alexskopje - stock.adobe.com
The dangers of the UK’s illogical war on encryption
The unintended consequences of the Online Safety Bill will have a dramatic effect on our ability to communicate securely, including in Ukraine, where it is needed most
In a 21st century war, what happens online impacts events on the ground. Reliable, secure communication channels in Ukraine have delivered crucial information from President Zelenskyy directly to the people, and allowed him to broadcast appeals to the world and recruit international support.
Secure communication has empowered Ukrainians to combat disinformation, organise relief efforts, and protect evacuees. It has undoubtedly saved lives and guided Ukrainians to safety.
As Western countries support the Ukrainians with defensive and humanitarian aid, they must also defend Ukrainian citizens’ ability to communicate safely.
In the UK parliament, Nadine Dorries, secretary of state for digital, culture, media and sport, recently noted: “WhatsApp [a secure messaging app] has launched an end-to-end encryption service that the Ukrainian people can access to find out what is happening in their location on a minute-by-minute, real- time basis and where they can get emergency support and help.”
When people have no option but to entrust their communication to third-party services, some of which may be actively hostile, end-to-end encryption provides the highest level of security, because only the sender and receiver have the key to the messages. Just imagine their plight if that encrypted service was designed to facilitate third-party access.
Astonishingly, even as the UK government praises end-to-end encryption abroad, it is undermining it at home. The Online Safety Bill, which continues to proceed through parliament after being mentioned in the Queen’s Speech, will target platforms that use end-to-end encryption by “placing a duty of care on service providers within the scope of the draft bill to moderate illegal and harmful content on their platforms, with fines and penalties for those that fail to uphold this duty”.
To comply, providers offering end-to-end encrypted services would be forced to weaken, bypass or even remove encryption, putting the security and privacy of their users at risk.
Then, imagine someone still in Ukraine is trying to contact family members who have made it to the UK. Or a UK citizen is working with the aid agencies on the ground. Is their messaging app allowed to have secure communication in Ukraine, but only compromised encryption – or none at all – in the UK? It’s a recipe for chaos.
Encrypted communication needs to be secure, no matter where you are. We cannot let the UK be the weak link in that chain.
The same end-to-end encrypted services are critical for journalists, who depend on them to keep information channels open despite government censorship. When the BBC’s Russian website was blocked, the broadcaster used encryption to circumvent some of the restrictions and continue publishing through alternative channels.
Supporters of the Online Safety Bill will doubtless point out that journalistic content is exempt, which is, frankly, irrelevant. Individual citizens should be able to send evidence of war crimes, confidentially and securely. The act of sending it should not put their own safety at risk; nor should platforms and intermediaries be reluctant to convey the evidence on the basis that it might be “offensive” or “disturbing”.
It’s as if the government either hasn’t considered the cross-border implications of its anti-encryption policy or isn’t worried about the “race to the bottom” it would create.
At a time when Ukraine needs us to step up, the UK government is instead on the brink of undermining end-to-end encryption with the Online Safety Bill. We are seeing, under the most tragic circumstances, how dangerous it is when a country’s citizens cannot communicate securely and cannot access reliable information safely.
It may be true that, as the saying goes, “the first casualty of war is the truth” – but that’s no reason to help it die.
Robin Wilton is director of internet trust at the Internet Society