https://www.eff.org/deeplinks/2023/07/uk-government-very-close-eroding-encryption-worldwide Skip to main content * About + Contact + Press + People + Opportunities * Issues + Free Speech + Privacy + Creativity and Innovation + Transparency + International + Security * Our Work + Deeplinks Blog + Press Releases + Events + Legal Cases + Whitepapers + Podcast + Annual Reports * Take Action + Action Center + Electronic Frontier Alliance + Volunteer * Tools + Privacy Badger + HTTPS Everywhere + Surveillance Self-Defense + Certbot + Atlas of Surveillance + Cover Your Tracks + Crocodile Hunter * Donate + Donate to EFF + Giving Societies + Shop + Other Ways to Give + Membership FAQ * Donate + Donate to EFF + Shop + Other Ways to Give * Search form Search [ ] --------------------------------------------------------------------- Email updates on news, actions, and events in your area. Join EFF Lists * Copyright (CC BY) * Trademark * Privacy Policy * Thanks Electronic Frontier Foundation Donate Electronic Frontier Foundation * About + Contact + Press + People + Opportunities * Issues + Free Speech + Privacy + Creativity and Innovation + Transparency + International + Security * Our Work + Deeplinks Blog + Press Releases + Events + Legal Cases + Whitepapers + Podcast + Annual Reports * Take Action + Action Center + Electronic Frontier Alliance + Volunteer * Tools + Privacy Badger + HTTPS Everywhere + Surveillance Self-Defense + Certbot + Atlas of Surveillance + Cover Your Tracks + Crocodile Hunter * Donate + Donate to EFF + Giving Societies + Shop + Other Ways to Give + Membership FAQ * Donate + Donate to EFF + Shop + Other Ways to Give * Search form Search [ ] The U.K. Government Is Very Close To Eroding Encryption Worldwide DEEPLINKS BLOG By Joe Mullin July 26, 2023 [defend-enc] The U.K. Government Is Very Close To Eroding Encryption Worldwide Share It Share on Twitter Share on Facebook Copy link [defend-encryption-cyan-1_0] The U.K. Parliament is pushing ahead with a sprawling internet regulation bill that will, among other things, undermine the privacy of people around the world. The Online Safety Bill, now at the final stage before passage in the House of Lords, gives the British government the ability to force backdoors into messaging services, which will destroy end-to-end encryption. No amendments have been accepted that would mitigate the bill's most dangerous elements. TAKE ACTION TELL the U.K. Parliament: Don't Break Encryption If it passes, the Online Safety Bill will be a huge step backwards for global privacy, and democracy itself. Requiring government-approved software in peoples' messaging services is an awful precedent. If the Online Safety Bill becomes British law, the damage it causes won't stop at the borders of the U.K. The sprawling bill, which originated in a white paper on "online harms" that's now more than four years old, would be the most wide-ranging internet regulation ever passed. At EFF, we've been clearly speaking about its disastrous effects for more than a year now. It would require content filtering, as well as age checks to access erotic content. The bill also requires detailed reports about online activity to be sent to the government. Here, we're discussing just one fatally flawed aspect of OSB--how it will break encryption. An Obvious Threat To Human Rights It's a basic human right to have a private conversation. To have those rights realized in the digital world, the best technology we have is end-to-end encryption. And it's utterly incompatible with the government-approved message-scanning technology required in the Online Safety Bill. This is because of something that EFF has been saying for years--there is no backdoor to encryption that only gets used by the "good guys." Undermining encryption, whether by banning it, pressuring companies away from it, or requiring client side scanning, will be a boon to bad actors and authoritarian states. The U.K. government wants to grant itself the right to scan every message online for content related to child abuse or terrorism--and says it will still, somehow, magically, protect peoples' privacy. That's simply impossible. U.K. civil society groups have condemned the bill, as have technical experts and human rights groups around the world. The companies that provide encrypted messaging--such as WhatsApp, Signal, and the UK-based Element--have also explained the bill's danger. In an open letter published in April, they explained that OSB "could break end-to-end encryption, opening the door to routine, general and indiscriminate surveillance of personal messages of friends, family members, employees, executives, journalists, human rights activists and even politicians themselves." Apple joined this group in June, stating publicly that the bill threatens encryption and "could put U.K. citizens at greater risk." U.K. Government Says: Nerd Harder In response to this outpouring of resistance, the U.K. government's response has been to wave its hands and deny reality. In a response letter to the House of Lords seen by EFF, the U.K.'s Minister for Culture, Media and Sport simply re-hashes an imaginary world in which messages can be scanned while user privacy is maintained. "We have seen companies develop such