LONDON—Today, a coalition of 70 individuals and organizations, including the Center for Data Innovation, sent an open letter to United Kingdom’s Prime Minister Rishi Sunak opposing the Online Safety Bill’s clauses that erode end-to-end encryption in private messaging and other online services.
“The Online Safety Bill is a broken piece of legislation that threatens the privacy and security of ordinary users and vulnerable individuals alike,” said Kir Nuthi, senior policy analyst at the Center for Data Innovation and author of reports on reforming the bill and the bill’s issues regarding end-to-end encryption. “The Online Safety Bill would sacrifice the ability of users to communicate privately for a well-meaning but misguided attempt to make the Internet safer.”
“Prime Minister Rishi Sunak, the Right Honorable Michelle Donelan MP, and Parliament have a chance to fix the Online Safety Bill by protecting end-to-end encryption, which provides security and privacy to UK businesses, families, and communities,” said Nuthi. “Undermining end-to-end encryption is the wrong solution and would leave the UK more vulnerable to cybercriminals, foreign adversaries, and other aggressors.”
The letter urges Prime Minister Rishi Sunak’s government to protect end-to-end encryption for the sake of economic security, a free society, and the safest Internet possible for the UK.
The text of the letter is available online and included below.
Dear Prime Minister Sunak,
With cyber attacks becoming ever-more frequent and sophisticated, the reliance of UK citizens and businesses on end-to-end encryption to keep themselves safe and secure has never been greater.
Encryption is critical to ensuring Internet users are protected online, to building economic security through a pro-business UK economy that can weather the cost of living crisis, and to assuring national security. As you begin your new role as Prime Minister, the undersigned civil society organisations and companies, including members of the Global Encryption Coalition, urge you and your government to ensure that encryption is not weakened.
Despite its intention to make the UK safer, the Online Safety Bill currently contains clauses that would erode end-to-end encryption in private messaging. As noted in a recent letter by leading UK digital rights organisations, the Bill poses serious threats to privacy and security in the UK “by creating a new power to compel online intermediaries to use ‘accredited technologies’ to conduct mass scanning and surveillance of all citizens on private messaging channels.” Leading cybersecurity experts have made clear that even message scanning, mistakenly cited as safe and effective by its proponents, actually “creates serious security and privacy risks for all society while the assistance it can provide for law enforcement is at best problematic.”
Undermining protections for end-to-end encryption would make UK businesses and individuals less safe online, including the very groups that the Online Safety Bill intends to protect. Furthermore, because the right to privacy and freedom of expression are intertwined, these proposals would undermine freedom of speech, a key characteristic of free societies that differentiate the UK from aggressors that use oppression and coercion to achieve their aims.
UK businesses are set to have less protection for their data flows than their counterparts in the United States or European Union, leaving them more susceptible to cyber-attacks and intellectual property theft. UK digital businesses will also face new challenges in foreign markets. When Australia passed a similar law undermining end-to-end encryption in 2018, the Australian digital industry lost an estimated $AUS 1 billion in current and forecast sales and further losses in foreign investment as a result of decreased trust in their products. As the UK economy faces significant challenges in the wake of COVID-19 and the impacts of the War in Ukraine, it is critical that the Bill does not undermine UK tech leadership and economic security.
Undermining end-to-end encryption or introducing content scanning obligations for private messaging will also remove protections for private citizens’ data. Opening a backdoor for scanning also opens a backdoor for cyber criminals intent on accessing our bank account details, private messages and even the pictures we share online privately with family and friends. We all deserve the protection that end-to-end encryption provides, but the most vulnerable in society – children and members of at-risk communities – need it most of all.
For economic security, a free society and the safest Internet possible for UK citizens, we call upon you and the UK government to ensure that the Online Safety Bill does not undermine end-to-end encryption.
The Adam Smith Institute
Advocacy for Principled Action in Government
Associação Portuguesa para a Promoção da Segurança da Informação (AP2SI)
Big Brother Watch
Blacknight Internet Solutions Ltd
Jon Callas, Director of Public Interest Technology, EFF
L. Jean Camp, Professor, Indiana University
Center for Data Innovation
Center for Democracy and Technology
Center for New Liberalism
Centre for Policy Studies
CIPPIC (Samuelson-Glushko Canadian Internet Policy and Public Interest Clinic)
Lord Tim Clement-Jones
Collaboration on International ICT Policy for East and Southern Africa
comun.al, Digital Resilience Lab
CRYPTO ID – BRAZIL
DNS Africa Media and Communications
Electric Coin Co. (creators and supporters of Zcash)
Electronic Frontier Foundation
Fight for the Future
Global Partners Digital
Markéta Gregorová, Member of the European Parliament
Index on Censorship
Dr. Philip Inglesant
Internet Freedom Foundation, India
Internet Society – Brazil Chapter
Internet Society Catalan Chapter
Internet Society Côte d’Ivoire Chapitre
Internet Society Colombia Chapter
Internet Society Ghana Chapter
Internet Society India Hyderabad Chapter
Internet Society Tanzania Chapter
Internet Society Tchad chapter
Internet Society Liberia Chapter
Internet Society Niger Chapter
Internet Society Portugal Chapter
Internet Society UK England Chapter
Interpeer gUG (haftungsbeschraenkt)
C. de Larrinaga
Matthew Lesh, Head of Public Policy, Institute of Economic Affairs
Alec Muffett, Security Researcher
New America’s Open Technology Institute
Open Rights Group
Organization for Identity and Cultural Development
Ranking Digital Rights
People’s Privacy Network
Sharon Polsky MAPP, President, Privacy & Access Council of Canada
Runa Sandvik, Founder, Granitt
Jamie Stone MP, Liberal Democrats
Susan Landau, Bridge Professor of Cyber Security and Policy, Tufts University
Tech for Good Asia
The Tor Project
University of Bosaso
*Affiliations listed for identification purposes only