he heads of three major messaging apps have exclusively told The Standard that the Online Safety Bill, which is facing one of it’s final votes this week, will lead to the mass surveillance of every private online message and London’s reputation as a place to do business will be destroyed if the bill passes into law.
They also say Prime Minister Rishi Sunak can forget about the UK becoming a technology superpower if that happens, as tech firms will leave London and no one will want to start a business here.
“If the Online Safety Bill does not amend the vague language that currently opens the door for mass surveillance and the nullification of end-to-end encryption, then it will not only create a significant vulnerability that will be exploited by hackers, hostile nation states, and those wishing to do harm, but effectively salt the earth for any tech development in London and the UK at large,” Meredith Whittaker, president of not-for-profit secure messaging app Signal told The Standard.
“Passing the bill as-is sends the clear message that the UK government would rather make law based on magical thinking, than honor longstanding expert consensus when it comes to issues of complex technology.”
The messaging app firms’ warning comes ahead of the report stage of the Online Safety Bill by the House of Lords on Thursday 6 July, which the tech firms fear brings the bill close to being passed into law.
A survey of 2,000 UK citizens carried out by Chiswick-based secure messaging app Elements, which is popularly used by governments, has found that 70 per cent of the public do not believe that scanning all online messages will stop criminal activity, while almost half of respondents believe it will make the UK more vulnerable to cyberattacks from nation states like Russia and China.
It’s going to be an incredibly chilling effect on the whole London tech scene. If I’m going to start a company, I’m not going to do it in London anymore.
WhatsApp, Signal and Elements all say that if they are forced by Ofcom to install third party software to scan users’ messages or to do it themselves, they will refuse to comply.
“No one, including WhatsApp, should have the power to read your personal messages,” Will Cathcart, head of WhatsApp at Meta told The Standard.
Signal said it will build proxy servers to enable UK citizens to continue to communicate safely, the way women in Iran do, since encrypted messaging apps are banned there, while Elements said its open source protocols will likely lead to citizens making their own alternative apps.
The three messaging apps all told The Standard that the language relating to mass surveillance powers for identifying and removing child sexual abuse material (CSAM) was only added to the Online Safety Bill in September, but it is “much more vague” than the Investigatory Powers Act 2016, which at least “contains checks and balances” to protect the public’s privacy and security when it comes to combating terrorism.
A Government spokeswoman said: “We are unambiguously pro-innovation and pro-privacy, however we have made clear that companies should only implement end-to-end encryption if they can simultaneously prevent abhorrent child sexual abuse on their platforms.
“The Online Safety Bill does not give Ofcom or the government any powers to monitor users’ private messages. As a last resort, and only when stringent privacy safeguards have been met, the Online Safety Bill will enable Ofcom to direct companies to either use, or make best efforts to develop or source, technology to identify and remove illegal child sexual abuse content.”
The Standard understands that some tech firms are holding meetings with Downing Street this week.
Do you really want your private messages spied on?
WhatsApp have been promoting end-to-end encryption this week on the full-motion screens at Tottenham Court Road tube station
/ Evening StandardThe Government and children’s charities claim that paedophiles are using private messaging apps to groom children and share illegal content, completely unnoticed by the service providers.
The tech industry, on the other hand, says protecting users’ privacy is key and that firms shouldn’t be able to scan private messages sent by the public. They use a cybersecurity technology called end-to-end encryption in their messaging apps, which prevents anyone outside of the parties receiving messages from viewing them.
Ms Whittaker, a former Federal Trade Commission (FTC) executive, took part in a debate on Channel 4 against former tech minister, Damian Collins, on Monday afternoon and said that she was troubled by the Government’s “confusing” stance on breaking encryption.
“Damian agreed that we cannot break encrpytion. He even admitted he uses Signal, but when I pressed him on changing the text in the bill… he said no we can’t do that — you just have to trust,” she said.
“It makes me believe that some of the people putting the provisions in the bill are actually aiming to undermine safety, security and encrpytion, because otherwise there’s a simple solution…just clarify that this provision will never be used to create a backdoor that would be used to threaten the UK’s core infrastructure and set a prescedent that will be copied by regimes across the world.”
The Online Safety Bill concerns only the online messages sent by UK citizens and residents, but not anything sent on messaging apps by law enforcement, the public sector or emergency responders.
This is handy, given that The Standard understands that up to half of government communications are still being sent over consumer apps like WhatsApp.
“The Online Safety Bill is efectively giving the Government the remit to put a CCTV camera in everybody’s bedrooms, and the way people use their WhatsApp today is pretty personal — people use messaging apps more than they communicate with people in person,” Elements’ chief executive and chief technology Matthew Hodgson told The Standard.
Elements provides its encrypted “run-your-own” secure communications app solution to 30 government agencies around the world, including France, Germany, Luxemberg, as well as the US Department of Defense, the UK’s Ministry of Defence, the US Navy, NATO and Ukraine’s defence ministry.
‘Chilling effect on the whole London tech scene’
Matthew Hodgson, the boss of UK encrypted messaging app Element, says the same open source technology governments price in his app means citizens can easily make their own encrypted private messaging apps
/ ElementYou would think that a British tech firm that works with governments wouldn’t mind if private messages are scanned, but Mr Hodgson actually wishes he and others in the UK tech industry had spoken up sooner.
“You cannot turn scanning on and off in an app or set certain degrees without introducing a mechanism that breaks end-to-end encryption: an attacker will simply find a way to turn on the scanning and exploit it,” he explained.
“God I wish we had been a lot more vociferous. The legislation sounded so outlandish that I thought surely someone else would step up and shoot it down. We clearly should have been in the room but there was no one in UK tech industry represented on the security side.”
Mr Hodgson says that the Government has not consulted with UK tech firms, only with huge multinational corporations and companies that want to sell software that scans messages, who are unsurprisingly telling lawmakers that it is possible to scan messages without breaking encryption, which is widely thought to be untrue.
The secure messaging app bosses believe that the Online Safety Bill started out as a way to target the likes of Facebook and others for failing to moderate their platforms and protect users, but the proposed legislation has turned into a monster that will have long-lasting negative impacts on the UK in ways that the lawmakers just don’t understand.
Last week, the Government proposed a series of new amendments to the Online Safety Bill, which include the possibility of criminal liability for senior technology executives.
“It’s going to be an incredibly chilling effect on the whole London tech scene,” Elements’ chief executive and chief technology Matthew Hodgson told The Standard.
“If I’m going to start a company, I’m not going to do it in London anymore — I’ll go somewhere else because they’re not going to lock me up if someone decides to do something horrible to someone else on my platform.”
He says this is similar to Brazil, where officials have Facebook executives arrested every time they ignore a request from the authorities for information.
“We need to preserve privacy and encryption. If the Online Safety Bill undermines that, the UK will become a laughing stock, a technology backwater. Half the world will point and laugh, and the other half will use it as a reason to undermine citizens’ privacy.”
![The Invanti Tornado is the Swiss Army knife of e-bikes [Video]](https://i0.wp.com/electrek.co/wp-content/uploads/sites/3/2024/04/Invanti-Tornado-1-Steven.jpg?resize=1200,628&quality=82&strip=all&ssl=1 "The Invanti Tornado is the Swiss Army knife of e-bikes [Video]")
