technology

Messaging companies including WhatsApp brand Online Safety Bill an ‘unprecedented threat to the privacy’


Tech leaders are calling on the government to amend the Online Safety Bill, which they warn could break end-to-end encryption (Picture: Getty)

Messaging services including WhatsApp and Signal have issued a warning that the Government’s Online Safety Bill could open the door to ‘indiscriminate surveillance’ of personal communications.

Bosses from firms Signal and Element were also signatories to the open letter calling on ministers to ‘urgently rethink’ the Bill.

The Home Office argued that tech firms had a ‘moral duty’ to ensure law enforcement agencies were not kept in the dark about ‘unprecedented levels of child sexual abuse on their platforms’.

The House of Lords will begin line-by-line scrutiny of the legislation in its committee stage on Wednesday.

However, firms warned the legislation would give regulator Ofcom the power to try to force the release of private messages on end-to-end encrypted communication services.

The Government has argued that Ofcom will only be able to make companies use technology to identify child sexual abuse material in ‘appropriate and limited circumstances’.

But the tech bosses said: ‘As currently drafted, the Bill could break end-to-end encryption, opening the door to routine, general and indiscriminate surveillance of personal messages of friends, family members, employees, executives, journalists, human rights activists and even politicians themselves, which would fundamentally undermine everyone’s ability to communicate securely.’

WhatsApp boss Will Cathcart said: ‘Private messages are private.

‘We oppose proposals to scan people’s private messages, and we’re proud to stand with other apps to defend encryption and your right to privacy.’

UK-based Element has warned that it could be forced to move overseas if the ‘outright dangerous’ legislation is passed in its current form. Its chief executive, Matthew Hodgson, warned that rogue states would seek to exploit any access into encrypted systems introduced by the legislation.

Readers Also Like:  The firms hoping to take psychedelic drugs mainstream
Signal president Meredith Whittaker was among those who signed the open letter, which called the Bill an ‘unprecedented threat to the privacy’ (Picture: Getty)

‘The UK wants its own special access into end-to-end encrypted systems,’ he said. ‘Bad actors don’t play by the rules. Rogue nation states, terrorists, and criminals will target that access with every resource they have.

‘The Online Safety Bill is outright dangerous. It’s the cyber equivalent of Britain decommissioning its nuclear deterrent.’

A Home Office spokesman said: ‘We support strong encryption, but this cannot come at the cost of public safety.

‘Tech companies have a moral duty to ensure they are not blinding themselves and law enforcement to the unprecedented levels of child sexual abuse on their platforms.

‘The Online Safety Bill in no way represents a ban on end-to-end encryption, nor will it require services to weaken encryption.

‘Where it is the only effective, proportionate and necessary action available, Ofcom will be able to direct platforms to use accredited technology, or make best endeavours to develop new technology, to accurately identify child sexual abuse content, so it can be taken down and the despicable predators brought to justice.’

Downing Street defended the plan, with the prime minister’s official spokesperson insisting ‘it will not introduce routine scanning of private communication’.

‘It is being developed to ensure it has the requisite safeguards so it doesn’t weaken, by default, end-to-end encryption, it is a targeted power to be used only when necessary and when other measures cannot be used,’ the spokesperson said.



The open letter in full

To anyone who cares about safety and privacy on the internet.

As end-to-end-encrypted communication services, we urge the UK Government to address the risks that the Online Safety Bill poses to everyone’s privacy and safety. It is not too late to ensure that the Bill aligns with the Government’s stated intention to protect end-to-end encryption and respect the human right to privacy.

Readers Also Like:  Infosys refutes charges of having been awarded “tainted govt contracts” in Australian parliamentary hearing

Around the world, businesses, individuals and governments face persistent threats from online fraud, scams and data theft. Malicious actors and hostile states routinely challenge the security of our critical infrastructure. End-to-end encryption is one of the strongest possible defenses against these threats, and as vital institutions become ever more dependent on internet technologies to conduct core operations, the stakes have never been higher.

As currently drafted, the Bill could break end-to-end encryption, opening the door to routine, general and indiscriminate surveillance of personal messages of friends, family members, employees, executives, journalists, human rights activists and even politicians themselves, which would fundamentally undermine everyone’s ability to communicate securely.

The Bill provides no explicit protection for encryption, and if implemented as written, could empower OFCOM to try to force the proactive scanning of private messages on end-to-end encrypted communication services – nullifying the purpose of end-to-end encryption as a result and compromising the privacy of all users.

In short, the Bill poses an unprecedented threat to the privacy, safety and security of every UK citizen and the people with whom they communicate around the world, while emboldening hostile governments who may seek to draft copy-cat laws.

Proponents say that they appreciate the importance of encryption and privacy while also claiming that it’s possible to surveil everyone’s messages without undermining end-to-end encryption. The truth is that this is not possible.

We aren’t the only ones who share concerns about the UK Bill. The United Nations has warned that the UK Government’s efforts to impose backdoor requirements constitute “a paradigm shift that raises a host of serious problems with potentially dire consequences”.

Readers Also Like:  A Russian hacking group may be behind the Royal Mail cyber attack

Even the UK Government itself has acknowledged the privacy risks that the text of the Bill poses, but has said its “intention” isn’t for the Bill to be interpreted this way.

Global providers of end-to-end encrypted products and services cannot weaken the security of their products and services to suit individual governments. There cannot be a “British internet,” or a version of end-to-end encryption that is specific to the UK.

The UK Government must urgently rethink the Bill, revising it to encourage companies to offer more privacy and security to its residents, not less. Weakening encryption, undermining privacy, and introducing the mass surveillance of people’s private communications is not the way forward.

Signed by those who care about keeping our conversations secure:

Matthew Hodgson, CEO, Element
Alex Linton, director, OPTF/Session
Meredith Whittaker, president, Signal
Martin Blatter, CEO, Threema
Ofir Eyal, CEO, Viber
Will Cathcart, Head of WhatsApp at Meta
Alan Duric, co-founder and CTO, Wire


MORE : Online Safety Bill ‘on verge of being unworkable’, say campaigners


MORE : Tough new internet law ‘doesn’t do enough’ to protect press freedom, says Dorries





READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.