It is not uncommon for companies to resist government efforts to compromise the security of their products, particularly when it comes to encryption. The latest example of this comes from WhatsApp and their pushback of the UK’s Online Safety Bill that is currently making its way through parliament. This bill will have wide ramifications for online communications in the UK, so let’s take a closer look.
What is the UK Online Safety Bill?
The Online Safety Bill is a proposed piece of legislation in the UK that aims to increase online safety and protect children from harmful content and behaviour online. As part of this effort, the government has called for social media companies to take greater responsibility for moderating content and removing harmful material. A list on the Gov.UK website states that the Online Safety Bill will force social media platforms to:
- Remove illegal content quickly or prevent it from appearing in the first place. This includes removing content promoting self-harm
- Prevent children from accessing harmful and age-inappropriate content
- Enforce age limits and age-checking measures
- Ensure the risks and dangers posed to children on the largest social media platforms are more transparent, including by publishing risk assessments
- Provide parents and children with clear and accessible ways to report problems online when they do arise
Adults also will allegedly gain protection from the Online Safety Bill. This is thanks to the “Triple Shield” that will require social media platforms to:
- Remove all illegal content
- Remove content that is banned by their own terms and conditions.
- Empower adult internet users with tools so that they can tailor the type of content they see and can avoid potentially harmful content if they do not want to see it on their feeds. Children will be automatically prevented from seeing this content without having to change any settings.
What is end to end encryption?
End-to-end encryption (E2EE) is a way of protecting the privacy and security of communication between two parties. It ensures that only the people who are communicating can read the messages. And no one else, including the service provider or any third party, can access or understand the content of the messages.
E2EE is used in a variety of applications, including messaging apps, email, and online communication tools. It is an important security feature for protecting sensitive information and ensuring the privacy of communication.
Online Safety Bill and encryption backdoors
However, one aspect of the Online Safety Bill has drawn significant criticism from privacy advocates and companies like WhatsApp: a proposed requirement for companies to provide “backdoor” access to encrypted communications.
During the summer of 2022, the UK government added a clause to the Online Safety Bill that would require tech companies to scan end-to-end encrypted communications for things like child sex abuse material (CSAM). This can only be done by scanning messages before they are encrypted for illegal content. Rendering E2EE essentially useless.
The cybersecurity community speaks out
The cybersecurity community has spoken out about the Online Safety Bill, in particular the clauses relating to E2EE. Over 70 organisations, cybersecurity experts, and elected officials signed an open letter to UK Prime Minister Rishi Sunak detailing their concerns over the bill.
“As noted in a recent letter by leading UK digital rights organisations, the Bill poses serious threats to privacy and security in the UK “by creating a new power to compel online intermediaries to use ‘accredited technologies’ to conduct mass scanning and surveillance of all citizens on private messaging channels.” Leading cybersecurity experts have made clear that even message scanning, mistakenly cited as safe and effective by its proponents, actually “creates serious security and privacy risks for all society while the assistance it can provide for law enforcement is at best problematic.”
The open letter makes it clear that whilst more options and control for both children and adults over what they see online is always good. This cannot be done at the expense of privacy. And it doesn’t have to be. This late addition to the bill is superfluous and does nothing but destroy the integrity of E2EE communications nationally.
The open letter is worth reading in its entirety to get a good mix of perspectives when it comes to how this new bill is a disaster.
The Electronic Frontier Foundation (EFF) also weighed in stating:
“If the Online Safety Bill passes, the UK government will be able to directly silence user speech, and even imprison those who publish messages that it doesn’t like. The bill empowers the UK’s Office of Communications (OFCOM) to levy heavy fines or even block access to sites that offend people. We said last year that those powers raise serious concerns about freedom of expression. Since then, the bill has been amended, and it’s gotten worse.”
This all sounds ripe for abuse, doesn’t it?
Is Whatsapp down in the UK?
Will Cathcart, head of WhatsApp, spoke with the Telegraph regarding how the Online Safety Bill would impact the messaging platform.
Cathcart said that he would sooner see WhatsApp blocked within the UK than weaken the security of the messenger. “The hard reality is we offer a global product. It would be a very hard decision for us to make a change where 100pc of our users lower their security.”
This is a big claim, and if push comes to shove, WhatsApp could back down. It’s hard to say whether Zuckerberg would allow such a large market to be unserved. But it sends a message that it is a decision that is certainly on the table. And, should WhatsApp leave the UK it would become the fourth country to not have access to WhatsApp. Joining the likes of China, Qatar, and Syria.
