Signal will withdraw from Sweden if encryption-busting laws take effect

Signal CEO Meredith Whittaker says her company will withdraw from countries that force messaging providers to allow law enforcement officials to access encrypted user data, as Sweden continues to mull such plans.

Whittaker said Signal intends to exit Sweden should its government amend existing legislation essentially mandating the end of end-to-end encryption (E2EE), an identical position it took as the UK considered its Online Safety Bill, which ultimately did pass with a controversial encryption-breaking clause, although it can only be invoked where technically feasible.

She made the claims in an interview with Swedish media SVT Nyheter which reported the government could legislate for a so-called E2EE backdoor as soon as March 2026. It could bring all E2EE messenger apps like Signal, WhatsApp, iMessage, and others into scope.

Whittaker said there is no such thing as a backdoor for E2EE "that only the good guys can access," however. 

"Either it's a vulnerability that lets everyone in, or we continue to uphold strong, robust encryption and ensure the right to privacy for everyone. It either works for everyone or it's broken for everyone, and our response is the same: We would leave the market before we would comply with something that would catastrophically undermine our ability to provide private communications."

The CEO's comments follow the news of Apple disabling iCloud's Advanced Data Protection (ADP) feature for users in the UK last week, a revelation that followed reports of the Home Office requesting a fully fledged backdoor weeks earlier.

Wider concerns that similar measures could be imposed beyond the British Isles were previously raised. Big Brother Watch warned it would not stop with Apple, describing the move as "outrageous" and "draconian."

Sweden launched an investigation into its data retention and access laws in 2021, which was finalized and published in May 2023, led by Minister of Justice Gunnar Strömmer.

Strömmer said it was vital that law enforcement and intelligence agencies were able to access encrypted messaging content to scupper serious crime – the main argument made by the UK in pursuing its long-term ambition to break E2EE.

The inquiry made several proposals to amend existing legislation, including the recommendation that encrypted messaging must store chat data for up to two years and make it available to law enforcement officials upon request.

It would essentially mirror the existing obligation for telecoms companies to provide call and SMS data to law enforcement, as is standard across many parts of the developed world, but extend it to encrypted communications providers.

• Signal says it'll shut down in UK if Online Safety Bill approved
• Satya Nadella says AI is yet to find a killer app that matches the combined impact of email and Excel
• If you dread a Microsoft Teams invite, just wait until it turns out to be a Russian phish
• Why is my Mitel phone DDoSing strangers? Oh, it was roped into a new Mirai botnet

Doing so, however, would mean those platforms would have to implement the means to decrypt users' communications, which is impossible with E2EE. No one other than the communicating parties can read the messages, not even the platform provider.

As Whittaker said, it's either secure or it's broken in a way that theoretically could be exploited by anyone, not just the platform itself at the behest of a given government.

Other countries such as Australia have all tested the waters with encryption-busting proposals, attracting widespread criticism in all cases. The same goes for the EU's plans and over in the US, CISA and the FBI are at odds over the matter. CISA advocates for encrypted messaging platforms while the FBI supports "managed encryption" that can be decrypted by a provider upon request. ®