If you have followed technology news for a while, you will have heard of the Online Safety Bill in the UK. This bill, framed as “a new set of laws to protect children and adults online,” will make “social media companies more responsible” for what we see via their platforms. Introduced in the spring of 2021, the bill has been altered, altered again, put on hold, put on hold a second time, then altered some more. Experts have repeatedly condemned the bill, arguing that it represents a threat to internet safety.
In short: it’s a disaster.
For example, the BBC recently quoted the UK government as saying:
"The Online Safety Bill does not represent a ban on end-to-end encryption.”
This is misleading. The Online Safety Bill does not “ban” end-to-end encryption. But it forces technology companies to change how their applications work, circumventing the end-to-end security that this encryption provides. Both Signal and WhatsApp, which provide end-to-end encrypted calls and messages, have said that complying with the bill would require them to weaken the overall security of their apps.
You cannot have both end-to-end security and government oversight. You are either surveilled, or you are not.
In the same article, the UK government goes on to say that:
"It is not a choice between privacy or child safety - we can and we must have both."
This is also misleading. The bill forces technology companies to weaken the security of their applications which presents a risk to online privacy; this in turn endangers child safety, not to mention the safety of the adults these children will grow up to become. The government is arguing that we will be more safe without the protections afforded to us by end-to-end security, and rather than give us privacy and child safety, the government is forcing us to compromise on both.
Let’s be clear; this bill was never about improving internet safety, but about the expansion of government control.
Much of the recent debate about the Online Safety Bill has focused on technology, encryption, and how companies are responding. WhatsApp will leave, Signal will walk, Tutanota will wait for it to be blocked. Yes, this bill threatens encryption: it defeats what the encryption is meant to achieve. But we really need to talk more about what we — the adults and children — will be left without if this bill passes.
Alec Muffett wrote last year that the Online Safety Bill would leave his young daughter without “the kinds of privacy, assurance and integrity that to date we have all taken for granted.” Yes, the bill — and its peers in other countries, such as ChatControl in the EU — would impact journalists and their sources; lawyers and their clients; and activists and their missions. But it also leaves future generations without the tools to safely explore, learn, grow, and change the world as they see fit.
It truly is astonishing that anyone allows such inaccurate articles to be published. Or maybe not. Nobody I work with is calling for encryption to be weakened, diluted or forbidden. Certain kinds of content can be forensically identified as containing threats to children before that content enters the encrypted space. That being so it can be eliminated before it does or continues the harm. So some people now want to move the goal posts and say the protection of E2EE applies to stuff that isn't, er, encrypted. Transparency and auditability will provide us with key safeguards against any potential abuse, which is why Apple's aolution was so widely welcomed. Apple has not resiled from it or said it was technically flawed in any way whatsoever, but they have given in to bullying. Shame on them.