‘Serious threat’: Tech world braces as UK privacy bill nears passage

International tech companies are bracing for the passage of UK legislation which experts say will effectively end private messaging for users.

The Online Safety Bill would allow British communications regulator Ofcom to force private messaging platforms to scan users’ messages for “harmful content”. It would also allow Ofcom to end the messaging services altogether in the UK.

Currently, messaging services such as Whatsapp, Telegram and Signal use end-to-end encryption (E2EE) to keep messages private and block access to others — in some cases, even to the companies themselves. 

But that would change with the Online Safety Bill, a piece of legislation introduced in Parliament in March 2021 and now going through the final stages in the House of Lords. The bill would force tech companies to create “backdoor access” to the encrypted messages and scan them for “harmful communications offences”. Harmful communications are sweepingly defined by the bill as that which causes “psychological harm amounting to at least serious distress.” UK officials are claiming the legislation is necessary to crack down on child trafficking and pornography.

Ofcom would not need prior authorization to demand invasive scans of private messages, nor is the regulator subjected to independent oversight in the matter. 

Instead of banning E2EE altogether, messaging platforms might be forced to use a controversial technology called client side scanning (CSS) which scans messages for objectionable content before being sent to the recipient. This would necessitate installing hidden spyware on users’ phones.

Last week, over 80 technology experts, academics and civil liberty organizations sent a letter to Technology Minister Chloe Smith expressing strong opposition to the bill.

“The scanning software would have to be pre-installed on people’s phones, without their permission or full awareness of the severe privacy and security implications. The underlying databases can be corrupted by hostile actors, meaning that individual phones would become vulnerable to attack. The breadth of the measures proposed in the Online Safety Bill – which would infringe the rights to privacy to the same extent for the internet’s majority of legitimate law-abiding users as it would for potential criminals…” said the letter.

Even Apple, known for its alarming compliance with the Chinese Communist Party (CCP), publicly slammed the Online Safety Bill last week:

End-to-end encryption is a critical capability that protects the privacy of journalists, human rights activists, and diplomats. It also helps everyday citizens defend themselves from surveillance, identity theft, fraud, and data breaches. The Online Safety Bill poses a serious threat to this protection, and could put UK citizens at greater risk. Apple urges the government to amend the bill to protect strong end-to-end encryption for the benefit of all.

Meta-owned WhatsApp, Signal and other companies have vowed to let their services be blocked by British authorities rather than comply with the law. 

In citing their objections about the bill, tech platforms appear concerned about “hostile actors” like Russia President Vladimir Putin gaining access to messages. But despite British authorities’ disturbing pattern of persecuting citizens who express certain opinions online, experts are more concerned about hacking from foreign hostile actors than about overreach by His Majesty’s Government.

“If the British police can get in, hackers can get in,” Signal President Meredith Whittaker told Britain’s Channel 4 News Monday. “If the British police can get in, hostile nations can get in. If the British police can get in, Putin could get in, the Iranian government can get in, and others wanting to do harm can also get in.”

The Online Safety Bill has one more reading in the House of Lords before eventually progressing to the final stage of Royal Assent. If the bill is passed, it could also open the door for other countries to pursue similar legislation.

In 2021 the Biden administration pressured Meta to censor criticism of the COVID-19 vaccine in private WhatsApp messages. The company refused.