An encryption exodus looms over UK’s Online Safety Bill
The backlash against the encryption-busting Online Safety Bill continues to grow, suggesting the United Kingdom could soon face a looming exodus of secure messaging apps.
First drafted in May 2021, the Online Safety Bill would allow the U.K. government to compel backdoor access to any end-to-end encryption system. While the government claims the complex legislation would make the internet safer by requiring social media giants to remove illegal and harmful content online, such as revenge porn and hate speech, the bill has been met with widespread criticism from tech giants, security experts and privacy advocates.
The criticism largely centers around an amendment to the bill that would allow Ofcom, the U.K.’s communications regulator, to require that tech giants scan for child sex abuse material (CSAM) in end-to-end encrypted messages. One more privacy-minded way of doing this is through the use of client-side scanning, where images are inspected on a user’s device before being encrypted.
Apple — which attempted to introduce a similar feature in iMessage in 2021 before reversing its decision — on Tuesday became the latest tech giant to speak out against the proposed legislation. In a statement given to the BBC, the iPhone maker called for the bill to be amended to offer protections for end-to-end encryption.
“End-to-end encryption is a critical capability that protects the privacy of journalists, human rights activists, and diplomats,” Apple’s statement said. “It also helps everyday citizens defend themselves from surveillance, identity theft, fraud, and data breaches. The Online Safety Bill poses a serious threat to this protection, and could put UK citizens at greater risk. Apple urges the government to amend the bill to protect strong end-to-end encryption for the benefit of all.”
Messages sent between two iPhones are always end-to-end encrypted, which means no-one else, including Apple, can read them.
It’s not clear whether Apple would comply with the bill’s requirement to weaken end-to-end encryption, and the tech giant did not respond to TechCrunch’s request for comment. Companies that fail to abide by the bill’s requirements could face hefty fines of up to 10% of global turnover and the threat of prison time for law-breaking senior execs under recently expanded criminal liability.
Apple’s warning comes after other end-to-end encrypted messaging apps, including Signal and Meta-owned WhatsApp, spoke out against the upcoming Online Safety Bill.
WhatsApp head Will Cathcart said the platform would not comply with a U.K. legal requirement to weaken the level of encryption it offers its users — and would instead prefer to be blocked by U.K. authorities.
“The reality is, our users all around the world want security. Ninety-eight percent of our users are outside the U.K. They do not want us to lower the security of the product, and just as a straightforward matter, it would be an odd choice for us to choose to lower the security of the product in a way that would affect those 98% of users,” Cathcart said at the time.
Signal president Meredith Whittaker also warned that the secure messaging platform would quit the U.K. if the bill weakened end-to-end encryption. In a blog post, Whittaker wrote that the platform will “stand firm against threats to private and safe communication” and would “absolutely, 100% walk” away from the U.K. rather than weaken security and privacy for its users, reported the BBC.
Despite mounting backlash, the Online Safety Bill is expected to pass into law this summer.