The U.K. Government Is Very Close to Eroding Encryption Worldwide
The companies that provide encrypted messaging—such as WhatsApp, Signal, and the UK-based Element—have also explained the bill’s danger. In an open letter published in April, they explained that OSB “could break end-to-end encryption, opening the door to routine, general and indiscriminate surveillance of personal messages of friends, family members, employees, executives, journalists, human rights activists and even politicians themselves.” Apple joined this group in June, stating publicly that the bill threatens encryption and “could put U.K. citizens at greater risk.”
U.K. Government Says: Nerd Harder
In response to this outpouring of resistance, the U.K. government’s response has been to wave its hands and deny reality. In a response letter to the House of Lords seen by EFF, the U.K.’s Minister for Culture, Media and Sport simply re-hashes an imaginary world in which messages can be scanned while user privacy is maintained. “We have seen companies develop such solutions for platforms with end-to-end encryption before,” the letter states, a reference to client-side scanning. “Ofcom should be able to require” the use of such technologies, and where “off-the-shelf solutions” are not available, “it is right that the Government has led the way in exploring these technologies.”
The letter refers to the Safety Tech Challenge Fund, a program in which the U.K. gave small grants to companies to develop software that would allegedly protect user privacy while scanning files. But of course, they couldn’t square the circle. The grant winners’ descriptions of their own prototypes clearly describe different forms of client-side scanning, in which user files are scoped out with AI before they’re allowed to be sent in an encrypted channel.
The Minister completes his response on encryption by writing:
We expect the industry to use its extensive expertise and resources to innovate and build robust solutions for individual platforms/services that ensure both privacy and child safety by preventing child abuse content from being freely shared on public and private channels.
This is just repeating a fallacy that we’ve heard for years: that if tech companies can’t create a backdoor that magically defends users, they must simply “nerd harder.”
British Lawmakers Still Can and Should Protect Our Privacy
U.K. lawmakers still have a chance to stop their nation from taking this shameful leap forward towards mass surveillance. End-to-end encryption was not fully considered and voted on during either committee or report stage in the House of Lords. The Lords can still add a simple amendment that would protect private messaging, and specify that end-to-end encryption won’t be weakened or removed.
Earlier this month, EFF joined U.K. civil society groups and sent a briefing explaining our position to the House of Lords. The briefing explains the encryption-related problems with the current bill, and proposes the adoption of an amendment that will protect end-to-end encryption. If such an amendment is not adopted, those who pay the price will be “human rights defenders and journalists who rely on private messaging to do their jobs in hostile environments; and … those who depend on privacy to be able to express themselves freely, like LGBTQ+ people.”
It’s a remarkable failure that the House of Lords has not even taken up a serious debate over protecting encryption and privacy, despite ample time to review every every section of the bill.
Finally, Parliament should reject this bill because universal scanning and surveillance is abhorrent to their own constituents. It is not what the British people want. A recent survey of U.K. citizens showed that 83% wanted the highest level of security and privacy available on messaging apps like Signal, WhatsApp, and Element.
Documents related to the U.K. Online Safety Bill:
· EFF info page on the U.K. Online Safety Bill
· EFF Deeplinks Blog: How the OSB attacks Free Speech and Encryption (August 2022)
· EFF Deeplinks Blog: UK’s Draft Online Safety Bill Raises Serious Concerns Around Freedom of Expression (July 2021)
· Civil society open letter on Online Safety Bill (November 2022)
· Open Letter from encrypted messaging providers about Online Safety Bill (April 2023)
· EFF and Allied NGOs Briefing to House of Lords (July 2023)
Joe Mullin is a policy analyst at EFF, where he works on patents, encryption, platform liability, and free expression online. This article is published courtesy of the Electronic Frontier Foundation (EFF).