Tombaky - Fotolia

Government is playing ‘psychic war’ in battle over end-to-end encryption

Peers hear that the UK government is being deliberately ambiguous about its plans to require technology companies to scan the content of encrypted messages

The government is playing a high-stakes game of chicken with technology companies by being “intentionally ambiguous” about the impact of legislation going through Parliament that could undermine end-to-end encryption, a peer has claimed.

Liberal peer Richard Allan told the House of Lords yesterday that the government was playing a “psychic war” with technology companies, in the hope that they would “blink first”, by voluntarily agreeing to introduce tools that could scan the contents of encrypted messages and other concessions.

Allan was speaking as peers considered amendments to the Online Safety Bill, which has been widely criticised by technology companies for undermining end-to-end encrypted communications services used by politicians, journalists, human rights campaigners and the public to protect their privacy.

He said ministers had been careful to say that they have no intention of banning end-to-end encryption, but at the same time, they have been silent on provisions in the Online Safety Bill that technology companies say will make it impossible to offer end-to-end encryption in the UK.

“The government’s hope is that companies will blink first in the game of chicken and give them what they want, but it is at least as likely that the government will blink first and have to abandon proposals, which risks discrediting their efforts as a whole,” said Allan.

“If nobody blinks, and we allow an unstoppable force to hit an immovable object, we could end up with the complete breakdown of key relationships and years of unproductive litigation,” he added.

Client-side scanning 

The Online Safety Bill will give the regulator, Ofcom, powers to require communications companies to install technology, known as client-side scanning (CSS), to analyse messages for child sexual abuse and terrorism content before they are encrypted.

Encrypted messaging companies, including Signal, WhatsApp and Element, have said such a move would fundamentally weaken encryption, leave services open to hacking and make it impossible to offer encrypted messaging services in the UK.

Allan said there were multiple ways that illegal content could come to the attention of the authorities without attacking encryption.

The police and security services already have a range of intrusive surveillance tools regulated under the Regulation of Investigatory Powers Act that can compromise the devices of suspects, alongside powers to require people to grant access to their electronic devices.

The peer urged ministers to be clear about their intentions, and to state directly whether the government plans to impose technical requirements on messaging companies that would mean people in the UK would no longer be able to use truly secure end-to-end encrypted products.

“That is not my preferred option, but it would at least allow for an orderly transition if services choose to withdraw products from the UK market,” he said.

The Lords heard that 40 million people in the UK use private messaging services every day. They include journalists, human rights and democracy activists in repressive regimes, who need to protect the safety of their contacts.

Historical records

Conservative peer Daniel Moylan said it was possible that the Online Safety Bill would allow Ofcom to demand historical records of communications without a warrant or without having to give a basis for doing so.

“I can understand why the security services and so forth want this power, and this is a vehicle to achieve something they have been trying to achieve for a long time. But there is very strong public resistance to it,” he said.

Another peer, Claire Fox, said the security of knowing people can speak without Russia’s president Vladimir Putin or China’s president Xí Jìnpíng listening in or being sent copies of their WhatsApp messages was important.

She said it was not possible to install tools that require surveillance of encrypted content to detect child exploitation and terrorism without undermining encryption. “Just as you cannot be half pregnant, you cannot be half encrypted,” she said.

She said that most abuse of children occurs in their homes, but no one is arguing the state should put CCTV cameras in every home for 24/7 surveillance. There are specialist services that can intervene when they think there is a problem. “I am worried about the possibility of putting a CCTV camera in everyone’s phone,” she said.

Companies ‘intentionally blind’

Labour peer Wilf Stevenson argued that end-to-end encryption “intentionally blinds” technology companies to criminal activity on their services.

The US National Centre for Missing and Exploited Children estimated that more than half of its reports would be lost if end-to-end encryption was implemented [by Facebook].

He said Ofcom would have powers to require companies to use highly accurate accredited technology to detect illegal child exploitation that would minimise the risk that legal content is wrongly reported.

Ofcom would need to publish a warning notice and allow tech companies to make representations and a right of appeal before requiring them to introduce scanning technology.

The regulator cannot require a company to take any action that is not proportionate, including removing or materially weakening encryption, he said.

Read more about the debate on end-to-end encryption

    Read more on IT for telecoms and internet organisations

    Data Center
    Data Management