The United Kingdom’s Online Safety Bill is meant to make the Internet a safer place. But 45 cybersecurity and IT experts are concerned about what it might mean for end-to-end encryption.
The letter to the Parliament highlights clause 103(2)(b), which allows the UK communications regulator, OFCOM, “to order a provider of a user-to-user service, which includes private messaging platforms, ‘to use accredited technology’ to identify child sexual exploitation and abuse (CSEA) content, including on private messaging platforms.”
Forty-five signees state that this might require platforms to implement scanning capabilities to examine the content for potential violations. Since end-to-end encrypted services do not allow providers to view the contents of a message except for the sender and recipient details, this goal is not achievable within standard privacy-friendly solutions.
Hence, this requirement will force providers to partially or fully abandon end-to-end encryption, exposing private messages to third parties.
The letter goes on to say that while it’s important to tackle issues related to CSEA, the UK law enforcement already possesses “a wide range of powers to seize devices, compel passwords and even covertly monitor and hack accounts to overcome security measures and identify criminals.”
Signatories argue that instead of protecting children, the regulation will force companies to introduce unnecessary vulnerabilities into their systems. Additionally, scanning technologies are not exceptionally reliable for sophisticated content monitoring, being known for false positives.
The requirement might also set a bad precedent for other countries, constituting the abandonment of long-standing privacy standards.
“The proposal is ill-suited to address its stated aim and instead places huge risk to all users of private messaging platforms, as well as creating unimplementable and impractical requirements which would be at odds with human rights standards,” the letter says.
The Online Safety Bill aims to protect children and adults from illicit content, including making cyberflashing illegal and creating a “communication offense” for users who share dangerous content with others. The power to decide on the content that can be shown to users via platforms will go into the hands of Ofcom.
More from Cybernews:
Subscribe to our newsletter