On 24 November, seventy civil society organizations, companies, elected officials, and cybersecurity experts, including Global Encryption Coalition members, published an open letter to British Prime Minister Rishi Sunak highlighting their concerns with the threat that the United Kingdom’s Online Safety Bill poses to end-to-end encryption.
Dear Prime Minister Sunak,
With cyber attacks becoming ever-more frequent and sophisticated,[1] the reliance of UK citizens and businesses on end-to-end encryption to keep themselves safe and secure has never been greater.
Encryption is critical to ensuring Internet users are protected online, to building economic security through a pro-business UK economy that can weather the cost of living crisis, and to assuring national security. As you begin your new role as Prime Minister, the undersigned civil society organisations and companies, including members of the Global Encryption Coalition,[2] urge you and your government to ensure that encryption is not weakened.
Despite its intention to make the UK safer, the Online Safety Bill currently contains clauses that would erode end-to-end encryption in private messaging. As noted in a recent letter by leading UK digital rights organisations, the Bill poses serious threats to privacy and security in the UK “by creating a new power to compel online intermediaries to use ‘accredited technologies’ to conduct mass scanning and surveillance of all citizens on private messaging channels.”[3] Leading cybersecurity experts have made clear that even message scanning, mistakenly cited as safe and effective by its proponents, actually “creates serious security and privacy risks for all society while the assistance it can provide for law enforcement is at best problematic.”[4]
Undermining protections for end-to-end encryption would make UK businesses and individuals less safe online, including the very groups that the Online Safety Bill intends to protect. Furthermore, because the right to privacy and freedom of expression are intertwined, these proposals would undermine freedom of speech, a key characteristic of free societies that differentiate the UK from aggressors that use oppression and coercion to achieve their aims.
UK businesses are set to have less protection for their data flows than their counterparts in the United States or European Union, leaving them more susceptible to cyber-attacks and intellectual property theft. UK digital businesses will also face new challenges in foreign markets. When Australia passed a similar law undermining end-to-end encryption in 2018, the Australian digital industry lost an estimated $AUS 1 billion in current and forecast sales and further losses in foreign investment as a result of decreased trust in their products.[5] As the UK economy faces significant challenges in the wake of COVID-19 and the impacts of the War in Ukraine, it is critical that the Bill does not undermine UK tech leadership and economic security.[6]
Undermining end-to-end encryption or introducing content scanning obligations for private messaging will also remove protections for private citizens’ data. Opening a backdoor for scanning also opens a backdoor for cyber criminals intent on accessing our bank account details, private messages and even the pictures we share online privately with family and friends. We all deserve the protection that end-to-end encryption provides, but the most vulnerable in society – children and members of at-risk communities – need it most of all.
For economic security, a free society and the safest Internet possible for UK citizens, we call upon you and the UK government to ensure that the Online Safety Bill does not undermine end-to-end encryption.
Signatories*
Access Now
The Adam Smith Institute
Advocacy for Principled Action in Government
Aspiration
Associação Portuguesa para a Promoção da Segurança da Informação (AP2SI)
Betapersei, S.C.
Big Brother Watch
Blacknight Internet Solutions Ltd
Jon Callas, Director of Public Interest Technology, EFF
L. Jean Camp, Professor, Indiana University
Center for Data Innovation
Center for Democracy and Technology
Center for New Liberalism
Centre for Policy Studies
CIPPIC (Samuelson-Glushko Canadian Internet Policy and Public Interest Clinic)
Lord Tim Clement-Jones
Collaboration on International ICT Policy for East and Southern Africa
comun.al, Digital Resilience Lab
CRYPTO ID – BRAZIL
DNS Africa Media and Communications
Electric Coin Co. (creators and supporters of Zcash)
Electronic Frontier Foundation
Encrypt Uganda
Fight for the Future
Global Partners Digital
Markéta Gregorová, Member of the European Parliament
Index on Censorship
Dr. Philip Inglesant
Internet Freedom Foundation, India
Internet Society
Internet Society – Brazil Chapter
Internet Society Catalan Chapter
Internet Society Côte d’Ivoire Chapitre
Internet Society Colombia Chapter
Internet Society Ghana Chapter
Internet Society India Hyderabad Chapter
Internet Society Tanzania Chapter
Internet Society Tchad chapter
Internet Society Liberia Chapter
Internet Society Niger Chapter
Internet Society Portugal Chapter
Internet Society UK England Chapter
Interpeer gUG (haftungsbeschraenkt)
JCA-NET(Japan)
Kijiji Yeetu
C. de Larrinaga
Matthew Lesh, Head of Public Policy, Institute of Economic Affairs
Liberty
MEGA
Alec Muffett, Security Researcher
New America’s Open Technology Institute
Numex
OpenMedia
Open Rights Group
Organization for Identity and Cultural Development
Ranking Digital Rights
People’s Privacy Network
Chip Pitts
Sharon Polsky MAPP, President, Privacy & Access Council of Canada
Runa Sandvik, Founder, Granitt
Jamie Stone MP, Liberal Democrats
Superbloom
Surfshark
Susan Landau, Bridge Professor of Cyber Security and Policy, Tufts University
Tech for Good Asia
The Tor Project
Tutanota
TwelveDot Incorporated
University of Bosaso
Phil Zimmermann
*Affiliations listed for identification purposes only
[2] With over 300 members distributed across every region of the world, the Global Encryption Coalition promotes and defends encryption in key countries and multilateral fora where it is under threat. It also supports efforts by companies to offer encrypted services to their users. https://www.globalencryption.org/
[3] https://cloud.openrightsgroup.org/nextcloud/s/irGJD4GSRx3d4Mb