Coalition Letter to Parliament: Fix Online Safety Bill to Avoid Undermining Encryption

LONDON—Today a coalition of 70 individuals and organizations, including ITIF’s Center for Data Innovation, sent an open letter to the United Kingdom’s Prime Minister Rishi Sunak opposing the Online Safety Bill’s clauses that erode end-to-end encryption in private messaging and other online services.

“The Online Safety Bill is a broken piece of legislation that threatens the privacy and security of ordinary users and vulnerable individuals alike,” said Kir Nuthi, senior policy analyst at the Center for Data Innovation and author of reports on reforming the bill and the bill’s issues regarding end-to-end encryption. “The Online Safety Bill would sacrifice the ability of users to communicate privately for a well-meaning but misguided attempt to make the Internet safer.”

“Prime Minister Rishi Sunak, the Right Honorable Michelle Donelan MP, and Parliament have a chance to fix the Online Safety Bill by protecting end-to-end encryption, which provides security and privacy to UK businesses, families, and communities,” said Nuthi. “Undermining end-to-end encryption is the wrong solution and would leave the UK more vulnerable to cybercriminals, foreign adversaries, and other aggressors.”

The letter urges Prime Minister Rishi Sunak’s government to protect end-to-end encryption for the sake of economic security, a free society, and the safest Internet possible for the UK.

The text of the letter is available online and included below:

Dear Prime Minister Sunak,

With cyber attacks becoming ever-more frequent and sophisticated, the reliance of UK citizens and businesses on end-to-end encryption to keep themselves safe and secure has never been greater.

Encryption is critical to ensuring Internet users are protected online, to building economic security through a pro-business UK economy that can weather the cost of living crisis, and to assuring national security. As you begin your new role as Prime Minister, the undersigned civil society organisations and companies, including members of the Global Encryption Coalition, urge you and your government to ensure that encryption is not weakened.

Despite its intention to make the UK safer, the Online Safety Bill currently contains clauses that would erode end-to-end encryption in private messaging. As noted in a recent letter by leading UK digital rights organisations, the Bill poses serious threats to privacy and security in the UK “by creating a new power to compel online intermediaries to use ‘accredited technologies’ to conduct mass scanning and surveillance of all citizens on private messaging channels.” Leading cybersecurity experts have made clear that even message scanning, mistakenly cited as safe and effective by its proponents, actually “creates serious security and privacy risks for all society while the assistance it can provide for law enforcement is at best problematic.”

Undermining protections for end-to-end encryption would make UK businesses and individuals less safe online, including the very groups that the Online Safety Bill intends to protect. Furthermore, because the right to privacy and freedom of expression are intertwined, these proposals would undermine freedom of speech, a key characteristic of free societies that differentiate the UK from aggressors that use oppression and coercion to achieve their aims.

UK businesses are set to have less protection for their data flows than their counterparts in the United States or European Union, leaving them more susceptible to cyber-attacks and intellectual property theft. UK digital businesses will also face new challenges in foreign markets. When Australia passed a similar law undermining end-to-end encryption in 2018, the Australian digital industry lost an estimated $AUS 1 billion in current and forecast sales and further losses in foreign investment as a result of decreased trust in their products. As the UK economy faces significant challenges in the wake of COVID-19 and the impacts of the War in Ukraine, it is critical that the Bill does not undermine UK tech leadership and economic security

Undermining end-to-end encryption or introducing content scanning obligations for private messaging will also remove protections for private citizens’ data. Opening a backdoor for scanning also opens a backdoor for cyber criminals intent on accessing our bank account details, private messages and even the pictures we share online privately with family and friends. We all deserve the protection that end-to-end encryption provides, but the most vulnerable in society - children and members of at-risk communities - need it most of all.

For economic security, a free society and the safest Internet possible for UK citizens, we call upon you and the UK government to ensure that the Online Safety Bill does not undermine end-to-end encryption.

Signatories *

Access Now

The Adam Smith Institute

Advocacy for Principled Action in Government

Aspiration

Associação Portuguesa para a Promoção da Segurança da Informação (AP2SI)

Betapersei, S.C.

Big Brother Watch

Blacknight Internet Solutions Ltd

Jon Callas, Director of Public Interest Technology, EFF

L. Jean Camp, Professor, Indiana University

Center for Data Innovation

Center for Democracy and Technology

Center for New Liberalism

Centre for Policy Studies

CIPPIC (Samuelson-Glushko Canadian Internet Policy and Public Interest Clinic)

Lord Tim Clement-Jones

Collaboration on International ICT Policy for East and Southern Africa

comun.al, Digital Resilience Lab

CRYPTO ID – BRAZIL

DNS Africa Media and Communications

Electric Coin Co. (creators and supporters of Zcash)

Electronic Frontier Foundation

Encrypt Uganda

Fight for the Future

Global Partners Digital

Markéta Gregorová, Member of the European Parliament

Index on Censorship

Dr. Philip Inglesant

Internet Freedom Foundation, India

Internet Society

Internet Society – Brazil Chapter

Internet Society Catalan Chapter

Internet Society Côte d’Ivoire Chapitre

Internet Society Colombia Chapter

Internet Society Ghana Chapter

Internet Society India Hyderabad Chapter

Internet Society Tanzania Chapter

Internet Society Tchad chapter

Internet Society Liberia Chapter

Internet Society Niger Chapter

Internet Society Portugal Chapter

Internet Society UK England Chapter

Interpeer gUG (haftungsbeschraenkt)

JCA-NET(Japan)

Kijiji Yeetu

C. de Larrinaga

Matthew Lesh, Head of Public Policy, Institute of Economic Affairs

Liberty

MEGA

Alec Muffett, Security Researcher

New America’s Open Technology Institute

Numex

OpenMedia

Open Rights Group

Organization for Identity and Cultural Development

Ranking Digital Rights

People’s Privacy Network

Chip Pitts

Sharon Polsky MAPP, President, Privacy & Access Council of Canada

Runa Sandvik, Founder, Granitt

Jamie Stone MP, Liberal Democrats

Superbloom

Surfshark

Susan Landau, Bridge Professor of Cyber Security and Policy, Tufts University

Tech for Good Asia

The Tor Project

Tutanota

TwelveDot Incorporated

University of Bosaso

Phil Zimmermann

*Affiliations listed for identification purposes only