solutions for platforms with end-to-end encryption before," the letter states, a reference to client-side scanning. "Ofcom should be able to require" the use of such technologies, and where "off-the-shelf solutions" are not available, "it is right that the Government has led the way in exploring these technologies." The letter refers to the Safety Tech Challenge Fund, a program in which the U.K. gave small grants to companies to develop software that would allegedly protect user privacy while scanning files. But of course, they couldn't square the circle. The grant winners' descriptions of their own prototypes clearly describe different forms of client-side scanning, in which user files are scoped out with AI before they're allowed to be sent in an encrypted channel. The Minister completes his response on encryption by writing: We expect the industry to use its extensive expertise and resources to innovate and build robust solutions for individual platforms/services that ensure both privacy and child safety by preventing child abuse content from being freely shared on public and private channels. This is just repeating a fallacy that we've heard for years: that if tech companies can't create a backdoor that magically defends users, they must simply "nerd harder." British Lawmakers Still Can And Should Protect Our Privacy U.K. lawmakers still have a chance to stop their nation from taking this shameful leap forward towards mass surveillance. End-to-end encryption was not fully considered and voted on during either committee or report stage in the House of Lords. The Lords can still add a simple amendment that would protect private messaging, and specify that end-to-end encryption won't be weakened or removed. Earlier this month, EFF joined U.K. civil society groups and sent a briefing explaining our position to the House of Lords. The briefing explains the encryption-related problems with the current bill, and proposes the adoption of an amendment that will protect end-to-end encryption. If such an amendment is not adopted, those who pay the price will be "human rights defenders and journalists who rely on private messaging to do their jobs in hostile environments; and ... those who depend on privacy to be able to express themselves freely, like LGBTQ+ people." It's a remarkable failure that the House of Lords has not even taken up a serious debate over protecting encryption and privacy, despite ample time to review every every section of the bill. TAKE ACTION TELL the U.K. Parliament: PROTECT Encryption--And our privacy Finally, Parliament should reject this bill because universal scanning and surveillance is abhorrent to their own constituents. It is not what the British people want. A recent survey of U.K. citizens showed that 83% wanted the highest level of security and privacy available on messaging apps like Signal, WhatsApp, and Element. Documents related to the U.K. Online Safety Bill: * EFF info page on the U.K. Online Safety Bill * EFF Deeplinks Blog: How the OSB attacks Free Speech and Encryption (August 2022) * EFF Deeplinks Blog: UK's Draft Online Safety Bill Raises Serious Concerns Around Freedom of Expression (July 2021) * Civil society open letter on Online Safety Bill (November 2022) * Open Letter from encrypted messaging providers about Online Safety Bill (April 2023) * EFF and Allied NGOs Briefing to House of Lords (July 2023) Related Issues Privacy Share It Share on Twitter Share on Facebook Copy link Join EFF Lists Discover more. Email updates on news, actions, events in your area, and more. Email Address [ ] Postal Code (optional) [ ] Anti-spam question: Enter the three-letter abbreviation for Electronic Frontier Foundation: [ ] Don't fill out this field (required) [ ] [Submit] Thanks, you're awesome! Please check your email for a confirmation link. Oops something is broken right now, please try again later. Related Updates [icon-2019-privacy] Deeplinks Blog by Andrew Crocker | July 27, 2023 Maryland Supreme Court: Police Can't Search Digital Data When Users Revoke Consent This post was co-authored by EFF legal intern Virginia KennedyUnder the Fourth Amendment, police can search your home, your computer, and other private spaces without a warrant or even probable cause if you freely and voluntarily consent to the search. But even when someone consents to a search, they should... EFF Awards text on circuitboard texture Press Release | July 26, 2023 Electronic Frontier Foundation to Present Annual EFF Awards to Alexandra Asanovna Elbakyan, Library Freedom Project, and Signal Foundation SAN FRANCISCO--The Electronic Frontier Foundation (EFF) is honored to announce that Alexandra Asanovna Elbakyan, Library Freedom Project, and Signal Foundation will receive the 2023 EFF Awards for their vital work in helping to ensure that technology supports freedom, justice, and innovation for all people. The EFF Awards recognize specific and... [OG-Encryption-GoldenKey] Deeplinks Blog by Jason Kelley, Sophia Cope | July 24, 2023 The NDAA is No Place for Sweeping Internet Legislation Like the STOP CSAM Act The STOP CSAM Act of 2023 would undermine services offering end-to-end encryption and push internet companies to take down lawful user speech. This dangerous bill