Security is not enough: privacy in encryption regulation and lawful-surveillance protocols

Artur Pericles Monteiro

doi:10.1145/3788646.3789535

Security Is Not Enough: Privacy in Encryption Regulation and Lawful-Surveillance Protocols

Author

Artur Pericles Lima Monteiro

Published

2026

full text

Abstract

This article argues that security is not enough to fully capture what is at stake in government exceptional access to encrypted data. A conception of privacy as security has little to say about “lawful-surveillance protocols”—an active research agenda in cryptography that aims to enable government exceptional access without compromising systemic security. But the limitations are not contingent on the success of this agenda. The normative landscape today cannot be explained if security is all there is to privacy. And fundamental objections to Apple’s abandoned client-side scanning system gesture beyond security. This article’s contribution is modest: to show that there must be more to privacy than the security mold it has taken. A richer understanding is needed both to assess policy and to guide research on lawful-surveillance protocols.

Citation

BibTeX citation:

@inproceedings{monteiro2026,
  author = {Monteiro, Artur Pericles L.},
  title = {Security Is Not Enough: Privacy in Encryption Regulation and
    Lawful-Surveillance Protocols},
  booktitle = {Proceedings of the 2026 Symposium on Computer Science \&
    Law},
  date = {2026-03-03},
  eventdate = {},
  url = {https://doi.org/10.1145/3788646.3789535},
  doi = {10.1145/3788646.3789535},
  langid = {en}
}

For attribution, please cite this work as:

Artur Pericles L. Monteiro, Security Is Not Enough: Privacy in Encryption Regulation and Lawful-Surveillance Protocols, in Proc. 2026 Symp. Comput. Sci. & L. (2026), https://doi.org/10.1145/3788646.3789535.