WhatsApp, Signal, and a host of other messaging services have joined forces in opposing the Online Safety Bill of the UK, urging the government to ‘urgently rethink’ sections of the Bill to ensure that it does not undermine the privacy and safety of users. This comes after both the aforementioned services said that they would rather cease operations in the UK rather than weaken their encryption standards under the Online Safety Bill.
Leaders from the messaging services signed an open letter to rethink the Bill to ensure that it aligns with “the Government’s stated intention to protect end-to-end encryption and respect the human right to privacy.” End-to-end encryption (E2EE) has been a part and parcel of these messaging services for quite some time, and now, the companies are apprehensive that the proposed UK law will undermine E2EE. “Global providers of end-to-end encrypted products and services cannot weaken the security of their products and services to suit individual governments,” the letter reads. “There cannot be a ‘British internet’ or a version of end-to-end encryption that is specific to the UK.
The letter was signed by Matthew Hodgson (CEO of Element), Alex Linton (director at Oxen Privacy Tech Foundation and Session), Will Cathcart (head of WhatsApp at Meta), Meredith Whittaker (Signal president), Martin Blatter (CEO of Threema), Ofir Eyal (CEO of Viber), and Alan Duric (CTO of Wire). Signal later took to Twitter to announce the development, posting the open letter on the micro-blogging site. “Our position remains clear. We will not back down on providing private, safe communications. Today, we join with other encrypted messengers pushing back on the UK’s flawed Online Safety Bill,” it wrote in the tweet.
Our position remains clear. We will not back down on providing private, safe communications. Today, we join with other encrypted messengers pushing back on the UK's flawed Online Safety Bill. pic.twitter.com/MwGBgcvgjk
— Signal (@signalapp) April 18, 2023
“We don’t think any company, government, or person should have the power to read your personal messages and we’ll continue to defend encryption technology. We’re proud to stand with other technology companies in our industry pushing back against the misguided parts of this law that would make people in the UK and around the world less safe,” the open letter read.
We believe that only your intended recipient should be able to read your personal messages.
So we’ve signed a letter that highlights our concerns with the UK's Online Safety Bill — a law that could force companies to break end-to-end encryption and put your privacy at risk.
— WhatsApp (@WhatsApp) April 18, 2023
The messaging services argue that if the Online Safety Bill is passed, then it could confer “unelected officials” with the ability to “weaken the privacy of billions of people around the world.” “Weakening encryption, undermining privacy, and introducing the mass surveillance of people’s private communications is not the way forward,” they warned, adding that E2EE could be broken by the bill and that it opens the door to “routine, general and indiscriminate surveillance” of personal messages, risking “emboldening hostile governments who may seek to draft copycat laws.”
For those who do not know, E2EE ensures that messages sent between users are encrypted at the sender’s end and can only be decrypted by the intended recipient, without any intermediaries, including the service provider, being able to access or read the contents of the messages. With end-to-end subscription in messaging, users can enjoy a secure and private messaging experience where their messages are protected from unauthorized access, interception, or surveillance.
This is the latest criticism faced by the Online Safety Bill, which has already been under fire for its potential to allow the UK government and the Office of Communications (OFCOM) to abuse their powers when moderating online platforms. Since it is in charge of protecting underage and adult users online by holding social media companies accountable for their safety, the Bill requires the companies to scan messages for material that may pertain to the abuse of children. However, its positive potential is rivaled by its negative one, wherein the UK government can render the concept of “private” messages null and void by actively scanning messages on E2EE services.
“We support strong encryption, but this cannot come at the cost of public safety,” a government official commented, adding that “tech companies have a moral duty to ensure they are not blinding themselves and law enforcement to the unprecedented levels of child sexual abuse on their platforms. The Online Safety Bill in no way represents a ban on end-to-end encryption, nor will it require services to weaken encryption.”