Encryption Concerns: UK’s Online Safety Bill Faces Criticism from Security Researcher

security researcher online safety and security safety and secure security & safety safety online

Security researchers criticize UK’s Online Safety Bill as a threat to encryption

A group of 68 security and privacy academics has joined the growing chorus of voices expressing alarm about the potential consequences of the UK’s Online Safety Bill. They emphasize the need for amendments to ensure that the bill does not undermine strong encryption, which is vital for online safety.

In an open letter, these UK-affiliated researchers specializing in security and privacy have cautioned that the proposed legislation poses a significant risk to essential security technologies that are commonly employed to protect digital communications.

As independent experts in information security and cryptography, they design technologies that enhance online safety. They believe that the safety provided by these essential technologies is now under threat due to the Online Safety Bill. Their concerns echo those already voiced by end-to-end encrypted communication services such as WhatsApp, Signal, and Element. These services have stated that they would prefer to withdraw from the market or be blocked by UK authorities rather than compromise the security of their users.

Apple also recently expressed concerns, describing the bill as a “serious threat” to end-to-end encryption, which it considers a critical capability for protection. Apple warned that without amendments to safeguard strong encryption, the bill would increase the risk for UK citizens, contradicting the legislation’s claim to promote safety.

Last year, an independent legal analysis of the draft legislation also highlighted the risk that the surveillance powers outlined in the bill could undermine the integrity of end-to-end encryption.

The proposed legislation has already undergone scrutiny in the House of Commons and is currently at the report stage in the House of Lords, where amendments can be suggested. The security researchers hope that their expertise will mobilize lawmakers in the second chamber to defend encryption, where MPs have fallen short.

In their letter, the academics, who hold positions at various universities across the UK, including renowned institutions such as King’s College London, Imperial College, Oxford, Cambridge, Edinburgh, Sheffield, and Manchester, aim to address misunderstandings and misconceptions surrounding the Online Safety Bill and its potential impact on privacy and security technologies that underpin our daily online interactions.

Their primary concern centers around the bill’s emphasis on “routine monitoring” of communications, ostensibly to combat the spread of child sexual abuse and exploitation content. However, the researchers argue that this approach would cause significant harm to the public and society as a whole by undermining critical security protocols that protect everyone.

According to the experts, routine monitoring of private communications is fundamentally incompatible with maintaining the privacy guarantees and security provided by current online communication protocols, which are comparable to face-to-face conversations. They caution against attempts to resolve this contradiction through additional technology, such as client-side scanning or so-called “no one but us” crypto backdoors, as these approaches are technologically flawed and likely to fail on both a technological and societal level.

The researchers emphasize that technology is not a magical solution, pointing out that there is no technological fix that allows information to be kept confidential from third parties while simultaneously sharing that information with specific third parties. They highlight the failures of previous attempts to implement “no one but us” cryptographic backdoors, such as the Clipper chip and DualEC, as evidence that these solutions ultimately grant third parties access to private speech, messages, and images based on criteria defined by those third parties.

Regarding client-side scanning, the researchers argue that implementing such technology to scan mobile users’ messages on a routine basis is disproportionate in a democratic society. They compare it to mandatory, always-on automatic wiretapping of every device to search for prohibited content. Moreover, they assert that client-side scanning technology is not robust enough to meet the bill’s demands.

The academics also express concerns about the bill’s potential to push platforms into using even more intrusive AI models that scan people’s messages for previously unseen but prohibited content related to child sexual abuse and exploitation. They argue that such technology is not sufficiently reliable, and its enforcement could lead to numerous false positives, causing widespread harm. Innocent users risk having their private messages viewed without cause, and they could even face false accusations related to viewing such content.

The lack of reliability in these systems raises significant consequences, as false positives would result in potentially sharing private, intimate, or sensitive messages or images with third parties, including private-company vetters, law enforcement, and anyone with access to the monitoring infrastructure. This itself could be viewed as exploitation and abuse of those whose messages are disclosed, warn the experts.

The researchers further point out that implementing far-reaching client-side scanning AI models would require a higher level of flexibility, making it easier for these systems to be repurposed or expanded in scope through compromise or policy changes. This raises concerns about the potential expansion of embedded scanning technologies beyond child sexual abuse and exploitation content, leading to a steady increase in state-mandated surveillance by default for UK citizens.

In conclusion, the group of security researchers urges lawmakers to consider the potential harm to privacy and security brought about by the Online Safety Bill and to make necessary amendments to safeguard encryption and protect the rights of individuals.

Don’t Stop Here

More To Explore

solar eclipse eclipse solar eclipse 2024 solar eclipse 2023 eclipse 2024 eclipse 2023 2023 eclipse 2023 solar eclipse april 8 2024 eclipse 2024 total eclipse 2023 solar eclipses 2024 sun eclipse eclipse april 8 2024 eclipse lunar eclipse eclipse of the sun 2024 eclipse solar eclipse eclipse2023 lunar eclipses solar and eclipse solar eclipse solar eclipse solar solar eclipse solar sun eclipse total eclipse in 2024 total eclipse 2024 total solar eclipse 2024 next solar eclipse total eclipse next eclipse total solar eclipse april 2024 eclipse annular solar eclipse annular eclipse 2023 lunar eclipse 2023 annular eclipse eclipse april 2024 april 2024 solar eclipse solar eclipse april 2024 annular solar eclipse 2023 eclipse today 2023 annular eclipse total eclipse of the sun 2024 sun eclipse 2024 totality eclipse 2024 total eclipse april 2024 8 april 2024 eclipse lunar penumbral eclipse october 2023 eclipse of 2024 eclipse of sun today eclipse penumbral eclipse timer full eclipse of the moon lunar eclipses 2023 next eclipse of the sun solaire eclipse solar eclipse of april 20 2023 solar eclipse of october 14 2023 solar eclipse today solar v lunar eclipse sun eclipse next total solar eclipse in 2024 upcoming sun eclipse sun eclipse next total solar eclipse eclipse 2022 great american eclipse 2024 total solar eclipse 2023 total eclipse 2023 next eclipse 2023 full solar eclipse 2024 full eclipse 2024 upcoming solar eclipse full solar eclipse next total eclipse eclipse april 2023 sun eclipse 2023 iso 12312 2 next eclipse 2024 next full solar eclipse total lunar eclipse april eclipse 2024 next solar eclipse 2023 future solar eclipses eclipse in 2024 solar and lunar eclipse full eclipse 2023 2023 total solar eclipse 1993 eclipse 2017 eclipse 2017 solar eclipse 2017 total solar eclipse 2019 eclipse 2022 solar eclipse 2024 solar eclipse best viewing april 20 eclipse april 8 2024 solar eclipse april 8 2024 total solar eclipse april eclipse 2023 april solar eclipse 2024 eclipse 1994

Experience the Solar Eclipse with The Eclipse App: Your Ultimate Companion

An innovative app, tailored to enhance your observation of the total solar eclipse on April 8, 2024, has risen to prominence on the App Store. Titled simply “The Eclipse App,” it has amassed over 140,000 lifetime downloads on both iOS and Android platforms. This app serves as a comprehensive tool for experiencing the celestial event, providing features such as cloud cover forecasts, precise timing for totality at your specific location, and details on local events, parks, and viewing sites in your vicinity.

Twitter Introduces Payments for Verified Creators' Advertisements in Replies, Elon Musk Announces

Brazil Investigates Elon Musk Over X Dispute

Brazil has launched an investigation into Elon Musk over potential obstruction of justice following X’s reversal of a decision to block certain profiles in the country.