Ho Vun Hui explores how the UK Online Safety Bill, in its attempt to regulate the digital space, could impact user privacy, especially considering its implications on end-to-end encryption.
The UK Online Safety Bill (the “Bill”) is an ambitious legislation intending to regulate the digital space by holding tech companies accountable for the harmful content shared on their platforms. Youtube, WhatsApp, Tiktok, Instagram, and Facebook would all be impacted. Amid the variety of provisions, a significant concern arises about its impact on user privacy, especially considering its implications on end-to-end encryption. This article examines the impact of the Bill on privacy, focusing on how it might affect end-to-end encryption and the broader implications for digital communication.
The Bill and End-to-End Encryption
End-to-end encryption ensures that only the sender and recipient can access the content of a communication, preserving the confidentiality of digital interactions. This has become a cornerstone of secure digital communication and has been instrumental in protecting user privacy, business secrets, and even national security.
However, the Bill could have far-reaching implications for end-to-end encryption. In its current form, it allows an unelected official, under Ofcom’s purview, to potentially compel tech companies to bypass this encryption, providing a backdoor to private communications of users of tech companies’ platforms. This effectively nullifies the purpose of end-to-end encryption, turning a secure communication channel into a potential surveillance tool.
Implications for Privacy
The provision of the Bill that grants power to Ofcom to compel the proactive scanning of private messages compromises privacy at a fundamental level. Research shows it would be possible for governments to use a tool called ‘client-side scanning’ to search people’s private messages, for example performing facial recognition, without their knowledge.[1] By creating a backdoor into private communications, the Bill opens the door to routine and indiscriminate surveillance, affecting not just ordinary citizens but also businesses that rely on encrypted communications to protect their trade secrets, or journalists and activists who depend on encryption to shield their work from prying eyes. In an open letter, social media platforms, including WhatsApp and Signal, have protested against the Bill, which they emphasised could undermine the UK’s privacy and safety.[2]
This potential surveillance does not just infringe on privacy but could also have a chilling effect on freedom of expression. It was argued that freedom of expression is a fundamental human rights and that legislation requiring online platforms to censor legal speech fails to comply with international freedom of expression standards.[3] Further, if individuals fear their private communications may be surveilled, they may be less likely to express dissenting opinions or discuss sensitive topics. This undermines the democratic values of a free society.
The Bill will impact privacy globally: the interconnected nature of the digital world means any breach of end-to-end encryption would affect users worldwide. Given the global nature of tech giants such as Facebook, Google and Apple, the Bill may expose users worldwide to increased surveillance and potential data breaches, regardless of their location or nationality.
Arguments For the Bill
Research conducted by Ofcom shows that 97% of children aged 3-17 in 2022 access to the internet.[4] Therefore, advocates for the Bill argued that its emphasis on safeguarding children online is both urgent and necessary. Contrary to claims that the Bill will undermine privacy, advancement in technology and encryption can strike a balance between privacy and online safety. The advancement of technology and increase in online crime including cybersecurity attacks, trolling and abuse on social media and the risks to vulnerable groups including children have rightly worried many people and organisations who want to see greater regulation of this space.[5]
It was argued that experts have demonstrated that detecting and disrupting child sexual abuse in end-to-end encrypted environments is achievable without necessarily compromising privacy rights. The Bill is seen as a significant step towards compelling tech companies to prioritise child safety and innovate solutions that preserve the right of private communications. The Bill’s proponents believe that it creates an environment conducive to achieving a balanced settlement between these two important subjects.
Criticisms of the Bill
Proponents of the Bill assert that surveillance is possible without undermining end-to-end encryption. However, this contradicts the very purpose of encryption, which is to provide a secure, private channel for communication. By introducing a backdoor, the security provided by encryption is fundamentally compromised.
Moreover, the UK government claims that its intention is not for the Bill to be interpreted as a threat to privacy falls short when juxtaposed with the Bill’s wordings. Regardless of the government’s stated intentions, the absence of explicit protection for encryption in the Bill presents a tangible threat to privacy.
Conclusion
The Bill, while intending to provide robust protection from online harms, poses a significant threat to privacy due to its potential impact on end-to-end encryption. If passed in its current form, it risks enabling routine surveillance, jeopardising free expression, and undermining global digital privacy and security. As the Bill continues to be debated, it is crucial that these privacy concerns are addressed to ensure that the legislation does not compromise the fundamental right to privacy under the guise of online safety.
References
[1] Laura Gallagher and Caroline Brogan, ‘Tech mandated via Online Safety Bill ‘could turn phones into surveillance tools’’ (Imperial College London, 19 May 2023), <https://www.imperial.ac.uk/news/244952/tech-mandated-online-safety-bill-could/> accessed 7 June 2023
[2] Alex Hern, ‘WhatsApp and Signal unite against online safety bill amid privacy concerns’ (the guardian, 18 April 2023), < https://www.theguardian.com/technology/2023/apr/18/whatsapp-signal-unite-against-online-safety-bill-privacy-messaging-apps-safety-security-uk> accessed 5 June 2023
[3] Digital, ‘UK: Online Safety Bill is a serious threat to human rights online’ (Article 19, 25 April 2022), <https://www.article19.org/resources/uk-online-safety-bill-serious-threat-to-human-rights-online/> accessed 7 June 2023
[4] Ofcom, ‘Children and Parents: Media Use and Attitudes’ (2023) < https://www.ofcom.org.uk/__data/assets/pdf_file/0027/255852/childrens-media-use-and-attitudes-report-2023.pdf> accessed 6 June 2023
[5] Andrew Parsons, ‘Online Safety Bill UK: WhatApp, encryption, and the implications for privacy’ (Womble Bond Dickinson, 18 April 2023) < https://www.womblebonddickinson.com/uk/insights/articles-and-briefings/reconnect-online-safety-bill-uk-whatsapp-encryption-and-implications-privacy> accessed 7 June 2023
Photo credit: “VPN & Internet Security on Your Computer for Online Privacy” by mikemacmarketing is licensed under CC BY 2.0.
‘DISCLAIMER: THE BPP HUMAN RIGHTS BLOG, AND ALL PIECES POSTED ON THE BLOG, ARE WRITTEN AND EDITED EXCLUSIVELY BY THE STUDENT BODY. NO PUBLICATION OR OPINION CONTAINED WITHIN IS REPRESENTATIVE OF THE VALUES OR BELIEFS HELD BY BPP UNIVERSITY OR THE APOLLO EDUCATION GROUP. THE VIEWS EXPRESSED ARE SOLELY THAT OF THE AUTHOR AND ARE IN NO WAY SUPPORTED OR ENDORSED BY BPP UNIVERSITY, THE APOLLO EDUCATION GROUP OR ANY MEMBERS OF STAFF.’
BPP Human Rights Law Blog 