would threaten security and free speech on the internet--but incredibly, it may pass Congress without even being seriously debated. Some lawmakers are seeking to attach... UN Cybercrime Treaty - Civil Society Letter Deeplinks Blog by Katitza Rodriguez | July 20, 2023 First Draft of UN Cybercrime Convention Drops Troubling Provisions, But Dangerous And Open-Ended Cross Border Surveillance Powers Are Still on the Table This is Part I of a two-part post about the first draft of the UN Cybercrime Convention. Part I provides background on the negotiations and analyzes our first take on the Zero draft and its human rights implications. Part II analyzes the draft's most problematic provisions.The much-anticipated official first negotiated... Security camera screens display logos for Facebook, YouTube, SnapChat, Twitter, and Reddit Deeplinks Blog by India McKinney, Andrew Crocker | July 20, 2023 Amended Cooper Davis Act Is a Direct Threat to Encryption Last week, the Senate Committee on the Judiciary amended and passed S.1080, which would require private messaging services, social media companies, and even cloud providers to report their users to the Drug Enforcement Administration (DEA) if they find out about certain illegal drug sales. EFF opposes this bill, both in... A multi-colored bullhorn icon surrounded by grey-blue hexagons Deeplinks Blog by Jason Kelley | July 18, 2023 You Can Help Stop These Bad Internet Bills Red alert! For the last six months, EFF, our supporters, and dozens of other groups have been sounding the alarm about several # BadInternetBills that have been put forward in Congress. We've made it clear that these bills are terrible ideas, but Congress is now considering packaging them together--possibly into must-pass... Privacy issue banner, a colorful graphical representation of a padlock Deeplinks Blog by Veridiana Alimonti, Daly Barnett, Agneris Sampieri | July 7, 2023 Brazil's Platform Regulation Debate: Repel Rules and Interpretations That Can Lead to Content Monitoring Obligations ** This post is one section of a more extensive piece on Brazil's platform accountability and regulation debate. Click here to read the entire content.The Special Rapporteurs for Freedom of Expression have stated: "At a minimum, intermediaries should not be required to monitor user-generated content." And that:... International issues banner, a colorful graphic of a globe Deeplinks Blog by Veridiana Alimonti, Agneris Sampieri | July 7, 2023 Brazil's Platform Regulation Debate: Robust Checks, Balances and Due Process Safeguards for Exceptional Measures in Crisis Situations ** This post is one section of a more extensive piece on Brazil's platform accountability and regulation debate. Click here to read the entire content.PL 2630 establishes special obligations for when there is an imminent risk of damage or negligence of an application provider (Articles 12-15). In assessing this... Privacy issue banner, a colorful graphical representation of a padlock Deeplinks Blog by Veridiana Alimonti, Agneris Sampieri | July 7, 2023 Brazil's Platform Regulation Debate: Proper Independent and Participative Oversight Structure ** This post is one section of a more extensive piece on Brazil's platform accountability and regulation debate. Click here to read the entire content.The bill stipulates obligations to internet applications and powers to an unspecified administrative authority to oversee compliance with PL 2630's rules. The bill's enforcement without... International issues banner, a colorful graphic of a globe Deeplinks Blog by Veridiana Alimonti, Agneris Sampieri | July 7, 2023 Brazil's Platform Regulation Debate: Clear Safeguards Against Incrementing Surveillance and Related Security Risks ** This post is one section of a more extensive piece on Brazil's platform accountability and regulation debate. Click here to read the entire content.Given the new obligations PL 2630 sets to providers, including specific rules for crisis situations, it's important to make it explicit that none of its... Discover more. Email updates on news, actions, events in your area, and more. Email Address [ ] Postal Code (optional) [ ] Anti-spam question: Enter the three-letter abbreviation for Electronic Frontier Foundation: [ ] Don't fill out this field (required) [ ] [Submit] Thanks, you're awesome! Please check your email for a confirmation link. Oops something is broken right now, please try again later. Share It Share on Twitter Share on Facebook Copy link Related Issues Privacy Back to top EFF Home Follow EFF: * twitter * facebook * instagram * youtube * flicker * rss * linkedin Check out our 4-star rating on Charity Navigator. Contact * General * Legal * Security * Membership * Press About * Calendar * Volunteer * Victories * History * Internships * Jobs * Staff * Diversity & Inclusion Issues * Free Speech * Privacy * Creativity & Innovation * Transparency * International * Security Updates * Blog * Press Releases * Events * Legal Cases * Whitepapers * EFFector Newsletter Press * Press Contact Donate * Join or Renew Membership Online * One-Time Donation Online * Giving Societies * Shop * Other Ways to Give * Copyright (CC BY) * Trademark * Privacy Policy * Thanks JavaScript license information *