keyholder is untrustworthy. The problem is that a keyholder exists at all, because a keyholder is a single point that can be subpoenaed, breached, bribed, coerced, or simply mistaken, and everyone's privacy now depends on that one point never failing, forever, under every future government and every future attacker.
When the question is framed honestly, as a question about who holds the keys, the trade-off becomes clearer. The proposals on the table in 2026 are, in effect, proposals to ensure that someone other than you always holds a copy of the key to your private life. The justification is real. The cost is that you no longer have anything that is only yours.
§ 05What this is not
We should be clear about the limits of this argument, because overstating it is its own kind of dishonesty.
This is not a claim that encryption makes investigation impossible. Metadata still exists. Devices are still seized. Informants still talk. The end of a conversation is still a person who can be questioned. Strong encryption narrows one avenue; it does not blind the state. The picture painted by some of the more dramatic proposals, of investigators left helpless, is not the whole picture either.
It is also not a claim that any particular government in 2026 has malicious intent. The argument does not depend on that. It works precisely because intent is not the point. A mechanism built by a trustworthy government, with the best of motives, is still a mechanism, and it outlives the motives of whoever built it. The case against backdoors is strongest when you assume the people asking are sincere, because the danger is structural, not personal.
And it is not a counsel of despair. The fact that this argument keeps returning is, in a way, evidence that the other side keeps having to come back, because the thing they want has not been built, because it cannot be built the way they want it. That is worth holding on to.
§ 06Privacy as something normal people keep
The version of this debate that gets the most airtime treats privacy as the special concern of people with something to hide. That framing quietly concedes the whole argument before it starts. Privacy is not a tool of the guilty. It is the ordinary condition of a normal life: the quiet word with a friend, the message to a partner, the photograph that was only ever meant for one person, the conversation with a doctor or a lawyer or a parent. Most of what end-to-end encryption protects is not contraband. It is the texture of being an unremarkable person who is allowed a private life.
When the law asks for a key to all of that, held somewhere outside the conversation, it is not asking only for the keys to the dangerous few. It is asking for a copy of the keys to everyone, because the mechanism cannot tell the difference in advance, and the moment it exists it applies to all. That is the quiet cost that the reasonable-sounding framing leaves out, and it is the cost that ordinary people, not just activists and dissidents, end up paying.
None of which means the harms the proposals point at are not real. They are. It means the chosen method buys a little capability against those harms at the price of everyone's privacy, permanently, and that this is a poor trade even on the safety side, because the same opened door also serves the criminals it was meant to stop.
§ 07The architectural answer
Everything above is the policy argument, and the policy argument has been made, and lost, and made again, for thirty years. It will be made again next year. We think it is worth making well. But we also think there is a more durable answer than winning a debate that never stays won, and that answer is architectural rather than legislative.
The lawful-access model assumes there is an operator: a company in the middle, holding the accounts, running the servers, capable of being ordered to hand over a key or to install a mechanism. Every backdoor proposal is, ultimately, a demand made to that operator. So the question that interests us most is not "should the operator be forced to keep a key," but "what happens to the whole argument when there is no operator to ask?"
That is the subject of the companion piece, and it is genuinely the other half of this one. If this article is about why the demand is dangerous, that one is about why a peer-to-peer network with no central operator changes the terms of the question entirely. You cannot serve a lawful-access order on a company that does not hold your messages, and you cannot backdoor a network that has no operator to compel. We have written that argument out in full.
This was the policy half. The architecture half is the companion piece. Read why a network with no operator changes the encryption debate from a question of who you trust to a question of who could even comply, and see how OpenDescent is built around that idea.
The encryption debate of 2026 is, at bottom, a debate about where the keys to ordinary life are kept. The people asking for a copy mean well, mostly, and the harms they point at are real. But a key held by anyone other than the people talking is a key that can be taken, and a door built for the good guys is a door for whoever holds the key next. The honest response is not to pretend the safety concerns are fake. It is to build communication that protects normal people by default, and to make the awkward but accurate observation that there is no version of a backdoor that is only ever used by the right people. There is only the door, and the question of who walks through it.