{"id":240421,"date":"2023-07-31T12:00:59","date_gmt":"2023-07-31T11:00:59","guid":{"rendered":"https:\/\/www.transcend.org\/tms\/?p=240421"},"modified":"2023-07-29T04:05:21","modified_gmt":"2023-07-29T03:05:21","slug":"the-u-k-government-is-very-close-to-eroding-encryption-worldwide","status":"publish","type":"post","link":"https:\/\/www.transcend.org\/tms\/2023\/07\/the-u-k-government-is-very-close-to-eroding-encryption-worldwide\/","title":{"rendered":"The U.K. Government Is Very Close to Eroding Encryption Worldwide"},"content":{"rendered":"

\"\"<\/a><\/p>\n

26 Jul 2023 – <\/em>The U.K. Parliament is pushing ahead with a sprawling internet regulation bill that will, among other things, undermine the privacy of people around the world. The Online Safety Bill<\/a>, now at the final stage before passage in the House of Lords, gives the British government the ability to force backdoors into messaging services, which will destroy end-to-end encryption. No amendments have been accepted that would mitigate the bill\u2019s most dangerous elements.<\/p>\n

\n
\n
\n

If it passes, the Online Safety Bill will be a huge step backwards for global privacy, and democracy itself. Requiring government-approved software in peoples\u2019 messaging services is an awful precedent. If the Online Safety Bill becomes British law, the damage it causes won\u2019t stop at the borders of the U.K.<\/p>\n

The sprawling bill, which originated in a white paper<\/a> on \u201conline harms\u201d that\u2019s now more than four years old, would be the most wide-ranging internet regulation ever passed<\/a>. At EFF, we\u2019ve been clearly speaking about its disastrous effects<\/a> for more than a year now.<\/p>\n

It would require content filtering, as well as age checks to access erotic content. The bill also requires detailed reports about online activity to be sent to the government. Here, we\u2019re discussing just one fatally flawed aspect of OSB\u2014how it will break encryption.<\/p>\n

An Obvious Threat to Human Rights<\/strong><\/h3>\n

It\u2019s a basic human right to have a private conversation. To have those rights realized in the digital world, the best technology we have is end-to-end encryption. And it\u2019s utterly incompatible with the government-approved message-scanning technology required in the Online Safety Bill.<\/p>\n

This is because of something that EFF has been saying for years<\/a>\u2014there is no backdoor to encryption that only gets used by the \u201cgood guys.\u201d Undermining encryption, whether by banning it, pressuring companies away from it, or requiring client side scanning<\/a>, will be a boon to bad actors and authoritarian states.<\/p>\n

The U.K. government wants to grant itself the right to scan every message online for content related to child abuse or terrorism\u2014and says it will still, somehow, magically, protect peoples\u2019 privacy. That\u2019s simply impossible. U.K. civil society groups<\/a> have condemned the bill, as have technical experts and human rights groups around the world<\/a>.<\/p>\n

The companies that provide encrypted messaging\u2014such as WhatsApp, Signal, and the UK-based Element\u2014have also explained the bill\u2019s danger. In an open letter published in April<\/a>, they explained that OSB \u201ccould break end-to-end encryption, opening the door to routine, general and indiscriminate surveillance of personal messages of friends, family members, employees, executives, journalists, human rights activists and even politicians themselves.\u201d Apple joined<\/a> this group in June, stating publicly that the bill threatens encryption and \u201ccould put U.K. citizens at greater risk.\u201d<\/p>\n

U.K. Government Says: Nerd Harder<\/strong><\/h3>\n

In response to this outpouring of resistance, the U.K. government\u2019s response has been to wave its hands and deny reality. In a response letter to the House of Lords seen by EFF, the U.K.\u2019s Minister for Culture, Media and Sport simply re-hashes an imaginary world in which messages can be scanned while user privacy is maintained. \u201cWe have seen companies develop such solutions for platforms with end-to-end encryption before,\u201d the letter states, a reference to client-side scanning<\/a>. \u201cOfcom should be able to require\u201d the use of such technologies, and where \u201coff-the-shelf solutions\u201d are not available, \u201cit is right that the Government has led the way in exploring these technologies.\u201d<\/p>\n

The letter refers to the Safety Tech Challenge Fund, a program in which the U.K. gave small grants to companies to develop software that would allegedly protect user privacy while scanning files. But of course, they couldn\u2019t square the circle. The grant winners\u2019 descriptions of their own prototypes<\/a> clearly describe different forms of client-side scanning, in which user files are scoped out with AI before they\u2019re allowed to be sent in an encrypted channel.<\/p>\n

The Minister completes his response on encryption by writing:<\/p>\n

We expect the industry to use its extensive expertise and resources to innovate and build robust solutions for individual platforms\/services that ensure both privacy and child safety by preventing child abuse content from being freely shared on public and private channels.<\/p><\/blockquote>\n

This is just repeating a fallacy that we\u2019ve heard for years: that if tech companies can\u2019t create a backdoor that magically defends users, they must simply \u201cnerd harder.\u201d<\/p>\n

British Lawmakers Still Can and Should Protect Our Privacy<\/h3>\n

U.K. lawmakers still have a chance to stop their nation from taking this shameful leap forward towards mass surveillance. End-to-end encryption was not fully considered and voted on during either committee or report stage in the House of Lords. The Lords can still add a simple amendment that would protect private messaging, and specify that end-to-end encryption won\u2019t be weakened or removed.<\/p>\n

Earlier this month, EFF joined U.K. civil society groups and sent a briefing explaining our position<\/a> to the House of Lords. The briefing explains the encryption-related problems with the current bill, and proposes the adoption of an amendment that will protect end-to-end encryption. If such an amendment is not adopted, those who pay the price will be \u201chuman rights defenders and journalists who rely on private messaging to do their jobs in hostile environments; and \u2026 those who depend on privacy to be able to express themselves freely, like LGBTQ+ people.\u201d<\/p>\n

It\u2019s a remarkable failure that the House of Lords has not even taken up a serious debate over protecting encryption and privacy, despite ample time to review every every section of the bill.<\/p>\n

TAKE ACTION<\/a><\/p>\n

TELL the U.K. Parliament:\u00a0PROTECT Encryption<\/a>\u2014And our privacy<\/p>\n

Finally, Parliament should reject this bill because universal scanning and surveillance is abhorrent to their own constituents. It is not what the British people want. A recent survey of U.K. citizens<\/a> showed that 83% wanted the highest level of security and privacy available on messaging apps like Signal, WhatsApp, and Element.<\/p>\n

Documents related to the U.K. Online Safety Bill:<\/p>\n