WhatsApp, six other encrypted messaging firms call for ‘urgent rethink’ of Online Safety Bill that they say woud weaken user security
WhatsApp, owned by Facebook parent Meta, and six other providers of end-to-end encrypted messaging services have urged the UK government to “urgently rethink” the Online Safety Bill, saying it presents an “unprecedented threat to the privacy, safety and security” of UK citizens and those they communicate with around the world.
They added that “hostile governments” could be emboldened to draft similar laws.
The firms are concerned that the bill provides “no explicit protection for encryption” and as written, could lead Ofcom to force the proactive scanning of private messages.
Such an outcome would nullify the purpose of end-to-end encryption, the companies wrote in an open letter.
The firms cited a United Nations warning that the bill and its effective backdoor requirements constitute a “paradigm shift that raises a host of serious problems with potentially dire consequences”.
The bill is intended to enable Ofcom to ask platforms to monitor communications to ensure child abuse images are not being sent.
The government said child safety is not incompatible with security.
“We support strong encryption, but this cannot come at the cost of public safety,” a government official said.
Code of practice
“Tech companies have a moral duty to ensure they are not blinding themselves and law enforcement to the unprecedented levels of child sexual abuse on their platforms.
“The Online Safety Bill in no way represents a ban on end-to-end encryption, nor will it require services to weaken encryption.”
Liberal Democrat digital-economy spokesman Lord Clement-Jones, who is backing an amendment to the bill, echoed the firms’ comments to the BBC and added, “We need to know the government’s intentions on this,” for instance by issuing a code of practice.
The bill would enable Ofcom to force companies to scan messages using “approved technology” to identify child abuse images, although the regulator told Politico it would do so only if there was an “urgent need” and that it would “need a high bar of evidence” to install software in an “encrypted environment”.
The requirement could, for instance, force apps to scan messages at source before they are encrypted, something that they say would require re-engineering apps for the UK market.
“There cannot be a ‘British internet’ or a version of end-to-end encryption that is specific to the UK,” they wrote in the open letter.
The letter was signed by Element chief executive Matthew Hodgson, Oxen Privacy Tech Foundation and Session director Alex Linton, Signal president Meredith Whittaker, Threema chief executive Martin Blatter, Viber chief executive Ofir Eyal, head of WhatsApp at Meta Will Cathcart and Wire chief technical officer Alan Duric.