Social media apps in smartphone

UK must ‘urgently rethink’ Online Safety Bill, messaging apps claim

Image credit: Foto 208552395 © Rafael Henrique | Dreamstime.com

WhatsApp, Signal and other encrypted messaging services have signed an open letter warning against the ‘unprecedented threat’ to privacy posed by the UK's Online Safety Bill.

The UK's largest encrypted messaging services have publicly opposed the government's Online Safety Bill ahead of its final reading in the House of Lords.

The companies' leading executives have signed an open letter asking the UK government to “urgently rethink” sections of the legislation. They warned that in its current version, the Online Safety Bill fails to protect end-to-end encryption and respect the human right to privacy.

“The bill provides no explicit protection for encryption and, if implemented as written, could empower Ofcom to try to force the proactive scanning of private messages on end-to-end encrypted communication services - nullifying the purpose of end-to-end encryption as a result and compromising the privacy of all users,” the letter states.

“In short, the bill poses an unprecedented threat to the privacy, safety and security of every UK citizen and the people with whom they communicate around the world, while emboldening hostile governments who may seek to draft copycat laws."

The Online Safety Bill has been presented by the government as a ground-breaking law that will protect the privacy and safety of children online. The legislation is set to require tech giants to protect users from harmful content for the first time, with penalties for breaching the new rules including fines of up to 10 per cent of a firm's annual turnover.

Although the legislation has been celebrated by children’s charities, free-speech advocates and IT experts have criticised the requirement for companies to use “accredited technology” to scan users’ messages to identify and remove child sexual abuse material.

The United Nations also noted that the bill's requirements represent "a paradigm shift that raises a host of serious problems with potentially dire consequences". 

As a result, encrypted messaging companies including WhatsApp and Signal have already stated that they would be willing to leave the UK altogether, rather than risk compromising the privacy of their users by complying with the bill's requirements. 

“Private messages are private," said Meta's head of WhatsApp, Will Cathcart. “We oppose proposals to scan people’s private messages and we’re proud to stand with other apps to defend encryption and your right to privacy.”

Matt Hodgson, co-founder and chief executive of Element, has also stated his belief that his company’s ability to serve customers was under threat by the bill, arguing that the undermining of encryption puts everyone at risk.

“The UK wants its own special access into end-to-end encrypted systems,” he said. “Bad actors don’t play by the rules. Rogue nation states, terrorists and criminals will target that access with every resource they have.

“[The Online Safety Bill] is outright dangerous. It’s the cyber equivalent of Britain decommissioning its nuclear deterrent."

Hodson pointed out that the bill fails to be aware of decentralised communication services such as Element and Matrix and does not take into consideration server-free architecture and non-internet-based connectivity with services such as Bluetooth.

Meanwhile, the UK government has insisted the bill "in no way represents a ban on end-to-end encryption", stating that Ofcom will only be able to make companies use technology to identify child sexual abuse material in “appropriate and limited circumstances”.

“We support strong encryption, but this cannot come at the cost of public safety," said a Home Office spokesman. “Tech companies have a moral duty to ensure they are not blinding themselves and law enforcement to the unprecedented levels of child sexual abuse on their platforms."

Downing Street has also defended the plan, with the Prime Minister’s official spokesman insisting “it will not introduce routine scanning of private communication”.

The spokesman added: “It is being developed to ensure it has the requisite safeguards so it doesn’t weaken, by default, end-to-end encryption; it is a targeted power to be used only when necessary and when other measures cannot be used”.

The National Society for the Prevention of Cruelty to Children (NSPCC) has supported the bill, highlighting the growing numbers of grooming and child abuse image crimes recorded in the UK. For every day the bill is delayed, the NSPCC estimates that more than 100 grooming and other such crimes could have been recorded, the charity said.

Brian Higgins, security specialist at Comparitech, stressed that providers of encrypted messaging platforms "have long been hiding behind ‘user privacy’ to avoid any attempts to prevent the harms they cause to children".

"Unfortunately, cash comes before children for these companies and they appear to prefer threats over conversations. I’m not quite sure how enforceable the OSB restrictions would be if implemented in their current form, but surely there is a middle ground that lawmakers and operators can reach. The only victims will continue to be consumers if they don’t."

The open letter has been signed by the leaders of WhatsApp, Signal, Threema, Element, Wire, Session and Viber - all services that provide end-to-end encryption technology to their users.

"There cannot be a ‘British internet,’ or a version of end-to-end encryption that is specific to the UK,” the letter concludes. "The UK government must urgently rethink the Bill, revising it to encourage companies to offer more privacy and security to its residents, not less.

"Weakening encryption, undermining privacy and introducing the mass surveillance of people’s private communications is not the way forward."

Sign up to the E&T News e-mail to get great stories like this delivered to your inbox every day.

Recent articles