Encryption & Key Management , Geo Focus: The United Kingdom , Geo-Specific
UK Parliament Approves Online Safety Bill
Cabinet Ministers Call on Facebook to Stop Rollout of Encrypted MessagingA day after the British Parliament approved a proposal intended to eradicate child abuse content, cabinet officials called on social media giant Meta to stop rolling out end-to-end encryption on its messaging platforms.
See Also: Securing Your Business Begins with Password Security
Parliament on Tuesday passed the Online Safety Bill, a long-gestating proposal that imposes a duty onto online platforms to shield young users from pornographic or self-harm content while exposing users to potential criminal prosecution for sending harmful or threatening communications.
The legislation, which awaits the formality of royal assent before enactment, grants British media and communication regulator Ofcom power to fine violators up to 18 million pounds or 10% of their global annual revenue, whichever is greater.
On Wednesday, a day after the proposal passed, Home Secretary Suella Braverman said Meta's plans to encrypt Facebook Messenger and Instagram chats pose a threat to children's safety.
"Meta has failed to provide assurances that they will keep their platforms safe from sickening abusers," Braverman said. "They must develop appropriate safeguards to sit alongside their plans for end-to-end encryption." Security Minister Tom Tugendhat and Safeguarding Minister Sarah Dines echoed her statement.
The attack on encryption irked privacy advocates who have long argued against language in the Online Safety Bill allowing Ofcom to mandate that online providers deploy "accredited technology" to identify and prevent child abuse material or terrorism content from reaching end users. Technology capable of doing so requires weakening end-to-end encryption or deploying scanning devices onto users' devices, advocates said. U.S. tech companies including WhatsApp and Signal said they would rather withdraw from the U.K. market than allow either. Apple called on the government to explicitly protect end-to-end encryption, the BBC reported in June (see: WhatsApp, Signal Preview UK Exit Over Threat to Encryption).
Braverman's comments could complicate assurances made by the government during the Online Safety Bill's debate in the House of Lords. Ofcom would only be able to order the use of accredited technology should such technology meet "minimum standards of accuracy in detecting only child sexual abuse and exploitation content," said Tory peer Stephen Parkinson, who is the parliamentary undersecretary of state for arts and heritage (see: UK Government Seeks to Dispel Encryption Concerns).
"UK Home Office's recent attack on end-to-end encryption moves into the realm of baseless propaganda, diverging significantly from much of the rest of UK government and from established expert consensus," tweeted Meredith Whittaker, president of encrypted app developer Signal.
Whittaker said her company will continue to push for regulatory changes to ensure British Signal users' privacy. "But if the choice came down to being forced to build a backdoor or leaving, we'd leave."
Ciaran Martin, former head of the U.K's National Cyber Security Center, tweeted that Braverman's comments are "highly personal." He added that the oft-cited statistic saying 90% of child abuse content originates from the Meta platform is not correct.
Martin said that over 90% of "the referrals on child abuse in UK & US come from Meta only because they're one of the few relevant platforms that doesn't have end-to-end encryption. And a lot of the referrals are of little to no value."
Responding to the criticism, Meta indicated that it will not backtrack from rolling out end-to-end encryption.