Technology companies offering encrypted messaging services have urged the government to make urgent changes to legislation moving through parliament that threatens to undermine the privacy of encrypted communications.
In an open letter, WhatsApp, Signal, Threema and other encrypted messaging services called on the UK government to reconsider measures in the Online Security Bill, which could undermine the security of encrypted communications around the world.
The National Union of Journalists, which represents journalists in the UK, has also warned that the bill could undermine the protection of communications between journalists and their confidential sources.
The Online Safety Bill, which will begin at its committee stage in the House of Lords tomorrow (19 April 2023), faces a number of amendments from peers who have raised concerns about aspects of the law.
Meta-owned WhatsApp said in a statement that the bill could force technology companies to break end-to-end encryption on private messaging services, affecting the privacy of billions of people.
The bill, as currently drafted, “could open the door to routine, general and indiscriminate surveillance of personal messages” and jeopardize the communications of journalists, human rights activists, politicians and ordinary citizens, in the open letter Having said.
The Home Office argues new powers are needed in the Online Safety Bill to ensure technology companies and law enforcement agencies can identify child sexual abuse material on encrypted platforms.
The Bill will give powers to the regulator, Ofcom, to require communications companies to install technology capable of identifying child abuse images on encrypted communications services.
For non-compliant companies, the regulator will be able to impose fines of up to £18m or 10% of turnover, whichever is higher.
“We support strong encryption, but it cannot come at the cost of public safety. Tech companies have an ethical duty to ensure that they do not promote child sexual abuse on their platforms,” a home ministry spokesperson said in a statement. Blinding yourself and law enforcement to the unprecedented level of exploitation is not.
Tech firms open letter to UK government
The Home Office is advocating for technology known as client side scanning, which would be installed on people’s phones or computers to intercept and identify messages that may contain abuse material or terrorism material, before they that they get encrypted.
But technology companies and prominent computer scientists have argued that surveilling people’s messages is not possible without undermining end-to-end encryption and jeopardizing the privacy of their communications.
The open letter has been signed by the heads of seven technology companies:
- Matthew Hodgson, CEO, Element
- Alex Linton, Director, OPTF/SES
- Meredith Whitaker, President, Signal
- Martin Blatter, CEO, Therema
- Ofir Eyal, CEO, Viber
- Will Cathcart, WhatsApp, Head of Meta
- Alan Durick, CTO, Wire
The letter argues that even with the constant threats from online fraud, scams and data theft, end-to-end encryption provides the strongest possible protection against malicious actors and hostile states.
“As end-to-end encrypted communications services, we urge the UK Government to address the risks that the Online Safety Bill presents to everyone’s privacy and security. It is not too late to ensure that the bill is in line with the government’s stated intent to protect end-to-end encryption and respect the human right to privacy,” the letter said.
The UK government has acknowledged the privacy risks in the text of the bill, but has said it does not “intent” to interpret the bill in a way that could give the government backdoor access to encrypted messages.
Tech companies say in open letter that they have been unable to weaken the security of their communications services in line with individual governments. “There can be no version of end-to-end encryption for the UK,” the letter said.
Technology companies are urging the government to reconsider the bill to encourage companies to provide “more privacy and security” to UK residents, “not less”.
“Weakening encryption, eroding privacy and mass surveillance of people’s private communications is not the way forward,” the technology companies said.
BCS, The Chartered Institute for IT, said online security legislation weakening encryption of secure messaging apps would undermine public trust in technology.
BCS CEO Rashik Parmar said: “There is a grave concern that the Online Security Bill’s requirements to identify illegal content could break the principle of end-to-end encryption with its promise of magical backdoors.
“Once the backdoor is compromised, data and content protected by encryption become accessible. Many bad actors would welcome this.”
journalists are in danger
The National Association of Journalists also warned that the government risks undermining the protection of confidential communications between journalists and their sources.
Michelle Stanstreet, secretary general of the National Union of Journalists, said information is at risk to inform public interest journalism: “The government must act now, introducing amendments that ensure journalists and their encrypted messages are protected.” Is performed.”
Monica Horton, policy manager at the Open Rights Group, said: “In its current form, it [the Online Safety Bill] There is a threat to the freedom of expression and right to privacy of every individual. Specifically, the bill could allow scanning of everyone’s private messages.
A Home Office spokesman said in a statement that the Online Safety Bill does not represent a ban on end-to-end encryption and that messaging services would not be required to weaken its encryption.
“Where this is the only effective, proportionate and necessary action available, Ofcom will be able to direct platforms to use recognized technology, or make best efforts to develop new technology to accurately identify child sexual abuse material , so that it can be taken down and the despicable poachers brought to justice,” said the spokesperson,
This news is auto-generated through an RSS feed. We don’t have any command over it. News source: Multiple Agencies: hindustantimes, techrepublic, computerweekly,