Online Safety Bill UK: WhatsApp, Encryption & The Implications For Privacy

Uploaded on 2023-04-19 in FREE TO VIEW, BUSINESS-Services-Law

WhatsApp and other encrypted messaging service providers have signed an open letter to oppose the Online Safety Bill ahead of its final reading in the House of Lords. 

The legislation is supposed to focus on child protection - so why are WhatsApp and other organisations  opposing the proposed legislation? 

This article explains the journey of the Bill so far and why WhatsApp and other organisations are opposing the proposed legislation.

The UK Online Safety Bill Explained

The UK Online Safety Bill, which aims to increase user safety of the Internet, has already experienced delays having been subject to four Prime Ministers since it was first proposed. It has also been criticised for axing its provision which would have forced big technology platforms to take down legal but harmful material.

The latest affront on the Bill’s progress is an open letter signed by WhatsApp and other encrypted messaging service providers calling the UK Government to ‘urgently rethink’ the proposed law. The open letter, which was addressed to ‘anyone who cares about safety and privacy on the Internet’ was also signed by messaging services including Signal, Element, Session, Threema, Viber, and Wire.

Why Is WhatsApp Opposing The Online Safety Bill?

Prior to the Bill being escalated to the House of Lords, WhatsApp has openly said it would refuse to comply with it, citing the proposed plan as ‘the most concerning piece of legislation currently being discussed in the western world.’.

Leaders of the messaging services are asking the UK Government to rethink and to align the Bill with its stated intention to protect privacy rights. Currently, no one can access these encrypted messages apart from the sender and the recipient of those messages. Not even WhatsApp can see them. The only way the UK Government could get access to the messages would be to get hold of the sender or recipients’ device, which is not easy and means tipping off the user that their messages are being monitored by security services.

To get around this, the messaging service would need to have a ‘master-key’ allowing them to bypass the messages encryption. If this was introduced, it would pose greater security and privacy risks for the messaging services.

Currently, messaging services have limited security risks as they do not know the content of the messages. Recent polling by YouGov, commissioned by the NSPCC also shows overwhelming public support for tougher measures to enforce children’s safety online.  

Why Do Some Organisations Support Greater Monitoring Of Encrypted Messages?

Those in support of the Bill claim it will put new duty of care obligations on companies to keep users safe. The advancement of technology and increase in online crime including cybersecurity attacks, trolling and abuse on social media and the risks to vulnerable groups including children have rightly worried many people and organisations who want to see greater regulation of this space. Recent polling by YouGov, commissioned by the NSPCC also shows overwhelming public support for tougher measures to enforce children’s safety online. This feeling extends to organised crime, where encrypted messaging offers a haven for illicit activity which is currently inaccessible to law enforcement.

Regardless of where you stand on this debate, the Online Safety Bill appears to contradict the Government’s’ goal to make the UK a technology powerhouse which most assume would need a lighter touch on regulation.

Imposing such regulatory requirements on tech companies could lead to their exit from the UK market altogether. The Government has not yet clarified how it plans to resolve this apparent contradiction. Our team will continue to closely monitor the developments and what the implications will be for clients.

 Andrew Parsons is a Partner at Womble Bond Dickinson 

You Might Also Read: 

Human Error Is A Hacker's Dream:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Selling Digital Insecurity
Sharing Threat Intelligence »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

TBG Security

TBG Security

TBG provides a portfolio of services including cyber security, compliance and continuity solutions.

Council on Foreign Relations (CFR)

Council on Foreign Relations (CFR)

CFR is dedicated to better understanding the world and the foreign policy choices facing the USA and other countries. Cyber security is covered within the CFR topic areas.

IGX Global

IGX Global

IGX Global is a provider of information network and security integration services and products.

RedShield Security

RedShield Security

RedShield is the world's first web application shielding-with-a-service company.

InPhySec

InPhySec

InPhySec is a leading New Zealand information, physical and cyber security company.

Zeguro

Zeguro

Zeguro provides complete cybersecurity risk assessment, mitigation and insurance, allowing you to easily manage your cyber risk.

Seconize

Seconize

Seconize empowers enterprises to proactively manage their cyber risks, prioritize remediations, optimize security spending and ensure compliance.

AMSYS Innovative Solutions

AMSYS Innovative Solutions

AMSYS is a full-service, 24/7/365 IT solutions, Cybersecurity & Managed Service Provider.

Pathlock

Pathlock

Pathlock (formerly Greenlight) help enterprises and organizations automate the enforcement of any process, access, or IT general control, for any business application.

Votiro

Votiro

Votiro is an award-winning cybersecurity company that specializes in file sanitization, ensuring every organization is safe from zero-day and undisclosed attacks.

Torch.AI

Torch.AI

Torch.AI’s Nexus™ platform changes the paradigm of data and digital workflows, forever solving core impediments caused by the ever-increasing volume and complexity of information.

Fullstack Academy

Fullstack Academy

A trailblazer in bootcamp education, Fullstack Academy prepares students for fulfilling careers in tech through our NYC campus, online learning, and university partnerships.

ExtraHop

ExtraHop

ExtraHop's dynamic cyber defense platform uses cloud-scale AI to help enterprises detect and respond to advanced threats - before they compromise your business.

Chainguard

Chainguard

Founded by the industry's leading experts on open source software, security and cloud native development, Chainguard are on a mission to make the software supply chain secure by default.

Hook Security

Hook Security

Setting a new standard in security awareness. Hook Security is a people-first company that uses psychological security training to help companies create security-aware culture.

A&O Shearman

A&O Shearman

A&O Shearman is a law firm at the forefront of the forces changing the current of global business: energy transition, life sciences, technology, private capital, finance and beyond.