Private communication is a basic, universal right. In the online world, the best tool we have to defend this right is end-to-end encryption.
End-to-end encryption ensures that governments, tech companies, social media platforms, and other groups cannot view or access our private messages, the pictures we share with family and friends, or our bank account details. This is a universal right, and one that is a particularly vital protection for the most vulnerable in society—such as children or human rights defenders who rely on private messaging to do their jobs in hostile environments.
The UK Parliament is moving forward with its Online Safety Bill, which would undermine encryption. Clause 110 mandates that websites and apps must proactively prevent harmful content from appearing on messaging services. That’s going to lead to universal scanning of all user content, all the time. It’s not compatible with encryption, or our right to privacy.
Over the past several years, UK government officials have expressed concerns that online services have not been doing enough to tackle illegal content, particularly child sexual abuse material (also called CSAM). At the same time, we’ve seen a number of proposals brought forward by governments that want to scan user-to-user communications for criminal content: the U.S. Congress tried to create backdoors to encryption through the EARN IT Act, and the EU’s proposal to scan private chats could lead to the mandatory scanning of every private message, photo, and video. Government agencies also tried—and failed—to pressure Apple to propose a system of software scanners on every device, constantly checking for child abuse images and reporting back to authorities.
All of these proposals suffer from the incorrect belief that a backdoor or other workaround to read encrypted messages can be designed for use only in benevolent ways.
Unfortunately, this isn’t true. There is no backdoor to encryption that won’t be exploited by bad actors, including cyber criminals, rogue employees, domestic abusers, and authoritarian governments. Opening a backdoor for scanning could generate wider harms and make UK businesses and individuals less safe online—including the very groups that the Online Safety Bill intends to protect. It could also make the problem of child safety worse, not better. Abused minors, for instance, need private and secure channels to report what is happening to them.
If it passes, the censorious, anti-encryption Online Safety Bill won’t just affect the UK—it will be a blueprint for repression around the world. The UK promoters of this bill talk about the worst content online, like pro-terrorism posts and child abuse material. But the surveillance won’t end there. Companies will be pushed to monitor wider categories of content, and to share information about users between jurisdictions. Journalists and human rights workers will become targets.
Since the first draft of this bill was made public, we’ve said it has been a danger to free expression. Last year, we saw and opposed the final version from the House of Commons, and were joined by dozens of other civil society groups in the UK and around the world.
As the Online Safety Bill enters the House of Lords Committee Stage, tell Peers to protect end-to-end encryption and the right to private messaging.