Online Safety Bill UK: WhatsApp, Encryption & The Implications For Privacy

Uploaded on 2023-04-19 in FREE TO VIEW, BUSINESS-Services-Law

WhatsApp and other encrypted messaging service providers have signed an open letter to oppose the Online Safety Bill ahead of its final reading in the House of Lords. 

The legislation is supposed to focus on child protection - so why are WhatsApp and other organisations  opposing the proposed legislation? 

This article explains the journey of the Bill so far and why WhatsApp and other organisations are opposing the proposed legislation.

The UK Online Safety Bill Explained

The UK Online Safety Bill, which aims to increase user safety of the Internet, has already experienced delays having been subject to four Prime Ministers since it was first proposed. It has also been criticised for axing its provision which would have forced big technology platforms to take down legal but harmful material.

The latest affront on the Bill’s progress is an open letter signed by WhatsApp and other encrypted messaging service providers calling the UK Government to ‘urgently rethink’ the proposed law. The open letter, which was addressed to ‘anyone who cares about safety and privacy on the Internet’ was also signed by messaging services including Signal, Element, Session, Threema, Viber, and Wire.

Why Is WhatsApp Opposing The Online Safety Bill?

Prior to the Bill being escalated to the House of Lords, WhatsApp has openly said it would refuse to comply with it, citing the proposed plan as ‘the most concerning piece of legislation currently being discussed in the western world.’.

Leaders of the messaging services are asking the UK Government to rethink and to align the Bill with its stated intention to protect privacy rights. Currently, no one can access these encrypted messages apart from the sender and the recipient of those messages. Not even WhatsApp can see them. The only way the UK Government could get access to the messages would be to get hold of the sender or recipients’ device, which is not easy and means tipping off the user that their messages are being monitored by security services.

To get around this, the messaging service would need to have a ‘master-key’ allowing them to bypass the messages encryption. If this was introduced, it would pose greater security and privacy risks for the messaging services.

Currently, messaging services have limited security risks as they do not know the content of the messages. Recent polling by YouGov, commissioned by the NSPCC also shows overwhelming public support for tougher measures to enforce children’s safety online.  

Why Do Some Organisations Support Greater Monitoring Of Encrypted Messages?

Those in support of the Bill claim it will put new duty of care obligations on companies to keep users safe. The advancement of technology and increase in online crime including cybersecurity attacks, trolling and abuse on social media and the risks to vulnerable groups including children have rightly worried many people and organisations who want to see greater regulation of this space. Recent polling by YouGov, commissioned by the NSPCC also shows overwhelming public support for tougher measures to enforce children’s safety online. This feeling extends to organised crime, where encrypted messaging offers a haven for illicit activity which is currently inaccessible to law enforcement.

Regardless of where you stand on this debate, the Online Safety Bill appears to contradict the Government’s’ goal to make the UK a technology powerhouse which most assume would need a lighter touch on regulation.

Imposing such regulatory requirements on tech companies could lead to their exit from the UK market altogether. The Government has not yet clarified how it plans to resolve this apparent contradiction. Our team will continue to closely monitor the developments and what the implications will be for clients.

 Andrew Parsons is a Partner at Womble Bond Dickinson 

You Might Also Read: 

Human Error Is A Hacker's Dream:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Selling Digital Insecurity
Sharing Threat Intelligence »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Navista

Navista

Navista's hardware and software modules are especially designed to ease the deployment of secure networks.

Arista Networks

Arista Networks

Arista Networks is an industry leader in data-driven, client to cloud networking for large data center, campus and routing environments.

Authenware

Authenware

AuthenWare delivers the highest level of identity security based on behavioral biometrics.

Luxembourg Institute of Science & Technology (LIST)

Luxembourg Institute of Science & Technology (LIST)

LIST is a mission-driven Research and Technology Organisation. Areas of research include IT and aspects of IT security.

Dragos

Dragos

Dragos has built the first industrial cybersecurity ecosystem, the ultimate security defense.

Cansure

Cansure

Cansure is a leading insurance provider in Canada offering a broad range of property & casualty insurance solutions including Cyber & Data Breach insurance.

Cog Systems

Cog Systems

Cog Systems offer an embedded solution built on modularity, proactive security, trustworthiness, and adaptability to enable highly secure connected devices.

Penningtons Manches Cooper

Penningtons Manches Cooper

Penningtons Manches Cooper is a leading UK law firm providing high quality legal advice in areas including Data Protection, Cyber Security and Cyber Crime.

Elemental Cyber Security

Elemental Cyber Security

Elemental is a game changing cyber security compliance automation and enforcement technology provider.

Industrial Control System Information Sharing and Analysis Center (ICS-ISAC)

Industrial Control System Information Sharing and Analysis Center (ICS-ISAC)

ICS-ISAC is a non-profit, public/private Knowledge Sharing Center established to help facilities develop situational awareness in support of local, national and international security.

Cyber Range Solutions (CRS)

Cyber Range Solutions (CRS)

CRS provides cyber security training and improve security team performance by providing a hyper realistic, virtual training environment.

Everbridge

Everbridge

Everbridge provides enterprise software applications that automate and accelerate organizations’ operational response to critical events in order to keep people safe and businesses running.

Valimail

Valimail

Valimail delivers the only complete, cloud-native platform for validating and authenticating sender identity to stop phishing, protect and amplify brands, and ensure compliance.

Canadian Cyber Threat Exchange (CCTX)

Canadian Cyber Threat Exchange (CCTX)

The CCTX is Canada’s not-for-profit, private-sector cyber threat sharing hub and collaboration centre.

Astra Cybertech

Astra Cybertech

At Astra Cybertech, we're more than just cybersecurity experts - we're your partners in safeguarding your digital assets.

DigiGlass

DigiGlass

DigiGlass is a cutting-edge cybersecurity service provider powered by Redington Gulf, a leading technology distributor in the Middle East and Africa.