Security vs. safety: The Online Safety Bill and threats to end-to-end encryption
Alice Gregory – 24 April 2023
The controversial Online Safety Bill has passed through the House of Commons and is now entering the committee stage in the House of Lords. From the off, there have been concerns about what this will mean for online privacy and data protection, particularly regarding end-to-end encryption. So much so, that executives at the encrypted chat apps Element, OPTF, Session, Signal, Threema, Viber, Whatsapp and Wire have come together to sign an open letter in opposition to the bill.
So, what is end-to-end encryption? Data encryption uses an algorithm to make text unreadable to unauthorised users. End-to-end encryption, or E2EE, further secures communications from one endpoint to another. WhatsApp messages, for example, are end-to-end encrypted, meaning any private communications can only be accessed by you and the recipient. E2EE helps protect against cyber-attacks, but cybercriminals (also known as ‘bad actors’) can sometimes access this data through a built-in method of bypassing the security of encryption. Hackers can also install malicious backdoors on a system using malware programs.
The proposed online safety bill includes clauses which would allow UK communications regulator Ofcom to monitor encrypted messages through a backdoor. Critics have labelled this a ‘magical’ backdoor as the government has optimistically – and, according to the aforementioned chat apps, falsely – claimed that it is possible to monitor private messages without undermining E2EE. The NSPCC, meanwhile, has argued that the monitoring of private messages is essential to upholding online child safety, as abusers can too easily send private, harmful messages to kids. Ministers want tech companies to agree to identify and remove child abuse and other illegal content on their platforms, and those who refuse could be faced with hefty fines.
WhatsApp and co.’s open letter speaks out against the UK government’s decision, warning that other governments may be tempted to create similar laws undermining online security. Although the government claims it would only be used when necessary, the letter states that Ofcom could enforce regular, invasive monitoring of encrypted messages. They also highlight the difficulty of making such changes on a national scale as any privacy changes would affect users all over the world. WhatsApp’s chief said the app would leave the UK before ever agreeing to weaken its encryption and lower security. The open letter also states that no global provider should have to make such changes to comply with individual governments.
Cybersecurity and data protection forms an increasingly significant part of the practice of technology lawyers in the UK, as corporate and financial clients seeks to better protect their databases and platforms. For more information, you can read more about life in technology law here.