The deliberate ambiguity surrounding end-to-end encryption in the online safety bill may lead to the removal of messaging apps
Ministers have been warned that the UK government faces a potential confrontation with WhatsApp, risking the messaging app’s departure from Britain without a peaceful resolution in sight. The focal point of the disagreement is the online safety bill, an extensive piece of legislation set to impact various facets of digital life in the UK. After more than four years of preparation involving multiple secretaries of state and prime ministers, the bill, exceeding 250 pages, is advancing through the House of Lords, with a table of contents spanning ten pages alone.
The online safety bill grants Ofcom the power to require social networks to employ technology to combat content related to terrorism or child sexual abuse. Companies failing to comply may be subject to penalties of up to 10% of their global revenue. These entities are required to use their “best endeavours” to develop or acquire technology to adhere to the directive.
In the previous month, a coalition of services, including WhatsApp and Signal, raised concerns that the bill lacks explicit safeguards for encryption. They cautioned that Ofcom could potentially require the proactive scanning of private messages on end-to-end encrypted platforms, essentially undermining the purpose of encryption and posing a threat to the privacy of all users.
In March, WhatsApp’s leader, Will Cathcart, conveyed that if a choice had to be made, they would prioritize safeguarding the security of their users outside the UK, given that 98% of their user base resides internationally. Lawmakers have stressed the importance of the government addressing these apprehensions seriously. They assert that platforms like WhatsApp might consider leaving the UK if compelled to scrutinize communications, a move conflicting with their global character. Claire Fox reiterated this concern in her recent presentation to the House of Lords.
A spokesperson from the Home Office emphasized their commitment to robust encryption but not at the cost of public safety. They highlighted the responsibility of tech companies to cooperate with law enforcement in tackling child sexual abuse on their platforms. The spokesperson clarified that the online safety bill doesn’t prohibit end-to-end encryption, nor does it mandate companies to compromise encryption. Ofcom has the authority to instruct platforms to utilize accredited technology or develop new solutions to effectively detect and eliminate child sexual abuse content, ultimately aiming to hold perpetrators accountable.
Allan proposed an alternative scenario where the government could openly declare its intention to limit end-to-end encryption, providing an organized transition for services choosing to exit the UK market rather than operate under such conditions. While there’s a possibility that no major withdrawals will occur, allowing the UK government to claim success, Allan remains skeptical about this outcome.
According to Collins, the bill doesn’t specifically target encryption, as it only requires messaging companies to share accessible information, excluding message content. However, he argued that authorities should have access to users’ background data, such as app usage, contacts, location, and names of user groups. Collins also noted that, in instances where users access WhatsApp through a web browser, the service could collect data on visited websites before and after sending messages.
According to a recent report by Politico, the Department for Science, Innovation, and Technology is engaging in discussions with interested parties to address the issue. In 2019, the CEO of Digital Content Next, Jason Kint, filed a US antitrust complaint, revealing communications between Mark Zuckerberg and his policy chief, Nick Clegg. These communications suggested that discussions about Meta’s app back-end integration involved the use of privacy and end-to-end encryption as a “smokescreen.”
Clegg questioned whether prioritizing end-to-end encryption over interoperability was the right approach, acknowledging that the latter is more susceptible to interference. He expressed that it’s easier to explain to users the benefits of end-to-end encryption, whereas interoperability might be perceived as a move benefiting the company rather than users. This information was disclosed in a US antitrust complaint containing 2019 communications between Mark Zuckerberg and Nick Clegg.