The Democratic Stakes of Private Communication
Democracy has never been a passive condition. It is something that free societies actively maintain — through elections, through civic participation, and through the freedom to communicate without fear of surveillance, manipulation, or reprisal. That last element, the freedom to speak privately, is increasingly under pressure.
The modern internet was built on optimistic assumptions: that open connectivity would empower individuals, that market forces would protect users, and that centralized platforms would remain neutral conduits for expression. Each of those assumptions has proven fragile. The digital communications infrastructure that most people rely on today is owned by a small number of corporations, passes through chokepoints that governments can and do exploit, and operates under terms of service that reserve the right to monitor, restrict, or delete communications at any time.
This is not a fringe concern. Journalists, attorneys, political organizers, whistleblowers, physicians, and ordinary citizens all have legitimate and legally recognized interests in communicating privately. The ability to do so — freely, reliably, and without seeking anyone’s permission — is foundational to a functioning democracy. At Burrell Law, P.C. (“Burrell Law”), we advise clients on the legal dimensions of privacy and communications every day. That vantage point has drawn our attention to a remarkable open-source project called Reticulum, and its companion application, Sideband.
The Technology: What Reticulum and Sideband Actually Do
Reticulum is a cryptography-based networking stack developed by Mark Qvist and dedicated to the public domain in 2016. Its core premise is both elegant and radical: rather than building a single network, Reticulum provides the tools to build thousands of independent, interconnectable networks — none of which require a central authority, a licensed service provider, or a government-approved gateway to operate.
Unlike the internet’s standard TCP/IP architecture, Reticulum does not rely on IP addressing, does not include source addresses on packets, and makes it structurally impossible to transmit unencrypted communications. Every connection, every packet, is secured by default using asymmetric X25519 encryption and Ed25519 digital signatures, with 512-bit elliptic curve identity keys and forward secrecy built into the protocol. Privacy is not a setting to be enabled — it is the only mode the system operates in.
Reticulum can run over virtually any physical medium: LoRa radio, packet radio, WiFi, Ethernet, Bluetooth Low Energy, free-space optical links, and conventional internet tunnels. A single low-cost device — such as a Raspberry Pi connected to a LoRa radio module — can bridge geographically separated communities into a seamless, encrypted mesh network. The project’s stated vision is to allow anyone to operate sovereign communication networks: networks without kill-switches, without centralized surveillance, and without single points of administrative control.
Sideband is the flagship user application built on top of the Reticulum stack. Available for Android, Linux, macOS, and Windows, it provides a full-featured, end-to-end encrypted messaging and communications platform that operates on fundamentally different terms than conventional apps. There is no account registration. There are no service providers retaining user data. There is no terms-of-service clause authorizing data collection. A user’s cryptographic identity is generated on their own device and stored nowhere else.
Sideband transmits messages using the LXMF protocol — a distributed, delay-tolerant messaging framework built for low-bandwidth and high-latency conditions — meaning it functions not just over broadband internet, but over LoRa radio links, packet radio, I2P anonymizing tunnels, and even encrypted QR codes printed on paper. Recent releases have added encrypted voice calls via the LXST protocol, image and audio transfers, real-time peer-to-peer location sharing, and the ability to use Android devices as impromptu network relay nodes. AES-256 encryption is now the default for all communications.
What This Means for Legal Practice and Client Confidentiality
The legal profession has long grappled with the security of digital communications. Attorney-client privilege is a cornerstone of the adversarial legal system, and it depends, in practice, on the confidentiality of the channels through which counsel and client communicate. When those channels are controlled by third-party platforms — cloud providers, messaging services, mobile carriers — the privilege faces structural vulnerabilities that legal doctrine alone cannot fully address. Recently, a federal judge in New York’s Southern District ruled that the use of an artificial intelligence large language model in preparing documents was not protected privileged information.
Most commercial messaging platforms, even those marketed as end-to-end encrypted like Meta Platform’s WhatsApp, retain metadata, are subject to compelled disclosure under applicable law, and can be modified by their operators in response to legal process or policy changes. Attorneys practicing in sensitive matters — criminal defense, national security, whistleblower representation, corporate investigations — have good reason to consider whether the infrastructure they rely on is adequate to the confidentiality obligations they owe their clients.
Reticulum-based communications present a structurally different proposition. Because there is no central operator, there is no third party to serve with a subpoena for message content. Because keys are generated and held only on user devices, there is no service provider capable of handing over decrypted communications. Because the network can operate over radio frequencies independent of the commercial internet, communications can continue even when conventional connectivity is disrupted or legally interdicted.
These are not merely theoretical advantages. They represent a genuine alignment between the architecture of the technology and the confidentiality obligations that attorneys, physicians, accountants, and other privileged professionals are legally required to honor.
