Regulators must protect the architecture of freedom
Europe recently came dangerously close to approving the mass surveillance of private communications. The proposed Chat Control regulation would have forced providers to scan all private messages, effectively turning encrypted communication into a monitored space. It failed only because Germany withheld its support. Out of 27 EU member states, just nine opposed it, while twelve supported it and six abstained — a narrow escape that exposes how fragile the consensus around privacy has become.
Even in the European Union — home to the Charter of Fundamental Rights, the Digital Rights and Principles declaration, and some of the world’s toughest data protection laws — privacy and encryption are increasingly seen as obstacles rather than safeguards. The old, flawed logic that safety requires mass surveillance is once again finding its way into policy discussions.
When surveillance becomes infrastructure
A recent Amnesty International report titled Shadows of Control: Censorship and Mass Surveillance in Pakistan shows what happens when that logic becomes reality. Using technologies from international suppliers, Pakistani authorities built a nationwide monitoring and filtering system that gave intelligence agencies real-time access to private communications — without any judicial oversight.
This isn’t an isolated case. It’s what happens when centralized, easily controlled internet architecture meets unchecked surveillance ambition. The outcome is always the same: trust erodes, rights weaken, and societies lose resilience.
The weak spots in today’s Internet
The problem goes beyond any one country or system. Every layer of digital infrastructure — from national networks and cloud platforms to Web3 protocols — passes through a handful of vulnerable checkpoints: access, discovery, decision logic, data storage, transmission, and user interfaces. Each can either enable freedom or enforce control.
Unfortunately, the current trend is toward centralization. A few global entities now mediate how we access and discover information. The open, decentralized internet that once promised freedom has been replaced by an ecosystem that rewards surveillance and control.
Web3 at a crossroads
Web3 was supposed to fix this — but it hasn’t. Despite the rhetoric, today’s Web3 users still depend on centralized points of failure: trusted endpoints, clearnet front-ends, and public ledgers that expose transactional metadata. In many ways, it mirrors the same chokepoints of Web2. Without intentional design changes, Web3 risks rebuilding the same surveillance infrastructure it claims to replace.
There is hope, though. A growing ecosystem of privacy-preserving technologies is emerging: private transactions, verifiable front-ends, disintermediated access, zero-knowledge proofs, and lightweight client verification. These are not afterthoughts — they are foundational tools that embed privacy into the core of digital systems. In this new model, privacy is not a privilege but a prerequisite for trust.
Regulation is lagging behind
Regulators, however, haven’t caught up. The scrutiny — and even criminal prosecution — of privacy protocol developers like those behind Tornado Cash shows how deeply misunderstood privacy still is. Treating privacy as a liability is a dangerous mistake. In reality, it’s the absence of privacy that creates risk, destroys trust, and enables abuse.
Amnesty’s findings demonstrate the consequences of this blind spot: when privacy is neglected, infrastructure becomes a weapon for control. Failing to learn from this puts democratic legitimacy itself at risk.
From scrutiny to stewardship
The path forward isn’t deregulation — it’s better stewardship. Policymakers must move from treating privacy as a threat to treating it as a shared civic responsibility. Laws should encourage and protect privacy-preserving systems, recognizing them as public goods essential to democracy.
Strong encryption, decentralized governance, and resilient infrastructure are not luxuries. They are structural defenses — digital equivalents of constitutional rights. Decentralization should be seen as a form of institutional redundancy, a way to prevent any single point of failure or abuse of power from threatening the entire system.
A turning point for digital governance
The Chat Control debate and Amnesty’s report tell the same story from different angles. One shows the temptation of mass surveillance before it happens; the other shows the damage after it does. Unless regulators start actively defending privacy-preserving protocols, the risks to digital freedom will only grow.
Lawmakers’ duty is not to regulate privacy technologies out of existence but to guarantee their permanence — to ensure that the rights written into our constitutions are also encoded into the infrastructure of the digital world.
If Web3 and future digital systems are to uphold freedom, privacy, verifiability, and autonomy must be built in from the ground up. Regulators must not only allow this — they must protect it.
