Online safety bill ‘opens door to surveillance’, tech giants warn

Technology companies have renewed their attack on proposed laws that would force them to identify child sexual abuse in encrypted messages.

Technology companies have renewed their attack on proposed laws that would force them to identify child sexual abuse in encrypted messages.

The bosses of WhatsApp and its rival Signal have co-signed an open letter warning that the plans, contained in the Online Safety Bill, will open the door to “indiscriminate surveillance”.

The bill would give the regulator, Ofcom, the power to order companies to use technology to identify illegal material on encrypted services.

The technology has not been stipulated, however, and the companies argue that there is no way to break encryption while retaining privacy. Similar online safety legislation in Europe defends encryption for messaging services. The government says the order would be used only in “appropriate and limited circumstances”.

End-to-end encryption, which is used by WhatsApp, Signal and similar messaging services, prevents anyone but the sender and receiver from seeing the contents of their communication.

The tech bosses write in their letter: “As currently drafted, the bill could break end-to-end encryption, opening the door to routine, general and indiscriminate surveillance of personal messages of friends, family members, employees, executives, journalists, human rights activists and even politicians themselves, which would fundamentally undermine everyone’s ability to communicate securely.”

Signal has said that it would prefer to stop its service in the UK rather than comply with the measures while WhatsApp has threatened non-compliance. The companies face fines of up to 10 per cent of their global turnover for breaches.

Ciaran Martin, a former chief executive of the UK’s National Cyber Security Centre, has criticised the government’s approach, saying it risks damaging Britain’s reputation for a law that may never be used.

He has called on ministers to publish more detail on how the regulation would work. He wrote in the Financial Times: “Surely then, parliamentarians should be shown the details of a workable draft regulation before voting? If not, this controversial power will be driven through, but likely never used.”

The messaging companies have also been supported by BCS, the Chartered Institute for IT, which criticised what it called the “magical backdoor” proposed in the bill.

Child safety campaigners argue that private messaging is the “front line of online child sexual abuse” and that it is possible to balance privacy and safety.

They point to a paper from last year by two technical directors at GCHQ, the UK’s eavesdropping agency, that argues for the scanning of phones for abuse material before encryption. A similar proposal from Apple was ditched because of a privacy backlash.

Richard Collard, associate head of child safety online policy at the NSPCC, said: “Experts have demonstrated that it’s possible to tackle child abuse material and grooming in end-to-end encrypted environments. Regulation should incentivise companies to find a balanced settlement and distance themselves from false arguments that claim children’s right to safety online can only be achieved at the expense of adult privacy.”

The House of Lords will begin line-by-line scrutiny of the bill in its committee stage today.

Downing Street defended the plan, with the prime minister’s official spokesman insisting “it will not introduce routine scanning of private communication”.

“It is being developed to ensure it has the requisite safeguards so it doesn’t weaken, by default, end-to-end encryption; it is a targeted power to be used only when necessary and when other measures cannot be used,” the spokesman said.

A Home Office spokesman said: “The Online Safety Bill in no way represents a ban on end-to-end encryption . . . where it is the only effective, proportionate and necessary action available, Ofcom will be able to direct platforms to use accredited technology, or . . . develop new technology, to accurately identify child sexual abuse content.”

The letter from the technology companies has also been signed by the chief executives of the British encryption company Element and the messaging services Viber, Threema and Wire.