Online Safety Bill UK: WhatsApp, Encryption & The Implications For Privacy

Uploaded on 2023-04-19 in FREE TO VIEW, BUSINESS-Services-Law

WhatsApp and other encrypted messaging service providers have signed an open letter to oppose the Online Safety Bill ahead of its final reading in the House of Lords. 

The legislation is supposed to focus on child protection - so why are WhatsApp and other organisations  opposing the proposed legislation? 

This article explains the journey of the Bill so far and why WhatsApp and other organisations are opposing the proposed legislation.

The UK Online Safety Bill Explained

The UK Online Safety Bill, which aims to increase user safety of the Internet, has already experienced delays having been subject to four Prime Ministers since it was first proposed. It has also been criticised for axing its provision which would have forced big technology platforms to take down legal but harmful material.

The latest affront on the Bill’s progress is an open letter signed by WhatsApp and other encrypted messaging service providers calling the UK Government to ‘urgently rethink’ the proposed law. The open letter, which was addressed to ‘anyone who cares about safety and privacy on the Internet’ was also signed by messaging services including Signal, Element, Session, Threema, Viber, and Wire.

Why Is WhatsApp Opposing The Online Safety Bill?

Prior to the Bill being escalated to the House of Lords, WhatsApp has openly said it would refuse to comply with it, citing the proposed plan as ‘the most concerning piece of legislation currently being discussed in the western world.’.

Leaders of the messaging services are asking the UK Government to rethink and to align the Bill with its stated intention to protect privacy rights. Currently, no one can access these encrypted messages apart from the sender and the recipient of those messages. Not even WhatsApp can see them. The only way the UK Government could get access to the messages would be to get hold of the sender or recipients’ device, which is not easy and means tipping off the user that their messages are being monitored by security services.

To get around this, the messaging service would need to have a ‘master-key’ allowing them to bypass the messages encryption. If this was introduced, it would pose greater security and privacy risks for the messaging services.

Currently, messaging services have limited security risks as they do not know the content of the messages. Recent polling by YouGov, commissioned by the NSPCC also shows overwhelming public support for tougher measures to enforce children’s safety online.  

Why Do Some Organisations Support Greater Monitoring Of Encrypted Messages?

Those in support of the Bill claim it will put new duty of care obligations on companies to keep users safe. The advancement of technology and increase in online crime including cybersecurity attacks, trolling and abuse on social media and the risks to vulnerable groups including children have rightly worried many people and organisations who want to see greater regulation of this space. Recent polling by YouGov, commissioned by the NSPCC also shows overwhelming public support for tougher measures to enforce children’s safety online. This feeling extends to organised crime, where encrypted messaging offers a haven for illicit activity which is currently inaccessible to law enforcement.

Regardless of where you stand on this debate, the Online Safety Bill appears to contradict the Government’s’ goal to make the UK a technology powerhouse which most assume would need a lighter touch on regulation.

Imposing such regulatory requirements on tech companies could lead to their exit from the UK market altogether. The Government has not yet clarified how it plans to resolve this apparent contradiction. Our team will continue to closely monitor the developments and what the implications will be for clients.

 Andrew Parsons is a Partner at Womble Bond Dickinson 

You Might Also Read: 

Human Error Is A Hacker's Dream:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Selling Digital Insecurity
Sharing Threat Intelligence »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Solarflare

Solarflare

Solarflare is a leading provider of intelligent networking I/O software and hardware platforms that accelerate, monitor and secure network data.

CFC Underwriting

CFC Underwriting

CFC is a specialist insurance provider and a pioneer in emerging risk, including cyber insurance.

SteelCloud

SteelCloud

SteelCloud has spent the last decade inventing technology to automate policy compliance, configuration control, and Cloud security.

Hellenic Accreditation System (ESYD)

Hellenic Accreditation System (ESYD)

ESYD is the national accreditation body for Greece. The directory of members provides details of organisations offering certification services for ISO 27001.

Fischer Identity

Fischer Identity

Fischer Identity provide identity & access management and identity governance administration solutions.

Southwest Research Institute (SwRI)

Southwest Research Institute (SwRI)

Southwest Research Institute SwRI are R&D problem solvers providing independent services to government and industry clients. Areas of expertise include Cybersecurity, Intelligent Networks and IoT.

TechRate

TechRate

Techrate is an analytics agency focused on blockchain technology and engineering. Or expertise includes security and technical audits of projects.

Amadeus Capital Partners

Amadeus Capital Partners

Amadeus Capital Partners offers over 20 years’ experience in technology investment. Our areas of focus include AI & machine learning and cyber security.

Socure

Socure

Socure’s identity verification increases auto approval rates, reduces false positives and captures more fraud. In real time.

National Security Services Group (NSSG)

National Security Services Group (NSSG)

National Security Services Group (NSSG) is Oman's leading and only proprietary Cybersecurity consultancy firm and Managed Security Services Provider.

Hackuity

Hackuity

Hackuity is a breakthrough technology solution that rethinks the way of managing IT vulnerabilities in enterprises.

Performance Technologies

Performance Technologies

As a leading IT Solutions Provider in Greece, Performance Technologies delivers reliable, long life solutions, ensuring continuous availability of business-critical services and information.

Edgio

Edgio

Edgio provides unmatched speed, security, and simplicity at the edge through globally-scaled media and applications platforms.

TuxCare

TuxCare

TuxCare make Linux more secure. We take care of Linux so that organizations can use Linux to support environments that require high levels of Cybersecurity, stability, and availability.

Synergy ECP

Synergy ECP

Synergy ECP has a talented, dedicated staff to provide a broad range of services to the defense and intelligence industries.

Prizsm Technologies

Prizsm Technologies

Prizsm is a computational storage capability that provides flexible, easy-to-use, resilient solutions for quantum-resistant, hyper-secure cloud storage and communications.