FOSS has always played a key role in enabling secure communications and systems: from encrypting filesystems to allowing anonymous browsing, free and open source tools are fundamental. In the aftermath of the tragic terrorist attacks in Paris, a strong campaign against widespread adoption of encryption tools has gained momentum, even if it soon became clear that the terrorists hadn't used any anonymization technique. While in USA plans for the adoption of compulsory backdoors, in order to circumvent encryption, have been apparently abandoned, many European States seem to perceive encryption software and devices as one of the worst evils. How can FOSS and FOSS developers play a part in this scenario? Will it still be possible to develop and use encryption, to enable communication privacy, or will developers and users run the risk of incurring in some liability? The talk will examine the current European Legal framework, in order to assess which part can FOSS have in the ever-shifting balance between security and privacy, involving the audience with some case studies and personal experiences.