The rival chat apps WhatsApp and Signal have joined forces in a rare show of unity to protest against the online safety bill, which they say could undermine the UK’s privacy and safety.
In an open letter signed by the heads of both organisations as well as five other encrypted chat apps, the executives say the bill could be used to in effect outlaw end-to-end encryption, which prevents anyone but the intended recipient of a message from seeing its contents.
“The bill provides no explicit protection for encryption,” they say, “and if implemented as written, could empower Ofcom to try to force the proactive scanning of private messages on end-to-end encrypted communication services, nullifying the purpose of end-to-end encryption as a result and compromising the privacy of all users.
“In short, the bill poses an unprecedented threat to the privacy, safety and security of every UK citizen and the people with whom they communicate around the world, while emboldening hostile governments who may seek to draft copycat laws.”
Last month, WhatsApp’s chief, Will Cathcart, said the app would leave the UK rather than submit to a requirement to weaken encryption.
“Ninety-eight per cent of our users are outside the UK,” he told the Guardian. “They do not want us to lower the security of the product, and just as a straightforward matter, it would be an odd choice for us to choose to lower the security of the product in a way that would affect those 98% of users.”
At the core of the dispute are clauses that allow Ofcom to compel communications providers to take action to prevent harm to users. Those clauses, privacy campaigners say, do not allow for the possibility that an encrypted messaging provider may be unable to take such action without fundamentally undercutting their users’ security.
“Proponents say they appreciate the importance of encryption and privacy while also claiming that it’s possible to surveil everyone’s messages without undermining end-to-end encryption. The truth is that this is not possible,” the letter reads.
During previous clashes over encryption opponents called for such services to be banned, or for governments and law enforcement to be given “back doors” into encrypted communications.
Now, the focus is on a different set of technologies, called client side scanning, which proponents argue can be used to monitor encrypted communications without breaching security – but critics liken it to installing a robot spy on every phone in the world.
A No 10 spokesperson dismissed the criticism. “Tech companies we believe have a moral duty to ensure they are not blinding themselves and law enforcement to unprecedented levels of child sexual abuse. We support strong encryption. This cannot come at the cost of public safety,” they said.
“It does not represent a ban on end-to-end encryption, nor will it require services to weaken encryption. It will not introduce routine scanning of private communication. This is a targeted power to use only when necessary. And whether other measures cannot be used.”
Rich Collard, the associate head of child safety and online policy at the NSPCC, a British child protection charity, said: “The online safety bill continues to be scrutinised at length and will rightly make it a legal requirement for platforms to identify and disrupt child sexual abuse taking place on their sites and services.
“Experts have demonstrated that it is possible to tackle child abuse material and grooming in end-to-end encrypted environments. Regulation should incentivise tech companies to find a balanced settlement and distance themselves from tired false arguments that claim children’s fundamental right to safety online can only be achieved at the expense of adult privacy.”