em360tech image

Encrypted Messaging services including WhatsApp and Signal have urged the UK government to rethink the Online Safety Bill (OSB), citing that the bill could undermine encrypted messaging. 

In an open letter signed by the heads of the messaging platforms – as well as five other encrypted chat apps – executives warn the bill would essentially outlaw end-to-end encryption, which means that messages can only be read on the sender and recipient’s app and nowhere else. 

“The online safety bill provides no explicit protection for encryption,” the letter reads, “and if implemented as written, could empower Ofcom to try to force the proactive scanning of private messages on end-to-end encrypted communication services, nullifying the purpose of end-to-end encryption as a result and compromising the privacy of all users. 

“In short, the bill poses an unprecedented threat to the privacy, safety and security of every UK citizen and the people with whom they communicate around the world while emboldening hostile governments who may seek to draft copycat laws.”

The OSB, introduced by former UK Prime Minister Boris Johnson, would allow Ofcom to be able to ask the platforms to monitor users for law enforcement and to down on illegal content such as child abuse images and terrorism being shared on the messaging apps. 

However, critics including Meta have said scanning for such content would be incompatible with the end-to-end encryption that is common protection offered by messenger apps. 

"Global providers of end-to-end encrypted products and services cannot weaken the security of their products and services to suit individual governments. There cannot be a 'British internet' or a version of end-to-end encryption that is specific to the UK,” the letter states. 

Last month, WhatsApp CEO Will Cathcart threatened to leave the UK rather than submit to these requirements, stating that it would be forced to weaken encryption privacy protections. 

“Ninety-eight per cent of our users are outside the UK,” he revealed to the Guardian. “They do not want us to lower the security of the product, and just as a straightforward matter, it would be an odd choice for us to choose to lower the security of the product in a way that would affect that 98% of users.” 

"Outright Dangerous"

Mr Cathcart joined executives at Session, Signal, Element, Threema, Viber and Wire in signing the open letter calling for the government to government to "urgently rethink" the proposed law to end-to-end encryption on their platforms. 

“Proponents say that they appreciate the importance of encryption and privacy while also claiming that it's possible to surveil everyone's messages without undermining end-to-end encryption. The truth is that this is not possible," the open letter warns.

“Weakening encryption, undermining privacy and introducing the mass surveillance of people's private communications is not the way forward”

End-to-end encryption messaging provides the highest level of security because nobody other than the sender and the intended recipient can read the message information. 

While the Ministers have said that they support encrypted messaging, executives say any infringement on encryption will hinder their apps’ ability to serve their global customers. 

They claim that, in its current state, the OSB will force them to re-engineer their products just for the UK, despite their user base spreading across the globe. 

“The UK wants its own special access to end-to-end encryption systems,” said Matt Hodgson, co-founder and chief executive of Element. 

“Bad actors don’t play by the rules. Rogue nation states, terrorists, and criminals will target that access with every resource they have, Mr Hodgson said. 

“The Online Safety Bill fails to be aware of decentralised communication (both Element and Matrix are decentralised), so there’s no legislation around ‘self-hosted’ deployments.“ 

“It is outright dangerous. It’s the cyber equivalent of Britain decommissioning its nuclear deterrent. It also fails to consider server-free (peer-2-peer) architecture and non-internet based (mesh, Bluetooth etc) connectivity,” Mr Hodson added.

Encrypted Messaging: "the front line" for abusive content 

The OSB will give the regulators the right to force platforms to identify and remove child abuse content and remove illegal content. Any companies refusing to comply risk facing hefty fines and punitive action. 

The government says that the measures will maintain users’ privacy while tackling abuse in messaging platforms. 

"We support strong encryption," a government official said, "but this cannot come at the cost of public safety."

"Tech companies have a moral duty to ensure they are not blinding themselves and law enforcement to the unprecedented levels of child abuse on their platforms.

"The online safety bill in no way represents a ban on end-to-end encryption, nor will it require services to weaken encryption."

To read more about government regulation, visit our Business Continuity Page. 

The National Society for the Prevention of Cruelty to Children (NSPCC) called direct messaging "the front line" of abusive content and has called for increased regulation of encrypted messaging platforms.

“The Online Safety Bill continues to be scrutinised at length and will rightly make it a legal requirement for platforms to identify and disrupt child abuse taking place on their sites and services,” said Rich Collard, the associate head of child safety and online policy at the NSPCC. 

“Experts have demonstrated that it is possible to tackle child abuse material and grooming in end-to-end encrypted environments. 

“Regulation should incentivise tech companies to find a balanced settlement and distance themselves from tired false arguments that claim children’s fundamental right to safety online can only be achieved at the expense of adult privacy.”