A number of encrypted messaging services have signed an open letter calling on the UK Government to reconsider various aspects of the Online Safety Bill (OSB) pending its final reading in the House of Lords, over concerns that the bill could threaten end-to-end encryption.
End-to-end encryption currently delivers a strong level of security for electronic messages, meaning that messages can only be read on the apps of the sender and intended recipient.
The OSB is intended to enable Ofcom, the communications regulator in the UK, to request platforms to monitor users by adopting certain technology to facilitate the detection of images and materials connected with child sexual exploitation. This would likely involve “client-side scanning”, which involves the reviewing of messages by software on electronic devices prior to encryption.
While the UK Government maintains that such measures can be put in place without eroding the security of the relevant messaging services, certain service providers disagree and object strongly to the proposed measures, with a number of them suggesting that they will quit the UK market altogether should the relevant proposals be adopted as currently drafted.
The relevant service providers argue that mandating the use of technologies which allow the searching of messages for materials related to child abuse is open to exploitation by bad actors and has the potential to erode users’ privacy globally. The letter suggests that the OSB “poses an unprecedented threat to the privacy, safety and security of every UK citizen and the people with whom they communicate around the world, while emboldening hostile governments who may seek to draft copycat laws“.
Although email services are not covered by the OSB, certain providers of encrypted email services apparently are also concerned about its potential impact and have voiced their willingness to end their provision of such services in the UK if they are affected.
Ofcom has reportedly indicated that obliging organisations to monitor messages to uncover materials related to child sexual exploitation would only be required if there was an “urgent need” and “would need a high bar of evidence in order to be able to require that a technology went into an encrypted environment“. However, this does not seem to have reassured the providers of encrypted messaging services, with the open letter opining that “Weakening encryption, undermining privacy and introducing the mass surveillance of people’s private communications is not the way forward,“.
The situation must pose something of a dilemma for the UK Government which, while noting that it supports the concept of strong encryption, is attempting to find a way to balance the competing interests of child safety and privacy. It will be interesting to see whether amendments to the OSB are forthcoming to allay the fears of the messaging services that the OSB “opens the door to routine, general and indiscriminate surveillance of personal messages,“.