Decentralized Communications and Democratic Resilience
The legal profession’s interest in secure communications is one dimension of a broader democratic principle: that private communication is not a luxury or a concession, but a right — and one that requires infrastructure to exercise, not merely legal recognition.
Centralized communications infrastructure creates what security researchers call a single point of failure. But for democratic society, the relevant failure mode is not technical — it is political. A single court order, administrative directive, or corporate policy decision can render an entire communications platform surveilled, censored, or inaccessible overnight. We have observed this pattern internationally: messaging applications compelled to introduce government backdoors, platforms removing entire categories of political speech, governments imposing internet shutdowns coincident with elections or civil unrest.
The late 2024 Valencia floods offered a different but equally instructive example: when disaster disabled centralized infrastructure, civilian communications collapsed entirely. Communities with resilient, decentralized mesh networks faced no such vulnerability.
Reticulum’s architecture is explicitly designed to address each of these failure modes. The absence of a central server eliminates the primary target for a shutdown order. Mandatory encryption with user-held keys means no operator can disclose message content in response to legal process. The ability to operate over radio frequencies means the network can function even when commercial internet access is severed. These properties are not incidental — they are the intended result of an engineering philosophy that places individual and community sovereignty ahead of administrative convenience.
A communications infrastructure that cannot be centrally controlled is one that cannot be centrally weaponized. For attorneys defending unpopular clients, journalists protecting sources, organizers coordinating lawful civic action, and communities maintaining resilience in emergencies, that distinction matters enormously.
Key Legal Considerations
Lawful Intercept Obligations. In the United States, the Communications Assistance for Law Enforcement Act (CALEA) imposes technical assistance obligations on telecommunications carriers and certain broadband providers. The extent to which CALEA’s requirements apply to decentralized, peer-to-peer communications systems that are not operated by any carrier remains a developing legal question. Organizations deploying Reticulum-based infrastructure should assess their status under applicable communications law.
Export Controls on Cryptography. The export of encryption products is regulated under the Export Administration Regulations (EAR) administered by the Bureau of Industry and Security. While general-use encryption software has been substantially liberalized since the late 1990s, specific deployment contexts — particularly involving end-to-end encrypted communications tools exported to or used in certain jurisdictions — may require review. Reticulum uses standard, publicly available cryptographic primitives, which generally benefits from available license exceptions, but context-specific analysis remains important.
Professional Responsibility for Communications Security. The American Bar Association’s Model Rule 1.6(c) requires attorneys to make reasonable efforts to prevent unauthorized disclosure of client information. State bar ethics opinions have increasingly addressed the security of digital communications, with some jurisdictions providing guidance on the use of cloud services, encrypted messaging, and other technologies. Attorneys should ensure their communications tools are consistent with their applicable professional responsibility obligations.
Evolving Regulatory Landscape. Legislation addressing encrypted communications, data localization, and platform liability is active across multiple jurisdictions. The European Union’s ongoing discussions around client-side scanning, proposed changes to Section 230 in the United States, and international debates over encryption backdoors all have potential implications for the legal status of systems like Reticulum. We are monitoring these developments closely.
Looking Ahead
The Reticulum project describes its core protocol and API as stable, with an active development community expanding capabilities and improving tooling. Sideband continues to add features with each release, moving toward a more accessible user experience while preserving its architectural commitment to privacy. The growing global community of users and developers — spanning amateur radio operators, emergency management professionals, privacy advocates, and technologists — suggests that this is a maturing technology ecosystem, not an experimental fringe project.
We expect the legal and regulatory questions surrounding decentralized communications to sharpen as adoption grows. Jurisdictional reach over stateless networks, the application of existing surveillance frameworks to systems without operators, and the evidentiary status of communications on these networks are all areas where legal doctrine will need to develop. Burrell Law, P.C. intends to remain at the forefront of that development.
For clients and colleagues interested in understanding how decentralized communications technology intersects with their privacy obligations, professional responsibilities, or regulatory exposure, we welcome the conversation.
How Burrell Law Can Help
Burrell Law advises businesses, professionals, and organizations on the legal dimensions of technology deployment, communications privacy, cybersecurity compliance, and emerging regulatory frameworks. Our practice spans corporate law, securities law, cryptocurrency and blockchain regulations, and international legal matters — with particular experience advising clients whose work operates at the intersection of law and emerging technology.
Whether you are evaluating the use of privacy-enhanced communications tools, assessing your organization’s exposure under applicable communications law, or seeking counsel on technology-related regulatory compliance, our team is equipped to assist. We maintain offices in New York City and Washington, D.C. and serve clients across jurisdictions.
To learn more or to schedule a consultation, visit us at burrell-law.com.
This post is for informational and educational purposes only. It does not constitute legal advice and does not create an attorney-client relationship. Readers should consult qualified legal counsel regarding their specific circumstances and applicable legal obligations.
