Why Encryption Alone Won't Protect You From Surveillance

A recent Human Rights Watch investigation uncovered how Bulgaria licensed sophisticated surveillance technology called Circles to repressive governments between 2018 and 2023. This technology doesn't break encryption at all. Instead, it exploits fundamental weaknesses in the global phone network to track locations and intercept calls, regardless of what secure messaging app you're using.

The Details

Here's what most people get wrong about encrypted messaging apps. When you send a message through Signal, WhatsApp, or similar apps, that message content is genuinely protected by encryption. Governments and hackers cannot read those messages without extraordinary effort.

But Circles technology doesn't target your messages. It targets the cellular network infrastructure that connects your phone to the world. The system exploits vulnerabilities in something called SS7, a decades-old global signaling protocol that helps cell towers route calls and locate phones. Think of it like this: your conversation inside a car is private, but everyone can see where the car is driving.

Circles can track your real-time location, see who you're calling, intercept unencrypted phone calls, and monitor your movements. All of this happens at the network level, completely invisible to you and your encrypted apps. The technology was sold to governments with questionable human rights records, putting journalists, activists, and ordinary citizens at risk.

Who Is Affected

This matters most for people in countries with authoritarian governments or weak privacy protections. Journalists, human rights workers, political activists, and their families face the highest risk. If you communicate with anyone in these regions, your location and calling patterns could also be exposed.

But this isn't just about faraway problems. The SS7 vulnerabilities affect everyone with a mobile phone. Criminal organizations and other governments can purchase similar technology. If you travel internationally, handle sensitive business information, or simply value your privacy, understanding these infrastructure-level risks matters for your digital safety.

What You Should Do Right Now

Continue using encrypted messaging apps like Signal for message content, but understand they don't hide who you're contacting or where you are.

Use VoIP calling features within encrypted apps (like Signal voice calls) instead of regular cellular calls when discussing sensitive topics.

Disable location services for apps that don't absolutely need them. Go to your phone settings and review location permissions app by app.

Consider your metadata. If the fact that you're communicating with someone is sensitive, additional precautions like separate devices or in-person meetings may be necessary.

Stay informed about telecom security. These vulnerabilities have been known for years, but governments and carriers have been slow to fix them.

The Bigger Picture

This investigation reveals an important truth: privacy and surveillance are about much more than encryption debates. While politicians argue about backdoors in messaging apps, surveillance companies are exploiting infrastructure weaknesses that have existed for decades. Real digital safety requires understanding the entire system, not just individual apps. Staying informed about these evolving threats helps you make better decisions about protecting your family.

How GetCyberRight Can Help

Our Cyber Threat Radar tool tracks emerging privacy threats including surveillance technology developments that affect everyday users. Instead of sorting through technical security reports, you get clear updates about risks that actually matter to your family. We translate complex infrastructure vulnerabilities into practical guidance you can use today.

Why Encryption Alone Won't Protect You From Surveillance