Whilst WhatsApp may be the most popular messenger in the UK (40 million users). It’s hardly worth the hassle when WhatsApp is busy being the most popular messenger in the world. With a total of 2 billion users. The UK is a tiny market in comparison and doesn’t have the sway it thinks it does.
So, whilst WhatsApp may not be down right now, it very well could be in the future.
The potential consequences of weakening WhatsAp encryption
On the surface, the Online Safety Bill seems like a fair bit of legislation. But it opens up a can of worms regarding security and privacy for not just individuals but companies too. E2EE messengers are not just something used by people to chat with friends and family. They are big business. Just take a look at work staples such as Slack. These services exist to offer encrypted communications for corporations where security is paramount. This new bill puts that in jeopardy.
In fact, not just businesses, but governmental agencies as well, that not only use Slack but other encrypted communication platforms… such as WhatsApp. The UK government is known to use WhatsApp for internal communications. The same platform they would then require to install a backdoor into encryption.
It doesn’t take an expert to see the possible issues that could arise from this. As Will Cathcart said, it’s easier to drop the UK overall than weaken their entire network for poorly thought-out legislation. Though, I doubt the UK government has thought that far ahead regarding this late addition to the bill. Naturally, though, I am sure government officials will be exempt from this should the bill be passed.
The government gets to decide what is problematic
Another issue that arises from this is that the government itself gets to decide what is problematic when it comes to the nebulous concept of “national security”.
Should a scanning system be put in place, then the messaging platform is at the whim of the UK government to say what is or isn’t relevant for scanning. Or, because there is a back door, they can just demand access to the unencrypted logs of chats for any individual.
Ultimately, what the UK government wants they will get because they make the rules. Lest we forget this is the same country that grossly intruded on people’s private communications. The masterminds behind ‘Optic Nerve’, with help from the United States, spied on almost 2 million users of the Yahoo! Webcam application. And in that case, it wasn’t even limited to just users under their jurisdiction, but anyone they could get their grubby eyes on.
You only have to look at the past to see what governments will take advantage of when given the chance. The trick is to not give them that opportunity.
A culmination of lobbying
Around the world, countries will often use CSAM as a basis for introducing draconian legislation.
In the UK, this has been in the works since at least September 2021. When a campaign dubbed “No Place To Hide” was launched. No Place To Hide employed the help of several child-focused non-profits to instigate a smear campaign on E2EE. Particularly in messaging apps. At the time, they put Facebook Messenger on blast as current news said that there were plans to make E2EE enabled by default. Read this blog to learn more about what happened to Facebook.
This shows a clear throughline of the UK Conservative Party’s goal to damage the image of E2EE in the country.
Won’t somebody think of the children!
Children must be protected when they are online. This goes without saying. But this is a classic case of using something everyone agrees with, to help push an agenda. In this case, using children as a shield to push through legislation that will hurt more than it could ever help. We saw it with the “Porn Pass” in the UK. A monumental waste of money that has been shelved indefinitely. Though, you could argue, that this is a stealth version of that.
With these added regulations regarding children and services, some platforms may have to start requiring users to prove their identity. The knock-on effects of the Online Safety Bill are profound.
All of this money and effort could be better spent on actual education, for both parents and children. Without infringing on basic online security and privacy. Educating will go further than any sweeping unfocussed legislation ever could. The ramifications of which are not fully understood yet, especially as the UK government isn’t even aware of the contradictions that exist within its own bill.
A dire outlook for the online future of the UK
More than any of the other false dawn legislation does the Online Safety Bill look as terrifying and likely to succeed.
This bill will fundamentally change how internet security and privacy exists within the UK, no doubt forcing many platforms to simply not service UK users. The legal burden simply being too large to be worth it. This also leads to a stifling of competition, as smaller platforms simply don’t have the resources to keep up with such wide requirements.
Any positive that could be taken regarding more control over the content seen online is more than completely diminished by the fact that any word you speak online is no longer protected from the UK government. At a whim, they can demand this information. Or, better yet, have your entire chat logs leaked online when the eventual major breach takes place.
WhatsApp is right to pull out of the UK and not kowtow. It has no reason to. The UK is a minor player in the worldwide market, and this bill will see the country fade into obscurity (more than it already has) on the international stage.
Here at hide.me we are all about internet freedom, and we are happy to be in a position to bring that to everyone. That is why we give you a 30-day money-back guarantee on our Premium plan. No questions asked and no logs recorded.”
Get hide.me vpn!
If you have any questions, please feel free to contact our 24/7 support team either at email@example.com or via live chat.