Encrypted messaging services are uniting over the government’s planned Online Safety Bill, claiming that the new legislation opens the door to try and force technology companies to break end-to-end- encryption on private messaging services. WhatsApp, Signal, and others argue that the Bill will reduce privacy and safety on the Internet in the UK, an argument that is supported by privacy campaigners.
The government, for its part, argues that the Online Safety Bill will make the UK the ‘safest place to be online’, particularly for children that are being groomed or exploited by adults online. End-to-end encryption allows two or more users to communicate without anyone else seeing the content of those messages, even the messaging service provider (such as WhatsApp).
And whilst everyone can agree that protecting children online is critically important, the UK government’s current proposed legislation could lead to a back-door whereby they have the ability to scan and read everyone’s messages, which undermines broader privacy principles. The technology companies, and many others, argue that any government having the power to do that could lead to extremely negative - and highly predictable - outcomes.
In fact, WhatsApp feels so strongly about the proposed legislation that last month the company’s chief, Will Cathcart, said that the app would be willing to pull out of the UK entirely rather than give in to a requirement to weaken encryption.
At the start of the year, diginomica also highlighted how the Online Safety Bill arguably places too much power with Ministers to influence the communication regulator Ofcom’s independence and could lead to ‘deals being done in corridors’.
The encrypted messaging services are specifically concerned with Clause 110 of the bill, which empowers Ofcom to issue notices to providers such as WhatsApp or Signal. These notes could require them to develop and deploy software that will scan someone’s phone for illicit material.
A united front
Companies including WhatsApp, Signal, Viber, Element, Wire, Session, and Threema have written and open letter to the government this week about what it describes as a “troubling development in the United Kingdom that everyone needs to know about”. The letter states:
The UK government is currently considering new legislation that opens the door to trying to force technology companies to break end-to-end encryption on private messaging services. The law could give an unelected official the power to weaken the privacy of billions of people around the world.
We don’t think any company, government or person should have the power to read your personal messages and we’ll continue to defend encryption technology. We’re proud to stand with other technology companies in our industry pushing back against the misguided parts of this law that would make people in the UK and around the world less safe.
As end-to-end-encrypted communication services, we urge the UK Government to address the risks that the Online Safety Bill poses to everyone's privacy and safety. It is not too late to ensure that the Bill aligns with the Government's stated intention to protect end-to-end encryption and respect the human right to privacy.
The letter goes on to argue that end-to-end encryption is one of the strongest possible defenses against a range of harms online, including fraud, scam and data thefts. It adds:
As currently drafted, the Bill could break end-to-end encryption,opening the door to routine, general and indiscriminate surveillance of personal messages of friends, family members, employees, executives, journalists, human rights activists and even politicians themselves, which would fundamentally undermine everyone’s ability to communicate securely.
The companies also highlight that the United Nations has warned the UK about its efforts to impose back door requirements, stating that they constitute a “paradigm shift that raises a host of serious problems with potentially dire consequences”. And in its final blow, the letter concludes:
Global providers of end-to-end encrypted products and services cannot weaken the security of their products and services to suit individual governments. There cannot be a “British internet,” or a version of end-to-end encryption that is specific to the UK.
The UK Government must urgently rethink the Bill, revising it to encourage companies to offer more privacy and security to its residents, not less. Weakening encryption, undermining privacy, and introducing the mass surveillance of people’s private communications is not the way forward.
Signed by those who care about keeping our conversations secure.
Even if this government’s intentions are entirely noble, the reality is that you have to protect privacy for everyone under a range of unpredictable circumstances in the future. Today it’s about protecting children online (as we should our best to), but under different hands with different ideas at some indeterminate point in the future - who knows what the objective and political spin will be? As the privacy campaigners the Open Rights Group say (who are regularly spot on, on these issues):
If the securocrats get their way, they will turn your phone into a spy in your pocket. They will scan your private messages for illicit content without judicial oversight.
There is a scary parallel here with the surveillance society created in places like China. If we accept the principle of mass surveillance of our private messages, it opens the door to creeping authoritarianism.
Protecting privacy is a principle that should not be undermined.