WhatsApp, Signal, and some other messaging apps have been trying to convince the government to rethink the Online Safety Bill.
They are worried that the bill will undermine end-to-end encryption (EE2E).
This means that the message can only be seen on the sender and recipient’s app and nowhere else.
The messaging services wouldn’t be able to see the messages either.
The government would like the regulator to be able to ask platforms to monitor users in a fight against illegal content.
One government official said, “We support strong encryption, but this cannot come at the cost of public safety”.
EE2E is the most robust security measure as only the sender and recipient can see the message.
No operators from the messaging service can unscramble the messages when they go through their systems.
What’s been said?
Some operators of encrypted messaging apps have said “Weakening encryption, undermining privacy, and introducing the mass surveillance of people’s private communications is not the way forward.”
This was said in an open letter which was signed by the head of WhatsApp and a few other messaging service executives.
Also stated in the open letter, the Online Safety Bill in its current form is the beginning of “routine, general and indiscriminate surveillance” of private messages.
Mr. Cathcart of WhatsApp said that WhatsApp would rather be entirely blocked in the UK which weakens the privacy of encrypted messaging.
Ms. Whittaker of Signal has agreed and said Signal “would absolutely, 100% walk” if encryption were to be undermined.
What would change?
E-mail services are exempt, however, Proton which is a Europe-based company known for its encrypted email service, is concerned that the features in its ‘Drive’ product could bring it within range of the bill.
The bill would allow Ofcom to force companies to scan messages, text, images, videos, and files.
However, Ofcom said that it would only go ahead with scans if there was an “urgent need” and “would need a high bar of evidence to be able to require that a technology went into an encrypted environment”.
Many have assumed that this will mean the messages are scanned by software on the device before encryption.
This is known as ‘client-side scanning’.
However, a lot of services say that this would require re-engineering of products specifically for the UK.
If you need more advice on the changing regulations on IT for your business, contact our team of IT experts.
Itek provides IT solutions for your entire IT infrastructure. Your business can experience a cost-effective service at a predictable fixed rate, removing the burden from you and your team and freeing you to focus on your goals.