Online Safety Bill UK: WhatsApp, Encryption & The Implications For Privacy

WhatsApp and other encrypted messaging service providers have signed an open letter to oppose the Online Safety Bill ahead of its final reading in the House of Lords. 

The legislation is supposed to focus on child protection - so why are WhatsApp and other organisations  opposing the proposed legislation? 

This article explains the journey of the Bill so far and why WhatsApp and other organisations are opposing the proposed legislation.

The UK Online Safety Bill Explained

The UK Online Safety Bill, which aims to increase user safety of the Internet, has already experienced delays having been subject to four Prime Ministers since it was first proposed. It has also been criticised for axing its provision which would have forced big technology platforms to take down legal but harmful material.

The latest affront on the Bill’s progress is an open letter signed by WhatsApp and other encrypted messaging service providers calling the UK Government to ‘urgently rethink’ the proposed law. The open letter, which was addressed to ‘anyone who cares about safety and privacy on the Internet’ was also signed by messaging services including Signal, Element, Session, Threema, Viber, and Wire.

Why Is WhatsApp Opposing The Online Safety Bill?

Prior to the Bill being escalated to the House of Lords, WhatsApp has openly said it would refuse to comply with it, citing the proposed plan as ‘the most concerning piece of legislation currently being discussed in the western world.’.

Leaders of the messaging services are asking the UK Government to rethink and to align the Bill with its stated intention to protect privacy rights. Currently, no one can access these encrypted messages apart from the sender and the recipient of those messages. Not even WhatsApp can see them. The only way the UK Government could get access to the messages would be to get hold of the sender or recipients’ device, which is not easy and means tipping off the user that their messages are being monitored by security services.

To get around this, the messaging service would need to have a ‘master-key’ allowing them to bypass the messages encryption. If this was introduced, it would pose greater security and privacy risks for the messaging services.

Currently, messaging services have limited security risks as they do not know the content of the messages. Recent polling by YouGov, commissioned by the NSPCC also shows overwhelming public support for tougher measures to enforce children’s safety online.  

Why Do Some Organisations Support Greater Monitoring Of Encrypted Messages?

Those in support of the Bill claim it will put new duty of care obligations on companies to keep users safe. The advancement of technology and increase in online crime including cybersecurity attacks, trolling and abuse on social media and the risks to vulnerable groups including children have rightly worried many people and organisations who want to see greater regulation of this space. Recent polling by YouGov, commissioned by the NSPCC also shows overwhelming public support for tougher measures to enforce children’s safety online. This feeling extends to organised crime, where encrypted messaging offers a haven for illicit activity which is currently inaccessible to law enforcement.

Regardless of where you stand on this debate, the Online Safety Bill appears to contradict the Government’s’ goal to make the UK a technology powerhouse which most assume would need a lighter touch on regulation.

Imposing such regulatory requirements on tech companies could lead to their exit from the UK market altogether. The Government has not yet clarified how it plans to resolve this apparent contradiction. Our team will continue to closely monitor the developments and what the implications will be for clients.

 Andrew Parsons is a Partner at Womble Bond Dickinson 

You Might Also Read: 

Human Error Is A Hacker's Dream:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Selling Digital Insecurity
Sharing Threat Intelligence »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ACME Communications

ACME Communications

ACME Communications specialises in the field of data centre, implementation, maintenance & operation and all aspects of other IT service.

ZM CIRT

ZM CIRT

ZM CIRT is the national Computer Incident Response Team for Zambia.

Positive Technologies

Positive Technologies

Positive Technologies is a leading global provider of enterprise security solutions for vulnerability and compliance management, incident and threat analysis, and application protection.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Excelsecu Data Technology

Excelsecu Data Technology

Excelsecu is a global solution provider of online identity authentication, widely applied in banks, government bodies and enterprises.

Knovos

Knovos

Knovos is a leading technology innovator developing solutions for automating, integrating, and innovating Information Governance.

Ascend Technologies

Ascend Technologies

Ascend Technologies offers a full suite of managed IT services including: Cloud & Infrastructure Management, Cybersecurity Management, Service Desk Management, Application Management , Data Management

Digital Beachhead

Digital Beachhead

Digital Beachhead has the expertise to provide a range of Cyber Risk Management and other Professional Services with specifically tailored solutions at competitive prices.

JFrog

JFrog

JFrog is on a mission to enable continuous updates through Liquid Software, empowering developers to code high-quality applications that securely flow to end-users with zero downtime.

Deeper Network

Deeper Network

Deeper Network represents the world's first decentralized blockchain network for building a truly private, secure and fair Internet.

Vantage Point Security

Vantage Point Security

Vantage Point are specialists in penetration testing and application security with a focus on the industries undergoing rapid digital transformation.

Radiance Technologies

Radiance Technologies

Radiance solutions provide technological advantage and operational superiority for our nation in the areas of intelligence, cyber and advanced weapon systems.

ZainTech

ZainTech

Zaintech is a regional digital & ICT solutions provider offering comprehensive digital solutions and services to enterprise and government customers in the MENA region.

Xact IT Solutions

Xact IT Solutions

Xact IT Solutions are a certified cybersecurity firm offering cybersecurity, compliance and managed services.

ZEUSS

ZEUSS

ZEUSS is a diversified data center, cybersecurity, and green energy company.

Project Cypher

Project Cypher

Project Cypher leverages the latest cybersecurity developments, a world class team of hackers and constant R&D to provide you with unparalleled cybersecurity offerings.