Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

Industry expert: Government trying to undermine encryption in Online Safety Bill

The Bill is next due to be heard in the House of Lords on Thursday.

Harry Stedman
Wednesday 05 July 2023 11:14 BST
Meredith Whittaker is concerned the Bill will set a dangerous precedent (Florian Hetz/PA)
Meredith Whittaker is concerned the Bill will set a dangerous precedent (Florian Hetz/PA)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

The Government is trying to undermine the use of encryption by big technology companies in its draft Online Safety Bill, an industry expert has claimed.

Meredith Whittaker, president of secure messaging service Signal, said a provision in the Bill focused on encryption had “significant issues” around the mass surveillance of private information.

End-to-end encryption is a security measure that protects data and communications by scrambling them, meaning only the sender and recipient are able to read the data.

It is widely used to safeguard sensitive information, with Signal and fellow messaging service WhatsApp among its high-profile users.

Encryption is a technology that protects privacy and expression, and it either works for everyone or it is broken for everyone

Meredith Whittaker, president of Signal

The proposed Online Safety Bill, which is next due to be heard in the House of Lords on Thursday, will aim to tackle illegal and harmful content online by imposing new legal requirements on big tech companies.

This includes giving the regulator Ofcom greater powers to monitor private information that was previously encrypted.

Ms Whittaker told the PA news agency: “The bulk of this could be remedied by adding a sentence fragment to the provision in the Bill, that simply clarifies that Ofcom will not use this power to force an entity to adulterate or undermine its end-to-end encryption. That’s really what we are asking for.

“Lord [Daniel] Moylan has tabled an amendment in the past that would do just this.

“What I heard from Damian [Collins MP, former technology minister] is that he and others are unwilling to do that because they want to be able to force [Facebook’s partner application] Messenger and other services not to implement encryption.

“So it’s very clear there is not just an attack on encrypted services, but a play to prevent other actors from operating this privacy.”

Home Secretary Suella Braverman told the House of Commons on Monday that allowing Messenger to introduce encryption could hinder efforts to proactively detect and report instances of child grooming and other abuse material online.

However, Ms Whittaker said countries around the world were looking to the UK to take the first steps in such legislation, and passing the Bill as it is would set a precedent that authoritarian governments will follow.

“Encryption is a technology that protects privacy and expression, and it either works for everyone or it is broken for everyone, leaving infrastructure vulnerable to hackers, to exploitation and to social control if those powers fall into the hands of the wrong regime,” she said.

Describing the Online Safety Bill as “extraordinarily important”, Ms Whittaker, who started her career at tech giant Google, said the legislation was also vital from a business perspective.

WhatsApp owner Meta threatened to withdraw the service from the UK last March rather than submit to the proposed policies.

I think there is also a real economic threat that this legislation poses to the UK’s desires to be a leader in technology and AI

Meredith Whittaker, president of Signal

She said: “I think there is also a real economic threat that this legislation poses to the UK’s desires to be a leader in technology and AI.

“I’m hearing from AI leaders that I know that there is a concern that this Bill reveals that the UK Government does not have a coherent position on technology.”

Despite her concerns around encryption, Ms Whittaker said the Online Safety Bill more broadly also contained some “very positive” provisions and remained hopeful a resolution could be found.

She said: “I would at this moment register cautious optimism. My sense is this provision was snuck in at the last minute – it was only added in September [2022] and that was a fairly chaotic time in the UK.

People with a lot on their plates didn’t necessarily understand the significance of what was happening – it flew under the radar.”

Children’s charity the NSPCC has accused some tech companies of trying to “pit children’s fundamental right to safety against the privacy rights of adults”, and said polling suggested they are “out of step” with the public on the issue.

The charity said its YouGov survey of 1,723 adults across the UK in April found “overwhelming public support for measures to protect children from abuse in private messaging”.

Almost three quarters (73%) said they felt technology companies should be required by law to use accredited technology to identify child sexual abuse in end-to-end encrypted messaging apps, while 79% said firms should develop technology that allows them to identify child abuse in such apps.

Richard Collard, head of child safety online policy at the NSPCC, said: “Most tech companies already scan for child sexual abuse on their apps and messaging services leading to more than 1,000 children being protected from sexual abuse every month.

“It is now clear that companies who wish to pit children’s fundamental right to safety against the privacy rights of adults are out of step with the public and, ultimately, their user base.

“Tech firms can show industry leadership by working with regulators, child safety advocates and safety tech companies to invest in technology that protects both the safety and privacy rights of all users.”

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in