Once again there are talks about making platforms add some sort of back door to encrypted private communications. This happens every few years and usually falls flat on its face when policy meets mathematics, but what is the issue here?
The key issue is that the state, in various guises, would like to be able to snoop on private communications. There are lots of excuses for this - the latest is "online harms", and of course a smattering of "think of the children". The idea is that if you can snoop on communications you can catch dodgy people grooming children in otherwise "private" chat channels. These latest efforts are rather complicated as they are trying to over reach beyond what is illegal off-line (what is illegal off-line is already illegal on-line), but even muddy the waters of legal and illegal in the first place. It is about obligations on platforms over "harmful but legal" content. This is, in my view, very bad - there should be simple clear rules on what is and is not legal, and speech of any sort that is "legal" should not be censored, even by some sort of back-door means by placing duty of care obligations on platforms.
However, in with all this, is some need to apply this duty of care to end to end encrypted communications, which means making us all less secure. You cannot make a back door that only works for the good guys. It simply does not work like that. We all rely on basic encryption to protect our privacy every day.
See this blog for more on this generally.
But there are other issues with this when it comes to trying to catch criminals or even "harm", and that is the notion that secure communications requires some platform or vendor to provide that security. This is simply not the case. Right now a lot of platforms provide the apps and allow secure (end to end encrypted) communications, but it only takes some sort of snooping law like this to drive things another way. We can have apps that allow security to be applied to the communications that a platform is providing (even simple SMS) where that security is in the end points, in the app. And apps that have no "vendor" in the conventional sense, but are free open source code that is just available on the Internet for all to download. With separate moves to break up Apple's monopoly on its AppStore, this could allow such apps even on otherwise locked down iPhones, but obviously this is already the case with more open platforms like Android.
Of course, you also have the question of having a separate platform and app provider. Are app providers in scope of such laws anyway, and if they offer end to end encryption via some other platform (which itself does not offer end to end encryption), what is in scope of such laws?
Even if this duty of care tries to apply to a platform or an app vendor, it is no good when there is no such entity to which the law can apply. End to end encrypted communications does not need a platform or vendor.
I have a video which is standing the test of time quite well that shows that encryption does not need complicated maths in any way. The example is a simple type of encryption with pen, paper, and dice. But the tools to do good, high quality, secure, encryption, are all available freely. It is not secret. The cat is well and truly out of the bag. Anyone with criminal intent can use such tools. Measures to reduce security will impact "normal" people, happy to use the app with the platform, and so allowing criminals access as well and making us all less secure.