Encryption Modification in Online Safety Bill May Jeopardize User Security on Communication Platforms in the UK, Potentially Leaving Internet Users at Risk
In the digital age, ensuring the safety of Internet users, particularly children, has become a priority for governments worldwide. The UK's Online Safety Act (OSA), now known as the Online Safety Bill (OSB), aims to protect users from harmful online content by imposing strict obligations on platforms. However, this legislation raises significant concerns about security, privacy, free expression, and end-to-end encryption.
The Act mandates "highly effective" age assurance checks and content moderation, requiring platforms to monitor and filter user content aggressively to prevent access to harmful or illegal material. This requirement poses a challenge, as it conflicts with end-to-end encryption (E2EE), which ensures message content is only accessible by communicating users and not by the platform or any intermediaries. To comply with the Act, platforms may need to weaken or forgo E2EE, potentially compromising user privacy and the security gains encryption provides.
The broad scope of the OSA includes obligations to remove or restrict content beyond just illegal material, covering areas like "foreign interference" or psychoactive substances. Critics argue this risks overbroad censorship that could stifle legitimate free speech and political expression. The Act also requires transparency around moderation decisions and political influences, but raises concerns about platforms self-censoring to avoid punitive fines.
The Center for Data Innovation, a think tank focusing on technology policy, proposes improving reporting from online services to better enable national law enforcement agencies to track, remove, and prosecute illegal activity. Instead of weakening encryption, they suggest increasing resources for national law enforcement agencies to find and prosecute criminal activity online.
The OSA's impact extends beyond the UK, as both the EU scanning proposal and the US EARN IT Act would impose monitoring obligations for online services, potentially amounting to de facto prohibitions on end-to-end encryption. Popular user-to-user services like Signal and WhatsApp fall under the scope of the Online Safety Bill.
The Center for Data Innovation's report warns that these proposals could tip intermediary liability on its head for the worse, potentially creating a new global foundation for online content regulation that potentially jeopardizes privacy, security, and free expression. If the Online Safety Bill passes, online services may either leave the UK or weaken security protections users have come to expect.
The Center for Data Innovation has released a report stating that the Online Safety Bill has profound flaws. They recommend excluding encrypted services from monitoring obligations and pursuing alternative proposals to increase public safety on the Internet. Their recommendations could potentially create a new foundation for online content regulation globally, striking a balance between public safety and digital rights.
- The Online Safety Bill (OSB) in the UK, which prioritizes user safety from harmful online content, has raised concerns about security, privacy, free expression, and end-to-end encryption.
- The Act's age assurance checks and content moderation, requiring platforms to monitor and filter user content, poses a challenge as it conflicts with end-to-end encryption.
- Compliance with the Act may require platforms to weaken or forgo email encryption, potentially compromising user privacy and the security gains that encryption provides.
- The Center for Data Innovation proposes improving reporting from online services to aid national law enforcement agencies in tracking, removing, and prosecuting illegal activity, rather than weakening encryption.
- The impact of the OSA extends beyond the UK, as similar proposals in the EU and US, such as the EU scanning proposal and the US EARN IT Act, could amount to de facto prohibitions on end-to-end encryption for popular user-to-user services like Signal and WhatsApp.
- The Center for Data Innovation's report warns that these proposals could jeopardize privacy, security, and free expression, potentially creating a new global foundation for online content regulation that maintains a balance between public safety and digital rights.
