Encrypted messaging services have collectively requested that sections of the UK Online Safety Bill (OSB) be amended.
WhatsApp, Session, Signal, Element, Threema, Viber, and Wire have all signed a letter requesting that the government “urgently rethink” the proposed law.
Critics assert that the bill could undermine end-to-end encryption, the privacy technology offered by these companies.
Ministers want the regulator to be able to request that platforms monitor their users for images of child abuse.
However, the government asserts that privacy and infant safety can coexist.
“We support strong encryption,” a government official said, “but not at the expense of public safety.”
“Tech firms have a moral obligation to ensure that they are not blinding themselves and law enforcement to the unprecedented levels of child sexual abuse on their platforms.”
“The Online Safety Bill in no way represents an outright ban on end-to-end encryption, nor will it require services to weaken encryption.”
‘Mass surveillance’
End-to-end encryption (E2EE) provides the highest level of security because no one besides the sender and the intended recipient can read the message content.
Even the app’s administrator is unable to decrypt messages as they traverse systems; only the conversation participants can do so.
“Weakening encryption, undermining privacy, and introducing mass surveillance of people’s private communications is not the way forward,” a letter to the public states.
It is authorised by:
Element senior executive Michael Hodgson
Alex Linton, director of the Oxen Privacy Tech Foundation and Session, and Meredith Whittaker, president of the Signal, are the respective leaders of the Oxen Privacy Tech Foundation and Signal
Threema executive officer Michael Blatter
Will Cathcart Wire’s chief technical officer is Ofir Eyal, manager of WhatsApp at Meta and chief executive officer of Viber. Alan Duric
The letter asserts that in its current guise, the OSB “opens the door to routine, general, and indiscriminate surveillance of personal messages.”
And the bill “poses an unprecedented threat to the privacy, safety, and security of every British citizen and the people with whom they communicate around the world, while emboldening hostile governments that may seek to draught copycat legislation.”
“Proponents assert that they recognise the significance of encryption and privacy, but that it is possible to monitor everyone’s communications without undermining end-to-end encryption. “In reality, this is impossible,” the letter states.
“Low exertion”
Mr. Hodgson of the British company Element referred to the proposals as a “spectacular invasion of privacy… equivalent to installing a CCTV camera in every bedroom.”
Mr. Cathcart told BBC News that blocking WhatsApp in the United Kingdom would be preferable to weakening the privacy of encrypted messaging.
Ms. Whittaker has stated that Signal “would absolutely, 100 percent walk” if encryption were compromised.
And Threema, a Swiss app, told BBC News that compromising its security “in any way, shape, or form” is “absolutely impossible.”
“Even if we were to add surveillance mechanisms, which we will not,” spokeswoman Julia Weiss wrote, “users could detect and remove them with minimal effort because the Threema apps are open source.”
“Declining service”
Other businesses have also informed BBC News of their refusal to comply.
Email services are exempt, but Europe-based services are not. Proton, best known for its encrypted email service, is concerned that features in its Drive product may make it subject to the legislation.
Andy Yen, the company’s CEO, has suggested that the company may depart the United Kingdom if the law is not amended, as it would no longer be able to “operate a service that is predicated on protecting user privacy.”
This could involve “refusing service to users in the United Kingdom, shutting down our legal entity in the United Kingdom, and reevaluating future infrastructure investments,” according to Proton.
“high standard”
Lord Clement-Jones, a spokesman for the Liberal Democrats on digital economy who supports an amendment to the bill, stated, “The OSB as it currently stands could lead to a requirement to monitor every message that is sent.
“We need to know the government’s intentions regarding this.”
He told BBC News that the retention of correctly encrypted services was crucial, and he anticipated that Ofcom would issue a code of conduct for how it intended to implement the law.
The measure would allow Ofcom to require companies to scan text, images, videos, and files with “approved technology” to identify child sexual abuse material. However, the communications regulator told Politico that it would only do so if there was a “urgent need” and that it would require “extensive evidence” to mandate that a technology be implemented in an encrypted environment.
It is widely believed that this will result in messages being scanned by software on a phone or other device prior to encryption, a method known as client-side scanning.
However, many services claim this would necessitate reengineering their products specifically for the UK.
The “British internet”
The letter states that global providers of end-to-end encrypted products and services cannot compromise the security of their products and services to accommodate individual governments.
“There cannot be a ‘British internet’ or a version of end-to-end encryption that is specific to the UK.”
Children’s charities disagree with the assertions of the technology titans that safety and privacy can be addressed in other ways.
The National Society for the Prevention of Cruelty to Children (NSPCC) referred to instant messaging as “the front line” of child sexual exploitation.
