Online Safety Bill UK: WhatsApp, Encryption & The Implications For Privacy

Uploaded on 2023-04-19 in FREE TO VIEW, BUSINESS-Services-Law

WhatsApp and other encrypted messaging service providers have signed an open letter to oppose the Online Safety Bill ahead of its final reading in the House of Lords. 

The legislation is supposed to focus on child protection - so why are WhatsApp and other organisations  opposing the proposed legislation? 

This article explains the journey of the Bill so far and why WhatsApp and other organisations are opposing the proposed legislation.

The UK Online Safety Bill Explained

The UK Online Safety Bill, which aims to increase user safety of the Internet, has already experienced delays having been subject to four Prime Ministers since it was first proposed. It has also been criticised for axing its provision which would have forced big technology platforms to take down legal but harmful material.

The latest affront on the Bill’s progress is an open letter signed by WhatsApp and other encrypted messaging service providers calling the UK Government to ‘urgently rethink’ the proposed law. The open letter, which was addressed to ‘anyone who cares about safety and privacy on the Internet’ was also signed by messaging services including Signal, Element, Session, Threema, Viber, and Wire.

Why Is WhatsApp Opposing The Online Safety Bill?

Prior to the Bill being escalated to the House of Lords, WhatsApp has openly said it would refuse to comply with it, citing the proposed plan as ‘the most concerning piece of legislation currently being discussed in the western world.’.

Leaders of the messaging services are asking the UK Government to rethink and to align the Bill with its stated intention to protect privacy rights. Currently, no one can access these encrypted messages apart from the sender and the recipient of those messages. Not even WhatsApp can see them. The only way the UK Government could get access to the messages would be to get hold of the sender or recipients’ device, which is not easy and means tipping off the user that their messages are being monitored by security services.

To get around this, the messaging service would need to have a ‘master-key’ allowing them to bypass the messages encryption. If this was introduced, it would pose greater security and privacy risks for the messaging services.

Currently, messaging services have limited security risks as they do not know the content of the messages. Recent polling by YouGov, commissioned by the NSPCC also shows overwhelming public support for tougher measures to enforce children’s safety online.  

Why Do Some Organisations Support Greater Monitoring Of Encrypted Messages?

Those in support of the Bill claim it will put new duty of care obligations on companies to keep users safe. The advancement of technology and increase in online crime including cybersecurity attacks, trolling and abuse on social media and the risks to vulnerable groups including children have rightly worried many people and organisations who want to see greater regulation of this space. Recent polling by YouGov, commissioned by the NSPCC also shows overwhelming public support for tougher measures to enforce children’s safety online. This feeling extends to organised crime, where encrypted messaging offers a haven for illicit activity which is currently inaccessible to law enforcement.

Regardless of where you stand on this debate, the Online Safety Bill appears to contradict the Government’s’ goal to make the UK a technology powerhouse which most assume would need a lighter touch on regulation.

Imposing such regulatory requirements on tech companies could lead to their exit from the UK market altogether. The Government has not yet clarified how it plans to resolve this apparent contradiction. Our team will continue to closely monitor the developments and what the implications will be for clients.

 Andrew Parsons is a Partner at Womble Bond Dickinson 

You Might Also Read: 

Human Error Is A Hacker's Dream:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Selling Digital Insecurity
Sharing Threat Intelligence »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

NATO Cooperative Cyber Defence Centre (CCDCOE)

NATO Cooperative Cyber Defence Centre (CCDCOE)

NATO CCDCOE's mission is to enhance the capability, cooperation and information sharing among NATO, NATO nations and partners in cyber defence.

RiskSense

RiskSense

RiskSense empowers enterprises and governments to reveal cyber risk, quickly orchestrate remediation, and monitor the results.

Payload Security

Payload Security

Payload Security's VxStream Sandbox is a fully automated malware analysis system.

Atos

Atos

Atos provides a unique Cyber Security end to end solution with a data-centric and pre-emptive security approach.

Cyberwrite

Cyberwrite

Cyberwrite was founded to provide underwriters around the world a unique and innovative Cyber Underwriting platform.

Centurion Information Security

Centurion Information Security

Centurion Information Security is a consulting firm based in Singapore that specialises in penetration testing and security assessment services.

Volatility Foundation

Volatility Foundation

Volatility is an open source memory forensics framework for incident response and malware analysis.

Blaze Information Security

Blaze Information Security

Blaze Information Security is a privately held, independent information security firm born from years of combined experience and international presence.

GlobalPlatform

GlobalPlatform

GlobalPlatform’s specifications are highly regarded as the international standard for enabling digital services and devices to be trusted and securely managed throughout their lifecycle.

Snode Technologies

Snode Technologies

Snode's Guardian cybersecurity platform uses AI and machine learning to monitor, detect and proactively respond to all threats on every device within your network.

Sixteenth Air Force (Air Forces Cyber)

Sixteenth Air Force (Air Forces Cyber)

Air Forces Cyber provides mission integration of Information Warfare at operational and tactical levels, creating dilemmas for adversaries in competition and, if necessary, future conflicts.

Technology Innovation Institute (TII)

Technology Innovation Institute (TII)

TII is a UAE-based research center that aims to lead global advances in AI, robotics, quantum computing, cryptography and secure communications and more.

Vercara

Vercara

Vercara offers a purpose-built, global cloud security platform that provides layers of protection to safeguard businesses’ online presence, no matter where an attack comes from or where it is aimed.

Lasso Security

Lasso Security

Lasso Security is a pioneer cybersecurity company ensuring comprehensive protection for businesses leveraging generative AI and other large language model technologies.

Anzen Technology Systems

Anzen Technology Systems

Anzen create software solutions which allows organisations to utilize the public cloud for sensitive or classified information, whilst increasing data security and retaining data sovereignty.

Screwloose IT

Screwloose IT

Screwloose IT are a national provider of information technology services. We specialise in managed IT, cloud services, cyber security, website design and digital marketing for businesses of all sizes.