Proposed Online Safety Bill Is ‘Doomed to Fail,’ Academics Say in an Open Letter
Over five dozen British academics joined a widening group of technology firms and privacy groups in criticizing a U.K. government bill aimed at protecting children from online harassments by weakening encryption.
In an open letter published on Wednesday, 68 academics in the fields of information security and cryptography at numerous universities raised concerns about the Online Safety Bill.
“The safety provided by these essential technologies is now under threat in the Online Safety Bill,” according to the letter. “Attempts to sidestep this are doomed to fail on the technological and likely societal level.”
Proposed in 2021, the Online Safety Bill would impose a duty onto online platforms to shield young users from pornographic or self-harm content while exposing individuals to potential criminal prosecution for sending harmful or threatening communications.
The bill empowers the U.K. Office of Communications to order online intermediaries, including chat apps such as WhatsApp and search engines such as Google, to use “accredited technology” to scan for child sexual exploitation and abuse material – a requirement potentially at odds with encryption that scrambles the content of messages before they reach the internet.
Provisions of the bill requiring end-to-end messaging service providers to weaken encryption undermine privacy and online safety, the academics argued in their letter.
Since access to protected private messages can be achieved only by weakening cryptographic protocols used to secure the content, the academics argue that the bill will be incompatible with existing internationally adopted online communication protocols that offer privacy guarantees.
By allowing law enforcement agencies to perform client-side scanning, the bill also could enable nation-state hackers and other criminals to access sensitive information that could lead to high-profile breaches at the national security level, the letter says.
Criticism from the academics comes just days after over 80 national and international civil society organizations and cybersecurity experts sent an open letter to government ministers, warning about the privacy risks posed by the bill. One of the signatories of the letter was Apple, which has criticized the government’s push for client-side scanning.
Meta’s WhatsApp and Signal have said they will leave the U.K. market rather than comply with the regulation (see: WhatsApp, Signal Preview UK Exit Over Threat to Encryption).