WhatsApp’s chief has stated that the Meta’s chat app would not comply with requirements in the UK’s Online Safety Bill that aim to ban end-to-end encryption or otherwise weaken security.
Will Cathcart, Meta’s head of WhatsApp, called the Online Safety Bill the “most concerning piece of legislation” currently being debated in the western world.
To enable the authorities to view the content of private messages on WhatsApp, the government would need to end end-to-end encryption (E2EE), which scrambles messages so that only users on sending and receiving devices can view them, insert a back door, or mandate client-scanning technology.
If this becomes law, WhatsApp would refuse to comply, Cathcart said.
“The reality is, our users all around the world want security,” he said during a visit to the UK where he is meeting with regulators.
“98% of our users are outside the UK. They do not want us to lower the security of the product, and just as a straightforward matter, it would be an odd choice for us to choose to lower the security of the product in a way that would affect those 98% of users.”
The Online Safety Bill gives the regulator Ofcom the right to force apps to adopt “accredited technology” to identify possible child abuse or terrorism materials. This is widely seen as breaking E2EE or introducing client side scanning, allowing the authorities access to every online device, which would be extremely invasive.
“When a liberal democracy says, ‘is it OK to scan everyone’s private communication for illegal content?,’ that emboldens countries around the world that have very different definitions of illegal content to propose the same thing,” Cathcart said.
Cathcart called for more clarity in the language of the Bill, saying there are a lot of “grey areas” in the legislation.
“It could make clear that privacy and security should be considered in the framework,” he said. “It could explicitly say that end-to-end encryption should not be taken away. There can be more procedural safeguards so that this can’t just happen independently as a decision.”
Cathcart said the UK would have to join countries like Iran and Russia, which block E2EE apps like WhatsApp and Signal. He also raised the practical difficulties of complying with different rules across jurisdictions.
“If companies installed software on to people’s phones and computers to scan the content of their communications against a list of illegal content, what happens when other countries show up and give a different list of illegal content?”
The UK government can already demand the removal of encryption thanks to the 2016 Investigatory Powers Act, although apparently it hasn’t used these powers with WhatsApp. Under the Online Safety Bill, if Meta refused to comply with content moderation policies that were impossible to follow without removing end-to-end encryption, it could face fines of up to 4% of its annual turnover.
The UK's Online Safety Bill is poised to undermine encryption and create a regime of mass surveillance. Our president @mer__edith calls on the UK to reconsider this misguided Bill, and affirms that Signal will *never* undermine our privacy commitments:https://t.co/LPLH5tdRCF
— Signal (@signalapp) March 9, 2023
Signal has also threatened to quit the UK if the proposed changes become law, saying in a tweet that it would “create a regime of mass surveillance.”
From: COMPUTING