The Center for Democracy & Technology, Global Partners Digital, the Internet Freedom Foundation, the Internet Society, and Mozilla, constituting the Steering Committee of the Global Encryption Coalition, issued the following statement regarding the passage of the United Kingdom’s Online Safety Bill.
On 19 September 2023, the UK Parliament passed the Online Safety Bill, a critically flawed legislation when it comes to encryption that puts the safety of everyone online at greater risk than ever.
The Online Safety Bill gives a UK regulator, Ofcom, the power to compel platforms to conduct mass surveillance by scanning content using technologies which would undermine the security and privacy provided by end-to-end encryption.
Safe versions of these scanning technologies do not exist and are unlikely to ever exist.
Our concerns over this power are shared by civil society groups both within the UK and internationally, academics and researchers, industry, and members of the general public. Most recently, this includes research from Imperial College London on the grave risks to civil liberties posed by client side scanning proposals.
Only a few weeks ago, the UK government also seemed to recognize this technical reality, stating that it does not intend to use its power under the clause until such technology is available. This statement was a validation of the tireless efforts by hundreds of civil society, academia, and technical experts over the last several years.
However, as the Online Safety Bill enters into law, the UK Government is now claiming that safe scanning technologies already exist, is desperately attacking the use of end-to-end encryption by some platforms, and is criticising others for plans to protect their users by deploying end-to-end encryption by default. This is even more strange given that the UK Government’s own Safety Tech Challenge Fund, which was supposed to identify safety scanning technologies, failed in its mission. Reviewers from UK’s National Research Centre on Privacy, Harm Reduction and Adversarial Influence Online (REPHRAIN) identified major problems with proposed scanning technologies from that initiative, including that they would undermine end-to-end encryption. Despite this evidence, the UK Government continues to willfully blind themselves to the dangers ahead.
As the Online Safety Bill moves from legislation to implementation, it is critical that Ofcom recognize that safe scanning technologies are non-existent.
Despite the UK Government’s clear desire to close their eyes to technical realities and the damaging consequences of undermining end-to-end encryption, Ofcom must use its new powers with an eye toward preserving the security of communications rather than undermining it.