WhatsApp, Signal, and other encrypted messaging services are voicing their concern about a UK bill that “could break end-to-end encryption.”
End-to-end encryption (E2EE) is a fundamental feature of many communication platforms, ensuring that only the intended participants can read and access a conversation. The UK government has expressed its support for strong encryption, but its Online Safety Bill stands at odds with that position, threatening to eliminate E2EE.
In response, the leading names in online messaging have penned an open letter objecting to the bill:
To anyone who cares about safety and privacy on the internet.
As end-to-end-encrypted communication services, we urge the UK Government to address the risks that the Online Safety Bill poses to everyone’s privacy and safety. It is not too late to ensure that the Bill aligns with the Government’s stated intention to protect end-to-end encryption and respect the human right to privacy.
The companies then go on to highlight the stakes, as well as the threat the current bill poses:
Around the world, businesses, individuals and governments face persistent threats from online fraud, scams and data theft. Malicious actors and hostile states routinely challenge the security of our critical infrastructure. End-to-end encryption is one of the strongest possible defenses against these threats, and as vital institutions become ever more dependent on internet technologies to conduct core operations, the stakes have never been higher.
As currently drafted, the Bill could break end-to-end encryption, opening the door to routine, general and indiscriminate surveillance of personal messages of friends, family members, employees, executives, journalists, human rights activists and even politicians themselves, which would fundamentally undermine everyone’s ability to communicate securely.
The Bill provides no explicit protection for encryption, and if implemented as written, could empower OFCOM to try to force the proactive scanning of private messages on end-to-end encrypted communication services – nullifying the purpose of end-to-end encryption as a result and compromising the privacy of all users.
In short, the Bill poses an unprecedented threat to the privacy, safety and security of every UK citizen and the people with whom they communicate around the world, while emboldening hostile governments who may seek to draft copy-cat laws.
The letter then tackles the claims that strong encryption can co-exist with surveillance, pointing to third-party criticism of the UK bill:
Proponents say that they appreciate the importance of encryption and privacy while also claiming that it’s possible to surveil everyone’s messages without undermining end-to-end encryption. The truth is that this is not possible.
We aren’t the only ones who share concerns about the UK Bill. The United Nations has warned that the UK Government’s efforts to impose backdoor requirements constitute “a paradigm shift that raises a host of serious problems with potentially dire consequences”
Even the UK Government itself has acknowledged the privacy risks that the text of the Bill poses, but has said its “intention” isn’t for the Bill to be interpreted this way.
The UK’s Online Safety Bill is simply the latest attempt by lawmakers and regulators to have the best of both worlds, which, unfortunately, is not mathematically possible. As the letter states, it is simply a mathematical impossibility for encryption to simultaneously be strong and allow surveillance…regardless of how admirable the reasons for that surveillance may be.
Ultimately, weakening encryption for any reason weakens it for all and will have profound repercussions for online security.