Surfshark
Featuring: Ryan Polk, Director of Internet Policy at the Internet Society
In today’s world, where online communication forms the backbone of global interaction, encryption is vital in safeguarding privacy and security. To delve deeper into the significance of encryption, we spoke with Ryan Polk, Director of Internet Policy at the Internet Society — co-founders of the Global Encryption Coalition (GEC).
What is Internet Society and Global Encryption Coalition?
The Internet Society is a global non-profit organization dedicated to ensuring the internet remains open, globally connected, secure, and trustworthy. GEC is a group of organizations, companies, and cybersecurity experts who promote and defend encryption, particularly in regions where it faces threats.
Over the past five years, members of the Global Encryption Coalition have successfully mitigated threats to strong encryption and have persuaded governments to protect it. As a member of the GEC’s Steering Committee, the Internet Society has played a pivotal role in expanding the Coalition to include over 400 members, including Surfshark, and has led successful encryption advocacy campaigns worldwide.
Before delving into the interview, it’s important to note that while Ryan Polk helps lead the Global Encryption Coalition as part of the Internet Society’s role on the Steering Committee, he is not speaking or taking positions on behalf of the GEC itself. His comments are made entirely in his role at the Internet Society and as an informal leader within the GEC.
Encryption at the global scale
The digital world faces unprecedented threats to encryption. We begin the interview by asking Ryan Polk about the biggest global threat to encryption in 2025.
“Bad government policies and legislation continue to be the largest global threat to encryption.
Some governments want to gain access to end-to-end encrypted communications, often for law enforcement purposes. Unfortunately, there is no way to provide law enforcement with a way to access end-to-end encrypted communications without creating a vulnerability that weakens the security and privacy of everyone who uses that service. Any vulnerability created to facilitate law enforcement access would also create a vulnerability that criminals or adversaries could exploit.
Yet, despite the dangers that breaking end-to-end encryption would create, some governments are still pursuing this goal.”
Knowing the biggest global threats, we asked about the main challenges to end-to-end encryption in 2025 and what actions the GEC will take.
“The global encryption debate has changed significantly in the five years after founding the Global Encryption Coalition (GEC). More governments than ever before are recognizing the importance of end-to-end encryption and acting to protect its use. Just last year, several EU member states, including the Netherlands, Czechia, and Germany, voted against a proposed EU regulation that would have undermined encryption.
Other governments have largely failed in their attempts to undermine encryption in recent years. In the US, no anti-encryption regulations have been passed into law, despite attempts like the Law Enforcement Access to Encrypted Data (LAED) Act. These successes are the result of years of advocacy from encryption advocates around the world. At the same time, some governments are now taking stronger actions to attempt to undermine or outlaw the use of end-to-end encryption.
Within this context, 2025 is set to be a particularly dangerous year for encryption, especially in Europe. Several European countries, like the United Kingdom, Sweden, and France have already seen attempts to undermine the use of strong end-to-end encryption, and it’s only April! The European Commission also recently came out with their new Internal Security Strategy which called for finding ways for law enforcement to access end-to-end encrypted data. So, these threats aren’t just going to go away.
Although well-intentioned, US legislation on child safety could threaten end-to-end encryption and make children even less safe online.
India is looking at tax legislation that would allow the tax authorities to demand access to end-to-end encryption. Other countries will likely attempt to undermine encryption this year, too. For law enforcement agencies, breaking encryption is just too tempting a goal, even though doing so is incredibly dangerous for everyone’s privacy and security.
Preventing these bad laws and policies is crucial to ensure that end-to-end encryption remains available to protect everyone’s security and privacy.”
Encryption policy & advocacy
Client-side scanning has sparked significant debate in the encryption community. We were curious to know the Internet Society’s position on this controversial topic and its impact on encryption integrity.
“Client-side scanning refers to systems that scan message contents — i.e., text, images, videos, files — for matches or similarities to a database of objectionable content before the message is sent to the intended recipient.
However, client-side scanning would compromise the privacy and security that users need. By making messages no longer private between the sender and receiver, client-side scanning breaks the trust model needed for end-to-end encryption.
There are also problems with over-blocking and scope creep that could harm user privacy. The same techniques used to prevent the distribution of illegal content can be used to enforce policies such as censorship and suppression of political dissent by preventing legitimate content from being shared or blocking communications between users.
