WhatsApp is a widely used messaging application that allows users to send text messages, make voice and video calls, share images, videos, documents, and other media, and engage in group chats. It was developed by two former Yahoo employees, Brian Acton and Jan Koum, and was released in 2009. WhatsApp quickly gained popularity due to its ease of use, low cost (it uses internet data to send messages and make calls), and cross-platform compatibility, which allows users to communicate with contacts on different mobile operating systems such as iOS, Android, and Windows Phone.
WhatsApp has become one of the most widely used messaging apps globally, with over 2 billion active users as of 2021. It offers end-to-end encryption, meaning messages and calls are encrypted and can only be read by the sender and recipient. In addition to personal messaging, WhatsApp is also used by businesses for customer service, marketing, and communication with clients. In 2014, Facebook acquired WhatsApp, which continues to operate as a separate messaging service.
WhatsApp, Signal, and other messaging services have expressed concerns and urged the government to reconsider the Online Safety Bill (OSB) due to fears that it may undermine end-to-end encryption, which ensures that the sender and recipient can only access messages.
The government has proposed that the regulator should be able to request platforms to monitor user activities to identify and remove child abuse images.
While the government acknowledges the importance of privacy and encryption, they emphasize that public safety cannot be compromised. They believe that tech companies are responsible for addressing child sexual abuse on their platforms.
The government clarifies that the Online Safety Bill does not intend to ban end-to-end encryption or require services to weaken encryption. They assert that it is possible to balance privacy and child safety.
Overall, the ongoing discussions between the government and messaging services highlight the complex challenge of addressing online safety while preserving user privacy and encryption.
Surveillance at Scale
End-to-end encryption (E2EE) ensures the highest level of security, as only the sender and intended recipient can access the message information; even the app operator cannot decrypt the messages as they traverse across systems.
A joint open letter from several tech executives, including the CEOs of Element, Oxen Privacy Tech Foundation and Session, Signal, Threema, Viber, WhatsApp at Meta, and Wire, warns against weakening encryption, undermining privacy, and introducing mass surveillance of private communications.
The letter emphasizes that the Online Safety Bill (OSB) in its current form could lead to routine and indiscriminate surveillance of personal messages, posing a threat to the privacy, safety, and security of UK citizens and their global communications. It also raises concerns about empowering hostile governments to draft similar laws.
The letter disputes that it is possible to surveil all messages without compromising end-to-end encryption, stating that such claims are not feasible.
The message from the tech executives highlights the critical importance of protecting encryption and privacy while balancing concerns about online safety and security in developing legislation like the OSB.
Mr Hodgson, the CEO of UK company Element, strongly opposes the proposals, describing them as a “spectacular violation of privacy” akin to placing a CCTV camera in everyone’s bedroom.
Mr Cathcart, the head of WhatsApp at Meta, has stated that WhatsApp would prefer to be blocked in the UK rather than compromise the privacy of encrypted messaging.
Ms Whittaker, the president of Signal, shares the same sentiment, stating that Signal would “absolutely, 100% walk away” if encryption were undermined.
Threema, a Swiss-based app, has made it clear that compromising its security in any way is “completely out of the question”, even stating that even if surveillance mechanisms were added (which they won’t), users could easily detect and remove them due to the open-source nature of Threema apps, as explained by spokeswoman Julia Weiss.
The statements from these tech executives underscore their unwavering commitment to protecting user privacy and encryption, expressing firm opposition to any proposals that could weaken the security of encrypted messaging.
Declining to Provide Service
As reported by Technoutility News, several other companies have also expressed their unwillingness to comply with the proposed Online Safety Bill (OSB).
While email services are exempt from the OSB, Proton, a Europe-based company best known for its encrypted email service, is concerned that features in its Drive product may fall under the bill’s scope. Proton’s co-founder, Andy Yen, has stated that as a last resort, the company may have to consider leaving the UK if the law is enacted without amendments, as it would no longer be able to operate a service that upholds user privacy.
This could entail refusing service to users in the UK, shutting down Proton’s legal entity in the UK, and re-evaluating future investments in infrastructure, according to Proton’s statement.
Proton’s concerns highlight the OSB’s potential implications on businesses and their ability to maintain privacy-centric services in the UK, prompting a reevaluation of their operations and investments.
Lord Clement-Jones, the Liberal Democrat digital economy spokesman, is supporting an amendment to the Online Safety Bill (OSB) and has expressed concerns that the bill in its current form could potentially lead to surveillance of all messages sent by anyone. He has called for clarification from the government regarding their intentions.
Lord Clement-Jones emphasized the importance of retaining properly encrypted services. They stated that he expects the communications regulator, Ofcom, to issue a code of practice outlining how it intends to implement the law.
Under the current provisions of the OSB, Ofcom would have the authority to require companies to scan messages, including text, images, videos, and files, using “approved technology” to identify child sexual abuse material. However, Ofcom has stated that it would only do so in cases of “urgent need” and require a high bar of evidence before requiring technology to be implemented in an encrypted environment.
It is widely speculated that this would involve client-side scanning, where messages are scanned by software on a device before being encrypted. However, many services have expressed concerns that implementing such scanning would require significant re-engineering of their products for the UK market.
The letter from global providers of end-to-end encrypted products and services emphasizes that weakening the security of their products and services to accommodate individual governments is unacceptable. They assert that there cannot be a “British internet” or a version of end-to-end encryption specific to the UK.
According to the technology giants, safety and privacy concerns can be addressed through alternative means, but children’s charities have differing opinions. The National Society for the Prevention of Cruelty to Children (NSPCC) argues that direct messaging is the frontline in the battle against child sexual abuse, highlighting the importance of addressing this issue.
Leave a Reply