The Case for Encryption Is About Privacy, Freedom and Restricting Spending and the State

John Oxley is a consultant, writer, and broadcaster. His SubStack is Joxley Writes.

Reports suggest that the government has backed down once again, this time in its scrap with Apple over end-to-end encryption. Such matters are always somewhat murky, but it appears our government has dropped a demand that the tech company give them access to international users’ data and weaken security to make it possible. The retreat seems to be the result of pressure from the US and Apple – yet it continues to expose British users’ data to government snooping and the incumbent security risks.

For many years, British governments of all persuasions have had an animus against end-to-end (E2E) encryption. The technology means that messages are encrypted and decrypted on users’ devices, travelling between them in encoded forms that no one, including the tech companies, can unravel. This makes it almost impossible for security services to intercept communications between people, and as such, is an aid for those with nefarious intent.

It is, however, an essential bit of privacy protection for the rest of us.

Apps like WhatsApp now routinely use it to ensure our communications, from the personally private to the commercially sensitive, remain secret. The government’s attempts to crack down on E2E encryption have often ignored both the technical and principled implications of this.

Home Secretaries have considered using the law to ban such technology, or to force companies like Apple to install “backdoors” so that they can, in certain circumstances, be unlocked. Their argument is a reasonable one: that this technology facilitates illicit communications between criminals, terror groups, and other malign actors. It ignores, however, the technical realities and the impact on the rest of us.

Introducing a way for governments to get into the communications is, effectively, creating a deliberate security vulnerability. Much like a physical backdoor, a technical one has weaknesses. It doesn’t just provide access to whoever has a key, but provides an entry point for those with the knowledge and will to either pick the lock or kick it in. Forcing companies to undermine their own security leaves millions of us vulnerable. Whether it is our private conversations, bank and financial details, or commercial documents, the risk when security is undermined runs from personal embarrassment to real financial catastrophe.

Increasingly, we see the risks from the malicious use of the internet.

This year, Marks & Spencer suffered significant operational and financial damage from a cyber-attack. In previous years, the Royal Mail, the British Library and even the NHS have suffered high-profile hacks. Beyond the headlines, countless small businesses and individuals have suffered too. Determined perpetrators, sometimes backed by hostile states, are adept at exploiting weaknesses in our systems. We should not be building vulnerabilities for them. Now, we are in the perverse position of the government ensuring our data is less secure with Apple than users from the rest of the world.

Beyond the workings of such exploits, there is a bigger issue at play here, too. It is about the balance of personal freedoms and the interference of the state. More specifically, it is about governments and the public accepting that sometimes, you just must let bad things happen. This is not the most intuitive thing to accept. The first duty of government is to keep people safe, and there are some threats that only the state can mitigate. Yet we should be more comfortable with the idea that the optimum amount of harm is not zero.

Harm reduction quickly becomes the defence of a raft of new regulations, without clarity over what they achieve. Personal grief, or stories of tragedy, become campaigning points for poorly thought-out changes. Knife crime has given rise to increasingly torturous bans on new types of weapons. The Manchester Bombing led to “Martyn’s Law”, which imposed greater costs and complications on venues. It is the same logic that sees governments push for bans on technology like encryption.

With each of these proposals comes costs. Some impose new challenges on businesses, or on government services that must police them. These instead hurt the economy or push up public spending. Others, like trying to ban encryption, erode our personal privacy or freedoms, and expose us to different risks. It is rarely clear to us as voters when this is a price worth paying.

For those of us who believe in small government, this is a fight that needs to be had. We can only start to cut through overbearing, cumbersome, or expensive regulations if we are serious about what harms we need to avoid and those which we are happy to accept. Without that conversation and pushing back on the apparent need for the government to counter every risk, we will face an ever-growing state that struggles to resist public pressure to interfere.

As a Conservative Party seeking a new way to differentiate ourselves from the opposition on the left and right, this is a particularly vital fight. Too often, our approach to regulation has been half-thought-out, relying on gimmicks like “one in, one out”, rather than a more nuanced conversation about costs and risks. The result has often been discussing freedom while simultaneously restricting it, thereby burdening the public and businesses with the associated costs. Instead, we need to regain the boldness to say what bad things we are going to allow to happen.

This also means, on things like encryption, reconnecting with the civil liberties supporting tradition in the party. Too often, this tends to be flexed in opposition and squeezed when in power. Over recent months, the party has focused its advocacy around freedom of speech, but as an opposition, we should expand this, picking up on a broader push for independence from state interference.

If Conservatives want to make freedom more than just a slogan, we must start with the principles that underpin it. That means recognising that not every risk is ours to regulate away, and that sometimes the price of liberty is tolerating dangers the state cannot, and should not, eliminate. Encryption is a perfect test case. Defending it is not about indulging criminals but about protecting the security and privacy of millions of ordinary people.

Recasting the debate in these terms offers us a chance to claim a coherent philosophy of limited government: one that treats citizens as adults, acknowledges trade-offs honestly, and resists the temptation to legislate against every possible harm.

We have struggled with this in the past, but the whole purpose of this time in opposition should be learning from those mistakes – and breaking from the historic fight against encryption could be a powerful way of doing so.