The online safety bill’s intentional vagueness concerning end-to-end encryption may result in the removal of messaging apps
Ministers have been cautioned that the UK government risks an unfriendly encounter with WhatsApp, potentially leading to the messaging app’s exit from Britain, with dwindling options for a peaceful settlement. The online safety bill, a comprehensive piece of legislation, is the subject of the disagreement, and it will impact nearly all aspects of digital life in the UK. After over four years of preparation, with multiple secretaries of state and prime ministers contributing to its drafting, the bill, which is over 250 pages in length, is progressing through the House of Lords. The table of contents alone spans ten pages.
Under the online safety bill, Ofcom has the authority to mandate that social networks use technology to combat terrorist or child sexual abuse content, and companies that don’t comply may face penalties of up to 10% of their global revenue. These firms are obligated to make “best endeavours” to create or procure technology to follow the directive.
Last month, a group of providers, including WhatsApp and Signal, warned that the bill doesn’t offer explicit protection for encryption and could potentially enable Ofcom to compel proactive scanning of private messages on end-to-end encrypted services, effectively rendering the encryption meaningless and endangering the privacy of all users.
WhatsApp’s chief, Will Cathcart, stated in March that if they had to choose, they would prioritize protecting the security of their non-UK users, as 98% of their users are outside the UK. Legislators have urged the government to take these concerns seriously, as they believe that platforms like WhatsApp could potentially leave the UK if the government pressures them to scan communications, which goes against their global nature. Claire Fox emphasized this point in her address to the House of Lords last week.
According to a Home Office spokesperson, they believe in the importance of strong encryption, but not at the expense of public safety. They also mentioned that tech companies have a responsibility to ensure they are not ignoring or hindering law enforcement from addressing child sexual abuse on their platforms. The spokesperson clarified that the online safety bill does not ban end-to-end encryption, nor does it require companies to weaken encryption. Ofcom can direct platforms to use accredited technology or make efforts to create new technology to accurately identify child sexual abuse content and remove it. The goal is to bring the offenders to justice.
Allan suggested another possibility where the government could openly state its intention to restrict end-to-end encryption, providing an opportunity for an organized transition for services that opt to pull out of the UK market instead of operating under those conditions. It is possible that no significant withdrawals will occur, allowing the UK government to claim success, but Allan doubts this will be the outcome.
According to Collins, the bill does not target encryption since it only mandates messaging companies to share the information they have access to, which excludes message content. Nevertheless, he argued that authorities should have access to users’ background data, such as app usage, contacts, location, and names of user groups. In cases where users access WhatsApp through a web browser, Collins noted that the service could gather data on the websites visited before and after sending messages.
Politico reported this week that the Department for Science, Innovation and Technology is in talks with anyone interested in resolving the issue. In 2019, Digital Content Next’s CEO, Jason Kint, raised a US antitrust complaint in which communications between Mark Zuckerberg and his policy chief, Nick Clegg, suggested that privacy and end-to-end encryption were a “smokescreen” in any discussions around Meta’s app back-end integration.
Clegg asked whether they should prioritize end-to-end encryption over interoperability and acknowledged that the latter is easier to hinder. He stated that it is easy to explain to users why end-to-end encryption is beneficial, while interoperability may seem like a move to benefit the company rather than users. This was revealed in a US antitrust complaint containing 2019 communications between Mark Zuckerberg and Nick Clegg.
