UK Online Safety Bill Set to Weaken Encryption and Put UK Internet Users At Risk Thumbnail
Encryption 19 January 2022

UK Online Safety Bill Set to Weaken Encryption and Put UK Internet Users At Risk

By Callum VogeDirector, Governmental Affairs and Advocacy

The Internet Society joins the UK England Chapter in calling for a redraft of the UK’s Online Safety Bill so that it protects strong encryption and recognises its vital role in protecting users online. 

Despite claims it seeks to protect users online, the recent draft of the Bill threatens to drive strong encryption from the market and place UK Internet users at greater risk than ever before.

The draft Online Safety Bill will force service providers to weaken or remove encryption to meet new content identification and removal requirements. A newly published Internet impact brief co-authored by the Internet Society and UK England Chapter identifies how, by weakening encryption, the Bill will undermine critical elements that make the Internet an open, globally connected, secure and trustworthy resource for everyone. 

Weakened Encryption Deprives UK Users of the Internet’s Full Benefits

Encryption helps Internet users keep their online data and communications private and secure. It plays a critical role in protecting day-to-day digital activities like online banking, shopping, preventing theft of sensitive information in data breaches, and making sure private messages stay private.

  • The draft Online Safety Bill will create an Internet that is less secure. UK businesses rely on encryption to ensure the confidentiality of sensitive information while civil servants, journalists, and doctors rely on encryption to do their jobs effectively and safely. Individuals, especially those from vulnerable groups, use encryption to protect themselves from discrimination. 
  • Encryption that is weakened for one industry may spill-over to other industries when flawed implementation sees the same protocols used across sectors. If data is not secure, the risk of attack and manipulation increases, exposing UK businesses and individuals to fraud. 
  • Weakening encryption makes the Internet less open. Redesigning encryption protocols to comply with the Bill would be a technically difficult and costly process. While these additional costs may be manageable for big technology companies, they pose significant financial barriers for UK startups hoping to enter the market, harming long term UK prosperity. The UK’s role as a global tech leader may also be threatened as companies are limited in how they combine encryption with new technologies to create innovative products. 
  • The draft Online Safety Bill will lead to an Internet that is less globally connected. International service providers that offer encryption may opt to leave the UK market to avoid regulatory burdens and fines. Market exit would see UK Internet users isolated from key platforms for global knowledge production and exchange. 
  • Weakening encryption makes the Internet less trustworthy. Users expect encryption to provide privacy and anonymity for their data but users of weakened encryption may find that their expectations are not met, damaging their trust in the technology and the Internet as a whole. Similarly, any regulation that proposes the removal of user content must be done through a robust process with full transparency and accountability. Otherwise, a lack of clarity would fuel distrust in the Internet and the information transferred through it.  

Encryption Backdoors Don’t Work

Some UK policymakers have pointed to encryption backdoors as a way to use encryption while still creating a mechanism for law enforcement access to private messages. Encryption backdoors function by creating a key that government authorities can use to decrypt messages and data sent between individuals. 

However, the consensus among technical experts is that there is no way to grant only certain third parties with access to users’ private communications and not others. Creating a backdoor for law enforcement access also creates an intentional vulnerability that criminals and hostile state actors can exploit. Encryption backdoors do not work and UK policymakers cannot in good faith pursue this approach without putting UK Internet users at risk of attack and abuse. 

How You Can Help

The Internet Society and UK England Chapter are calling on Her Majesty’s Government to redraft the Online Safety Bill so that it is compatible with strong encryption and abandons encryption backdoors. It is also imperative that Her Majesty’s Government  conduct a full and robust Internet impact assessment so that Parliament is properly informed of the potential harms to the Internet from weakening encryption. 

The best way to help Parliament to understand the dangers of weakening encryption is to make some noise about why it’s important. Please share our Internet Impact Brief widely and help others understand the impact this Bill will have. UK Internet users and businesses should continue to enjoy the full benefits of the Internet without compromising their safety. Without a significant redrafting, the Bill will deprive UK Internet users of the tools needed to protect themselves online. 

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Encryption 21 September 2023

Techxit: The UK Declares Its Exit from the High-Tech Startup World

No one in their right mind would now want to start up a high-tech company in the UK. With...

Encryption 11 August 2023

Encryption, Bad Bills, and Ripple Effects: How Riana Pfefferkorn Protects the Internet

We spoke with Riana Pfefferkorn, research scholar at the Stanford Internet Observatory, about encryption and protecting the Internet.

Strengthening the Internet 14 June 2023

Speak Out Against Bills That Threaten End-to-End Encryption

The EARN IT Act, STOP CSAM Act, and KOSA in the United States threaten to weaken end-to-end encryption which...