Finally, motivated criminals can easily circumvent these proposals and find ways to continue sharing content undetected while every citizen remains unprotected. This is one of the reasons that security agencies like the Swedish Armed Forces and the Dutch General Intelligence and Security Service have spoken out against client-side scanning, saying that hostile state actors could exploit it and present too great a security threat.”
The argument for backdoors in encrypted services as a means to combat crime is a contentious issue. What is your perspective on this debate and how do you address these arguments?
“Breaking end-to-end encryption would give law enforcement another surveillance tool at the expense of providing criminals and foreign adversaries with the same tools to use for harm against everyone.
There’s more than one way to catch a criminal. Whether through turning an informant or using other traditional investigation methods, law enforcement can be successful in their investigations. One example is collaborating with technology experts on using metadata and other information about communications without needing to access the content of the communications.
Beyond metadata, when law enforcement caught the cartel leader “El Chapo,” they did so by cultivating an informant who gave them access to encrypted messages being sent by the leader. They didn’t need to break the encryption on the service. They just needed to turn someone with access to the encrypted communications.”
With encryption laws evolving worldwide, we inquire about specific laws that the Internet Society is monitoring closely and their potential impact on encryption practices.
“There are several of those. They include laws in:
- European Union. The European Union Commission’s proposed Child Sexual Abuse Regulation (CSAR) obligates providers to monitor content in end-to-end encrypted environments. The EU’s institutions are split on the topic, with the European Parliament adopting a pro-encryption position that excludes private messaging from scope. The Council of the European Union is struggling to finalize its position, with many countries in favor of client-side scanning technologies that would undermine encryption.
- United States. The TAKE IT DOWN Act would criminalize AI-generated sexual image abuse and help victims remove and block that content. However, broad definitions and a lack of guardrails pose risks for intermediary liability and end-to-end encryption.
- Sweden. Sweden’s law enforcement and security agencies are pushing legislation, u2024/02286 Data lagring och åtkomst till elektronisk information, to force companies to store and provide access to their users’ communications no matter the technical challenges. As a result, companies would be forced to break end-to-end encryption on their services.
- India. The Income Tax Bill 2025 would give tax authorities the ability to search and seize data in digital spaces, mandating the explicit disclosure of passwords and allowing forced access to encrypted information.”
Tech industry’s responsibility
Cybersecurity and tech companies play a pivotal role in protecting strong encryption. We discussed what role cybersecurity & tech companies, like Surfshark, play in protecting strong encryption.
“Cybersecurity and tech companies are critical to protecting the security and privacy of internet users everywhere. Beyond making the products that offer that protection, we all rely on security companies to hold their ground when governments attempt to force them to undermine the security of their services.
No matter where in the world, governments care about the economy and take pride in their tech sector. That means private companies have some of the strongest voices advocating for encryption protection. If companies are forced to undermine the security of their products, or even if the security of their products becomes suspect, their ability to compete in global markets will be severely damaged. That impacts their bottom line and the country’s economy.”
The future outlook
A public understanding of encryption as a fundamental right is crucial for its protection. We explore strategies to improve public awareness and appreciation of encryption.
“People use and rely on encryption every day but don’t realize it. When browsing the web, encryption protects online purchases, credit card chips, and internet traffic.
However, access to strong end-to-end encryption enables key fundamental rights. The privacy and security provided by end-to-end encryption can ensure freedom of speech and it also protects people in marginalized groups. LGBTQ+ individuals navigating coming out, domestic violence survivors seeking help, and journalists communicating with sources, all rely on the privacy enabled by end-to-end encryption.”
Collaboration between privacy-first companies and advocacy groups is essential for strengthening global encryption. Ryan Polk discusses potential avenues for collaboration and the benefits it can bring.
“Ensuring strong communication between a global network of encryption advocates is crucial if we are to protect encryption.
When we conceived the Global Encryption Coalition, we planned it to be a big tent group that included civil society groups and private companies. When these groups work together to fight for encryption, diverse voices bring compelling arguments that convince decision-makers to protect encryption. Just as important as cross-sectoral collaboration is international collaboration. The ability to shine a global light on a national-level attempt to attack encryption helps convince decision-makers to listen to the experts and decide to protect encryption.
If organizations or companies are interested in joining the fight to protect encryption, join us at www.globalencryption.org”
Final note: the path forward for encryption
Encryption is more than just a technical tool. It is a fundamental right that underpins our digital lives. As we navigate the complexities of global threats, policy debates, and industry responsibilities, the insights shared provide a roadmap for the future.
