UK's Online Safety Bill Threatens Privacy, Messaging Apps Warn

Signal and WhatsApp express concern over the potential compromise of end-to-end encryption.

Privacy advocates are sounding the alarm as the upcoming UK Online Safety Bill threatens user privacy, according to Meredith Whittaker, president of messaging app Signal. Alongside WhatsApp, the companies have warned that the legislation could compromise end-to-end encryption, potentially forcing their apps to become impractical in the UK, or even withdraw altogether.

Seven messaging apps, including Signal and WhatsApp, signed an open letter arguing that the bill represents "an unprecedented threat to the privacy, safety, and security of every UK citizen and the people with whom they communicate around the world." The UK Home Office responded with a video suggesting that security features in WhatsApp and other platforms hinder police efforts to combat child sexual abuse.

Whittaker criticized the video for its "scientifically unsubstantiated claims" and stated that the bill was a direct attack on encryption. End-to-end encryption is a security technology employed by many popular messaging platforms, including Apple's iMessage, Meta's WhatsApp and Facebook Messenger, and Signal. While security and rights experts argue that encryption is necessary to protect messages from hackers, law enforcement and politicians claim that it also shields criminal communications.

Clause 110 of the Online Safety Bill requires messaging apps to scan content for illegal material, a task impossible with end-to-end encryption. WhatsApp, Signal, and others argue that the bill could undermine encryption, as it does not explicitly protect it. They fear that regulator Ofcom could demand message scanning, compromising user privacy.

Whittaker contends that online services are being scapegoated for child abuse and that the government should focus on scientifically-backed approaches to combat the issue. She also expressed concern that the legislation could set a precedent for other governments to follow suit. Signal has stated that it will not compromise user privacy and safety in the UK or elsewhere, even if required to by law, potentially forcing the company to withdraw from the UK market.