Tombaky - Fotolia
The government is playing a high-stakes game of chicken with technology companies by being “intentionally ambiguous” about the impact of legislation going through Parliament that could undermine end-to-end encryption, a peer has claimed.
Liberal peer Richard Allan told the House of Lords yesterday that the government was playing a “psychic war” with technology companies, in the hope that they would “blink first”, by voluntarily agreeing to introduce tools that could scan the contents of encrypted messages and other concessions.
Allan was speaking as peers considered amendments to the Online Safety Bill, which has been widely criticised by technology companies for undermining end-to-end encrypted communications services used by politicians, journalists, human rights campaigners and the public to protect their privacy.
He said ministers had been careful to say that they have no intention of banning end-to-end encryption, but at the same time, they have been silent on provisions in the Online Safety Bill that technology companies say will make it impossible to offer end-to-end encryption in the UK.
“The government’s hope is that companies will blink first in the game of chicken and give them what they want, but it is at least as likely that the government will blink first and have to abandon proposals, which risks discrediting their efforts as a whole,” said Allan.
“If nobody blinks, and we allow an unstoppable force to hit an immovable object, we could end up with the complete breakdown of key relationships and years of unproductive litigation,” he added.
The Online Safety Bill will give the regulator, Ofcom, powers to require communications companies to install technology, known as client-side scanning (CSS), to analyse messages for child sexual abuse and terrorism content before they are encrypted.
Encrypted messaging companies, including Signal, WhatsApp and Element, have said such a move would fundamentally weaken encryption, leave services open to hacking and make it impossible to offer encrypted messaging services in the UK.
Allan said there were multiple ways that illegal content could come to the attention of the authorities without attacking encryption.
The police and security services already have a range of intrusive surveillance tools regulated under the Regulation of Investigatory Powers Act that can compromise the devices of suspects, alongside powers to require people to grant access to their electronic devices.
The peer urged ministers to be clear about their intentions, and to state directly whether the government plans to impose technical requirements on messaging companies that would mean people in the UK would no longer be able to use truly secure end-to-end encrypted products.
“That is not my preferred option, but it would at least allow for an orderly transition if services choose to withdraw products from the UK market,” he said.
The Lords heard that 40 million people in the UK use private messaging services every day. They include journalists, human rights and democracy activists in repressive regimes, who need to protect the safety of their contacts.
Conservative peer Daniel Moylan said it was possible that the Online Safety Bill would allow Ofcom to demand historical records of communications without a warrant or without having to give a basis for doing so.
“I can understand why the security services and so forth want this power, and this is a vehicle to achieve something they have been trying to achieve for a long time. But there is very strong public resistance to it,” he said.
Another peer, Claire Fox, said the security of knowing people can speak without Russia’s president Vladimir Putin or China’s president Xí Jìnpíng listening in or being sent copies of their WhatsApp messages was important.
She said it was not possible to install tools that require surveillance of encrypted content to detect child exploitation and terrorism without undermining encryption. “Just as you cannot be half pregnant, you cannot be half encrypted,” she said.
She said that most abuse of children occurs in their homes, but no one is arguing the state should put CCTV cameras in every home for 24/7 surveillance. There are specialist services that can intervene when they think there is a problem. “I am worried about the possibility of putting a CCTV camera in everyone’s phone,” she said.
Companies ‘intentionally blind’
Labour peer Wilf Stevenson argued that end-to-end encryption “intentionally blinds” technology companies to criminal activity on their services.
The US National Centre for Missing and Exploited Children estimated that more than half of its reports would be lost if end-to-end encryption was implemented [by Facebook].
He said Ofcom would have powers to require companies to use highly accurate accredited technology to detect illegal child exploitation that would minimise the risk that legal content is wrongly reported.
Ofcom would need to publish a warning notice and allow tech companies to make representations and a right of appeal before requiring them to introduce scanning technology.
The regulator cannot require a company to take any action that is not proportionate, including removing or materially weakening encryption, he said.
Read more about the debate on end-to-end encryption
- CEO of encrypted messaging service Element says Online Safety Bill could pose a risk to the encrypted comms systems used by Ukraine
- Tech companies and NGOs urge rewrite of Online Safety Bill to protect encrypted comms
- Protecting children by scanning encrypted messages is ‘magical thinking’, says Cambridge professor.
- Proposals for scanning encrypted messages should be cut from Online Safety Bill, say researchers.
- GCHQ experts back scanning of encrypted phone messages to fight child abuse.
- Tech companies face pressure over end-to-end encryption in Online Safety Bill.
- EU plans to police child abuse raise fresh fears over encryption and privacy rights.
- John Carr, a child safety campaigner backing a government-funded campaign on the dangers of end-to-end encryption to children, says tech companies have no choice but to act.
- Information commissioner criticises government-backed campaign to delay end-to-end encryption.
- Government puts Facebook under pressure to stop end-to-end encryption over child abuse risk.
- Former UK cyber security chief says UK government must explain how it can access encrypted communications without damaging cyber security and weakening privacy.
- Barnardo’s and other charities begin a government-backed PR campaign to warn of dangers end-to-end encryption poses to child safety. The campaign has been criticised as ‘one-sided’.
- Apple’s plan to automatically scan photos to detect child abuse would unduly risk the privacy and security of law-abiding citizens and could open up the way to surveillance, say cryptographic experts.
- Firms working on UK government’s Safety Tech Challenge suggest scanning content before encryption will help prevent the spread of child sexual abuse material – but privacy concerns remain.
- Private messaging is the front line of abuse, yet E2EE in its current form risks engineering away the ability of firms to detect and disrupt it where it is most prevalent, claims NSPCC.
- Proposals by European Commission to search for illegal material could mean the end of private messaging and emails, says MEP.
Read more on IT for telecoms and internet organisations
Tech firms cite risk to end-to-end encryption as Online Safety Bill gets royal assent
Parliament passes sweeping Online Safety Bill but tech companies still concerned over encryption
Braverman puts pressure on Meta to pause end-to-end encryption plans
UK minister fails to reassure tech companies over encryption risk