WhatsApp and other secure messaging apps have sounded the alarm about an “unprecedented threat” to UK citizens and people who communicate with them.
It is the latest alarm from WhatsApp, Signal and others about the UK’s planned Online Safety Bill. The legislation aims to protect people online – but security experts have warned that parts of the bill could force apps to weaken the technology that keeps messages safe.
As such, the law would pose an “unprecedented threat to the privacy, safety and security of every UK citizen and the people with whom they communicate around the world”, according to a new open letter.
That letter was addressed to “anyone who cares about safety and privacy on the internet”, and was signed by the head of not only WhatsApp but also Signal, Viber, Element, OPTF/Session, Threema and Wire.
“Private messages are private,” wrote Will Cathcart, head of WhatsApp, in a separate tweet. “We oppose proposals to scan people’s private messages, and we’re proud to stand with other apps to defend encryption and your right to privacy.”
Mr Cathcart has repeatedly suggested that WhatsApp could be forced to turn off service for UK citizens, since it would refuse to comply with any rules that required it to weaken security. Signal and other apps have said they would take the same stance.
“As end-to-end-encrypted communication services, we urge the UK Government to address the risks that the Online Safety Bill poses to everyone’s privacy and safety,” the letter begins. “It is not too late to ensure that the Bill aligns with the Government’s stated intention to protect end-to-end encryption and respect the human right to privacy.”
The government has indicated that it is not the intention of the bill that it will be used to limit end-to-end encryption. But critics and messaging apps have argued that the legislation should be written more precisely, to ensure that it cannot be used that way.
End-to-end encryption is a technology used in apps such as WhatsApp to ensure that only the sender and recipient of a message can read it. It means that the message cannot be intercepted by third-parties – locking out law enforcement and hackers, as well as the messaging platforms themselves.
Messaging apps have voiced concern that the new law could allow regulator Ofcom to force apps to scan through messages to ensure that illegal content such as child abuse imagery is not being distributed on their platform. But security experts say that would require weakening security for everyone, since there is no way to break encryption on specific messages.
“As currently drafted, the Bill could break end-to-end encryption, opening the door to routine, general and indiscriminate surveillance of personal messages of friends, family members, employees, executives, journalists, human rights activists and even politicians themselves, which would fundamentally undermine everyone’s ability to communicate securely,” the letter reads.
“The Bill provides no explicit protection for encryption, and if implemented as written, could empower Ofcom to try to force the proactive scanning of private messages on end-to-end encrypted communication services - nullifying the purpose of end-to-end encryption as a result and compromising the privacy of all users.”
It ends with a plea to the government to rewrite the bill. While it does not threaten to cut off service if the bill is not changed, WhatsApp and others have repeatedly made clear that they could do so.
“The UK Government must urgently rethink the Bill, revising it to encourage companies to offer more privacy and security to its residents, not less. Weakening encryption, undermining privacy, and introducing the mass surveillance of people’s private communications is not the way forward,” it concludes.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies