Once you build a backdoor, malicious actors can find it too.
In Tallahassee, Florida legislators have advanced a bill framed as a shield for children online — yet the very architects of digital security warn it would become a weapon against them. The proposal would compel social media platforms to hollow out end-to-end encryption and expose minors' private messages to both law enforcement and parents, resting on the belief that visibility equals safety. But cryptographers remind us that a door built for the righteous cannot be locked against the wicked — and that the children lawmakers seek to protect would be the first to lose shelter.
- Florida's SB 868/HB 743 would force platforms to build encryption backdoors and hand parents full access to minors' messages, all in the name of child safety.
- Cryptographers and the EFF warn this is technically incoherent — a backdoor for law enforcement is, by definition, a backdoor for hackers, foreign governments, and predators too.
- Rather than strengthening protections, the bill may push platforms to strip encryption from minors entirely, leaving young users more exposed to data breaches and account takeovers.
- The ban on ephemeral messaging misreads how children actually use privacy tools — disappearing messages protect kids from embarrassment and exploitation, not just criminals.
- Apple has already pulled encrypted iCloud features from the UK rather than comply with similar demands, and Signal has threatened full market withdrawal — Florida may find its children abandoned by the safest platforms.
Florida lawmakers are advancing a bill that would require social media platforms to build encryption backdoors for law enforcement and grant parents access to all their children's messages. The "Social Media Use By Minors" bill (SB 868/HB 743) would also ban disappearing messages for anyone under 18. The stated purpose is protecting children from predators — but privacy experts say the mechanism will do the opposite.
The fundamental problem is mathematical. End-to-end encryption works because only the communicating parties hold the keys. A backdoor for authorities cannot be made exclusive — once it exists, malicious actors can exploit it too. The Electronic Frontier Foundation has been unambiguous: what the bill demands cannot be built without breaking encryption for everyone. And if platforms are forced to weaken encryption for minors, many will simply remove strong encryption for young users altogether, leaving teenagers more vulnerable to the very threats the bill claims to address.
The ephemeral messaging ban follows a similar logic flaw. Disappearing messages are a privacy tool, not a criminal loophole — they allow minors to communicate sensitive or embarrassing things without permanent record. Banning them doesn't catch predators; it strips a layer of protection from ordinary kids.
This bill arrives on top of Florida's HB 3, passed earlier in 2025, which already mandated age verification and banned social media for children under 14 — legislation currently facing a free speech lawsuit. The EFF urges rejection of the new bill in favor of privacy laws, digital literacy, and tools that protect without compromising security.
The stakes extend beyond Florida. The UK, EU, and Switzerland are pursuing similar measures, but the tech industry is holding firm. Apple withdrew iCloud encryption from the UK and is suing the British government. Signal has pledged to exit any market that demands weakened encryption. If Florida proceeds, it may discover that the platforms best equipped to protect its children will simply choose not to.
Florida lawmakers are pushing a bill that would fundamentally reshape how social media companies protect their youngest users—and privacy experts say the approach will backfire, leaving children less safe rather than more.
The proposal, known as the "Social Media Use By Minors" bill (SB 868/HB 743), would require any platform allowing minors to create accounts to build an encryption backdoor for law enforcement. When police obtain a subpoena, companies would have to decrypt end-to-end encrypted messages on demand. The bill would also ban minors from using disappearing messages—the kind that vanish after viewing, like WhatsApp's view-once feature. Parents would gain access to all their children's messages, a surveillance mechanism built into the platform itself.
The stated goal is straightforward: protect kids from predators and harmful content. But the mechanism, according to cryptographers and digital rights organizations, is impossible to implement safely. The Electronic Frontier Foundation has been blunt about it: the bill asks for something that cannot be done without breaking encryption for everyone. End-to-end encryption works because only the sender and recipient hold the keys. A backdoor—a special entry point for authorities—doesn't discriminate. Once you build it, malicious actors can find it too. Hackers, foreign governments, and criminals would gain the same access law enforcement claims to need.
There's a second, more immediate problem. If Florida forces companies to weaken encryption for minors, many platforms will simply stop offering strong encryption to young users altogether. They'll move to weaker systems or remove the feature entirely for anyone under 18. The result: children would lose the very protection the bill claims to provide. A teenager using a platform without end-to-end encryption becomes more vulnerable to account takeovers, data breaches, and interception by actual bad actors—not hypothetical ones.
The ephemeral messaging ban carries its own logic flaw. Disappearing messages aren't a loophole for predators; they're a privacy tool that minors need as much as anyone else. If a child wants to send a sensitive photo to a friend, or discuss something embarrassing, the ability to have that message vanish is a feature, not a bug. And if law enforcement needs evidence, ephemeral messages can still be saved and reported by the recipient. Banning them doesn't catch criminals; it just erases privacy.
This bill doesn't exist in isolation. Florida already passed HB 3 at the start of 2025, which introduced mandatory age verification for accessing age-restricted content and banned social media accounts for children under 14. That law is currently facing a lawsuit over free speech concerns. Now lawmakers want to go further, layering surveillance on top of restriction. The EFF's recommendation is clearer: reject the bill and invest instead in real protections—stronger privacy laws, digital literacy education, and tools that actually work without compromising security for everyone.
Florida is not alone in this push. The UK, the EU, and even Switzerland—historically a stronghold for privacy—are all exploring encryption backdoors. But the tech industry is drawing a line. Apple killed its iCloud end-to-end encryption feature in the UK rather than build a backdoor, and is now suing the government. Signal has said repeatedly it would leave the market entirely before weakening encryption. These aren't bluffs; they're statements of principle from companies that understand what's at stake. If Florida passes this bill, it may find that the platforms serving its children simply choose not to offer them the strongest protections available.
Citas Notables
The bill is not only privacy-invasive, it's also asking for the impossible.— Electronic Frontier Foundation digital rights experts
This would likely lead to companies not offering end-to-end encryption to minors at all, making them less safe online.— EFF experts on the bill's likely outcome
La Conversación del Hearth Otra perspectiva de la historia
Why would a bill designed to protect children actually make them less safe?
Because it's built on a false choice. The bill assumes you can weaken encryption just for minors, but encryption doesn't work that way. You either have it or you don't. Once you create a backdoor, it exists for everyone—law enforcement, yes, but also criminals and foreign governments.
So companies would just stop offering encryption to minors?
That's the most likely outcome. If you're a platform and the government says you have to decrypt messages on demand, you have two options: build a backdoor and expose all your users to risk, or don't offer encryption to minors at all. Most will choose the second.
But couldn't parents just monitor their kids' messages anyway through the parental access requirement?
They could, but that's a different problem. Parental surveillance and strong encryption aren't mutually exclusive—a parent can see their child's messages while those messages are still protected from hackers and data breaches. The bill conflates two separate things: keeping kids safe from predators and letting parents watch everything.
What about the ban on disappearing messages?
It's security theater. A predator doesn't need disappearing messages to exploit a child. And a teenager does need privacy—to discuss embarrassing things with friends, to have autonomy. If law enforcement needs evidence, the recipient can still save and report the message. You're not closing a loophole; you're just erasing privacy.
Is this happening elsewhere?
Yes. The UK, EU, and Switzerland are all pushing similar measures. But the tech companies are pushing back hard. Apple killed a feature rather than comply. Signal said it would leave the market. These aren't empty threats—they understand that once encryption is compromised, it's compromised for everyone.
What would actually work?
The experts say invest in digital literacy, stronger privacy laws that protect everyone, and tools that don't require weakening security. You can protect children without asking companies to do the impossible.