The UK Online Safety Bill is set to become law. The bill, which aims to make the UK “the safest place in the world to be online”, passed through the Houses of Parliament on Tuesday and imposes strict requirements on large social platforms to remove illegal content. It will be enforced by the UK’s telecommunications regulatory agency, Ofcom.
Additionally, the online safety bill calls for new age verification measures to prevent minors from viewing harmful content. It also pushes big social media platforms to be more transparent about the dangers they pose to children, while giving parents and children the ability to report problems online. The potential penalties are also harsh: up to 10 percent of a company’s global annual revenue. The bill has been reworked several times in a multi-year journey through Parliament.
But online age verification doesn’t just raise serious privacy concerns: the bill could also put encrypted messaging services, like WhatsApp, at risk. Under the terms of the bill, encrypted messaging apps would be required to check users’ messages for child sexual abuse material.
Depending on how the rule is applied, this could essentially break the apps’ promise of end-to-end encryption, which prevents third parties, including the app itself, from seeing users’ messages. In March, WhatsApp refused to comply with the bill and threatened to leave the UK rather than change its encryption policies. It joined Signal and other encrypted messaging services in protesting the bill, prompting UK regulators to try to calm your worries promising to demand only “technically feasible” measures.
Contacted for comment, WhatsApp owner Meta directed The edge to a tweet from September 6 by WhatsApp Director Will Cathcart. “The fact is that scanning everyone’s messages would destroy privacy as we know it. That was as true last year as it is today,” Cathcart wrote. “@WhatsApp will never break our encryption and remain vigilant for threats that may do so.” Meta did not specify whether WhatsApp availability in the UK would be affected.
Meanwhile, Signal President Meredith Whittaker tentatively praised the ongoing conversation about the bill. “While it is not everything we wanted, we are more optimistic than when we began engaging with the UK government. “It is important that the government has come out publicly, clearly recognizing that there is no technology that can securely and privately scan everyone’s communications,” Whittaker said in a statement to The edge. “At this point, it is imperative that we press Ofcom to incorporate the government’s strong guidance which recognizes that there is no technology that can securely and privately scan communications (end-to-end encryption), and press them to clearly and publicly commit not to use the uncontrolled and unprecedented power conferred upon them under Clause 122 to undermine private communications infrastructure.”
Whittaker indicated that Signal was not in imminent danger of leaving the UK. “While this is not the ideal outcome, we are cautiously optimistic to see reality break through,” he said. “And our position remains consistent: we will continue to provide Signal as a tool for meaningful private communications in the UK and elsewhere, and we will only ‘leave’ if the choice is between adulterating the privacy safeguards that people rely on. use Signal, or leave.”
Ofcom will “immediately begin work to tackle illegal content and protect children’s safety” and will take a “phased approach” to bring the online safety bill into force.
Update September 19 at 3:55 pm ET: WhatsApp and Signal comment added.