Platforms Issue 'Urgent' Warning Against UK Online Safety Bill

WhatsApp, Signal and other messaging services have written to the UK government asking it to urgently rethink its proposed Online Safety Bill (OSB).

The bill - as regular readers will know - is pitched as a way to regulate harmful content on the internet such as child sex abuse material (CSAM) or terrorist content. It has been slowly working its way through parliament for the last two years, getting more and more comprehensive all the time.

One of its more controversial aspects has been the threat to end-to-end encryption implied by the requirement for platforms to monitor user content, with the prospect of huge fines if they fail to comply.

The only effective way to do this is through the use of client-side scanning, where images are inspected before being encrypted. It's a technique, though, that creates serious security concerns, and when Apple tried to introduce it to its iMessage service last year, it was quickly forced to reverse the decision.

In the open letter, signed by senior executives from Element, Session, Signal, Threema, Viber, WhatsApp and Wire, the platforms make it clear that they too aren't happy.

"As currently drafted, the Bill could break end-to-end encryption, opening the door to routine, general and indiscriminate surveillance of personal messages of friends, family members, employees, executives, journalists, human rights activists and even politicians themselves, which would fundamentally undermine everyone’s ability to communicate securely," it reads.

"The Bill provides no explicit protection for encryption, and if implemented as written, could empower Ofcom to try to force the proactive scanning of private messages on end-to-end encrypted communication services - nullifying the purpose of end-to-end encryption as a result and compromising the privacy of all users."

There are also, of course, concerns about security in the event that protection is weakened against criminals and hostile nation states. And as the letter points out, even the United Nations has warned of 'potentially dire' consequences if the bill is implemented as it stands.

Signal has already declared that it would pull out of the UK if it is forced to weaken encryption, with president Meredith Whittaker telling the BBC the company would "absolutely 100 per cent walk rather than ever undermine the trust that people place in us to provide a truly private means of communication."

And there are implications for smaller companies too.

"The legislation will not only impact the general public, but will also hurt UK startups and businesses trying to compete against big tech companies," says Element founder Matthew Hodgson.

"The moderation demands set by the bill will be too overwhelming for smaller companies to comply with, while bad actors will simply keep using unregulated apps. Meanwhile, big tech will gleefully profit from the reduction in privacy by monetizing user data."

And BCS, The Chartered Institute for IT, says the bill could be "exactly what many bad actors would welcome", with only 14 per cent of its members believing it was fit for purpose.

The bill is expected to come into force next year.