The British government’s promise to protect encryption has been pilloried by security experts and libertarians.
The dispute stems from a section of the Online Safety Bill. Under the legislation, messaging apps would be forced to provide access to private communications when requested by the regulator Ofcom.
Proponents say the measures will combat child abuse, but critics are aghast about the threat to privacy. They fear the plans will facilitate mass surveillance and damage the UK’s tech sector. Signal, Whatsapp, and five other messaging apps have all threatened to leave the country if the law is passed.
The British government has sought to allay their concerns. On Thursday, technology minister Michelle Donelan said the government is “not anti-encryption” and will protect user privacy.
“Technology is in development to enable you to have encryption as well as to be able to access this particular information, and the safety mechanism that we have is very explicit that this can only be used for child exploitation and abuse,” Donelan told the BBC.
Her remarks were quickly lambasted by critics. Matthew Hodgson, CEO of secure messaging app Element — which is used by the government’s own Ministry of Defense — described Donelan’s claims as “factually incorrect.”
“No technology exists which allows encryption AND access to ‘this particular information.’ Detecting illegal content means ALL content must be scanned in the first place,” he said.
In response to these concerns, the government’s cybersecurity chiefs argue they can protect both children and privacy. To do this, they propose using client-side scanning, which involves installing software that detects suspicious activity. Many experts, however, argue that this tech is impossible to build.
“You cannot turn scanning on and off,” Hodgson said. “The government still does not understand how technology or encryption works, despite numerous experts explaining this to them.
“Its own ‘Safety Tech Challenge Fund’ failed to deliver an impossible solution to scan messages without breaking encryption. What more will it take for the government to finally accept how encryption works?”
Tech firms are not alone in opposing the plans. Civil rights groups and libertarians have also denounced Donelan’s comments.
Matthew Lesh, director of public policy and communications at the IEA, a free-market think-tank, described the government’s claims as “delusional.”
“There is no magic technological solution in existence or development that can protect user privacy while scanning their messages,” he said. “It’s a contradiction in terms.”
These arguments, however, have struggled to convince the general public.
According to a recent YouGov survey, there is strong support for the government’s plans. Almost three-quarters (73%) of respondents backed the requirement for tech that can identify child abuse in encrypted messages.
The NSPCC — which commissioned the research — said the critics are “out of step” with the public on the issue.
Defenders of encryption are running out of time to win more hearts and minds. The Online Safety Bill is expected to become law later this autumn.