Alex McCurthy
The UK Government is facing the possibility of WhatsApp disappearing from the country over concerns related to the online safety bill. The bill, which has been in the works for over four years and is more than 250 pages long, covers almost every aspect of online life in the UK. It gives Ofcom the power to impose requirements for social networks to use technology to tackle terrorism or child sexual abuse content, with fines of up to 10% of global turnover for those services that do not comply. Companies must use “best endeavours” to develop or source technology to obey the notice.
The issue at the heart of the matter is end-to-end encryption (E2EE), which is used by messaging apps to secure user data. E2EE makes it technologically impossible to read user messages without fundamentally breaking the promises made to users. WhatsApp and Signal are among the providers that use this technology and are concerned about the lack of explicit protection for encryption in the bill. They claim that if implemented as written, the bill could empower Ofcom to try to force the proactive scanning of private messages on E2EE communication services, nullifying the purpose of E2EE and compromising the privacy of all users.
A coalition of providers, including WhatsApp and Signal, issued an open letter last month expressing their concerns. They warned that if push came to shove, they would choose to protect the security of their non-UK users. “Ninety-eight per cent of our users are outside the UK. They do not want us to lower the security of the product, and just as a straightforward matter, it would be an odd choice for us to choose to lower the security of the product in a way that would affect those 98% of users,” said WhatsApp’s chief, Will Cathcart.
Legislators have called on the government to take the concerns seriously. The lack of protection for encryption in the bill could lead to WhatsApp disappearing from the UK. The government’s approach has been described as one of “intentional ambiguity”. Richard Allan, the Liberal Democrat peer who worked as Meta’s head of policy for a decade until 2019, explained that the government is careful to say that they have no intention of banning end-to-end encryption but at the same time refuse to confirm that they could not do so under the new powers in the bill. Allan said this creates a high-stakes game of chicken, where the government thinks companies will give them more if they hold the threat of drastic technical orders over them.
The Home Office has responded to the concerns, stating that the online safety bill in no way represents a ban on end-to-end encryption, nor will it require services to weaken encryption. The bill aims to strike a balance between encryption and public safety. Where it is the only effective, proportionate, and necessary action available, Ofcom will be able to direct platforms to use accredited technology or make best endeavours to develop new technology to accurately identify child sexual abuse content, so it can be taken down and the perpetrators brought to justice.
However, critics argue that the bill lacks clear protection for encryption, which could lead to companies like WhatsApp and Signal being forced to leave the UK. Legislators have urged the government to address these concerns and take steps to protect encryption in the bill.
