The men who wrote the Fourth Amendment had watched a government treat a population as a thing to be catalogued. They had lived under writs of assistance — general warrants that let a customs officer search any house, any ship, any person, on no suspicion at all. So they wrote a sentence meant to settle the matter for good: the right of the people to be secure in their persons, houses, papers, and effects against unreasonable searches and seizures shall not be violated, and no warrant shall issue but upon probable cause.
It was a line no administration could cross, but the history of encryption is the history of that line being crossed anyway—quietly, by men who knew the public would never have voted for it.
Crypto AG sold rigged cipher machines to a hundred governments, and the CIA read every message. The Promis software moved through the world’s ministries, carrying hidden access for whoever had modified it. No vote or warrant required. Only a contract and a secret.
In the past year, the men who hold the pen have stopped bothering to hide it. The backdoor is no longer something installed in the dark. It is being written into statute, in daylight, with a citation number.
Consider Proton, the encrypted email company whose entire promise rested on a Swiss address. Proton has confirmed it is moving most of its physical infrastructure out of the country. Its new privacy product, the Lumo assistant (which launched in July 2025) was the first to go. Its servers were relocated to Germany, with more in Norway. The reason is an imminent new law that will revise the Ordinance on the Surveillance of Postal and Telecommunications Traffic.
The substance should be familiar to anyone who has read the Fourth Amendment. Providers with as few as 5,000 users would be compelled to log IP addresses, retain that metadata for six months, and verify the real identity of every user. The same data retention is illegal for email providers in neighboring Germany. The operative clause is Article 50a, which essentially mandates that the lock you bought comes with a key the state can demand.
The Crypto AG operation needed a covert backdoor installed without the customer’s knowledge. The Swiss ordinance would simply require one, openly, as a condition of doing business. Proton’s own assessment is that this would make Switzerland’s surveillance regime more intrusive than that of the EU or the United States. There has been backlash, and the fight is not over, but the Swiss government shows no signs of stopping its totalitarian push.
The Founders’ specific horror was the general warrant: a search authorized in secret, justified by nothing, answerable to no one. Britain has rebuilt it, and Apple is the case study.
In January 2025, the UK Home Office served Apple with a Technical Capability Notice under the Investigatory Powers Act—the statute its critics call the snoopers’ charter. The notice demanded access to data secured by Advanced Data Protection, the feature that encrypts iCloud backups so completely that Apple itself cannot read them. The order carried a gag clause: under the Act, revealing that you have received such a notice is itself a crime. A secret search, with a law forbidding you to mention the search exists. The writ of assistance, reborn with a server farm.
Apple refused to build the backdoor. In February 2025 it withdrew Advanced Data Protection from British users entirely — choosing to leave UK customers less secure rather than weaken the encryption protecting everyone. Then came the theater of resolution. In August 2025, the US Director of National Intelligence announced that Britain had dropped the demand. But Apple never restored the feature, because the UK had not abandoned the order — it had merely rewritten it to apply to British users only. The litigation continued into 2026, much of it argued in a tribunal that meets behind closed doors. A secret order, a public denial, and the same demand surviving in altered form. The instrument is new. The constitutional injury is the one the Fourth Amendment was written to forbid.
Some surveillance requires no backdoor and no order, because the network was built broken from the start. The relevant plumbing is called Signaling System 7 (SS7), the protocol that lets phone networks worldwide pass calls and texts between one another. It was designed when the only entities on the network were trusted national carriers, and so it authenticates almost nothing. Anyone with access can ask the global system where a phone is, and the system answers. No malware. No tap. No trace on the device. No paperwork.
A company called First Wap has been exploiting this for nearly two decades. An international investigation led by Lighthouse Reports exposed its product, Altamides—Advanced Location Tracking and Deception System. The reporting centered on a leaked archive of 1.5 million records of tracking operations across 160 countries and 14,000 phone numbers.
This is where metadata stops being abstract. Among the records, investigators found that in 2012, the bodyguard of a Rwandan exile opposition figure was tracked by Altamides. Eighteen months later, the man he protected, Patrick Karegeya, was found strangled in a Johannesburg hotel room.
Crypto AG corrupted the hardware. Promis corrupted the software. First Wap corrupts neither. It walks through a door the telephone system left open in the 1980s and never closed.
It would be a mistake to read all of this as a single conspiracy. There does not need to be. What recurs is not a cabal but an appetite—the standing wish of every powerful institution to be owed a key to the private lives of the people it governs.
The tools are not staying where they were built, either. A capability perfected on one population becomes an export to the next. That was the lesson of Crypto AG, and it is the lesson again now. The only people who will be surprised are the ones who mistook the past for the end of it.
