The Online Safety Bill "undermines safety online," warn experts amid encryption blast

In this photo illustration, a teenage child looks at a screen of age-restricted content on a laptop screen
(Image credit: Photo by Leon Neal/Getty Images)

Nearly 70 UK-affiliated information security researchers, scientists and cryptographers are the latest to voice their concerns over the security risks of the Online Safety Bill.

The controversial Act made its return into Parliament last week, and it's expected to get back to the Commons for the last review stage very soon. Commentators—including encrypted messaging apps, VPN services and other security software providers—have long been calling the government against the danger of breaking encryption.

At this critical time, the experts seek to stress once again how the Online Safety Bill de-facto "undermines safety online." Will policymakers finally listen?

"Technology is not a magic wand"

"As independent information security and cryptography researchers, we build technologies that keep people safe online. It is in this capacity that we see the need to stress that the safety provided by these essential technologies is now under threat in the Online Safety Bill," concludes the open letter, which counts a total of 68 signatories.

The academics especially lashed out against the provisions of the Bill seeking to undermine encryption in the name of safety. 

Encryption is the process of scrambling data into an unreadable form in order to protect it from third-party access. While it's largely implemented across different technologies—from security tools like virtual private network (VPN) to simply any website users access on a daily basis—the UK government specifically plans to weaken this protection on secure communication apps like WhatsApp, Signal, and email services.

This act undermines privacy guarantees and, indeed, safety online.

The infamous Bill seeks to place itself as an effective response to the rise in child sexual abuse online, and any other dangers to citizens' safety on the net. Yet, by attempting to make the UK the safest place to be online, politicians seem to be achieving exactly the opposite outcome.

Experts warned how the "routine monitoring" of private communications is incompatible with today's standard of privacy. At the same time, weakening encryption will open "cryptography backdoors" for bad actors and the government to exploit in the future.

The lack of reliability of today's client-side scanning technologies is likely to produce false positives in most instances, too. Even worse as these algorithms can be repurposed to add hidden secondary capabilities. Ultimately, having—as they described—a "police officer in your pocket" would de-facto make everyone less safe.

"Technology is not a magic wand," warn the security experts. "Our concern is that surveillance technologies are deployed in the spirit of providing online safety. This act undermines privacy guarantees and, indeed, safety online." 

This is only the most recent cry for help launched by the tech community, which has been busy trying to make policymakers understand that undermining privacy in the name of safety simply cannot work.

Only a week ago—the same week the Act made its return in the House of Lords—over 80 civil society organizations, academics and cyber experts from 23 countries pledged the UK government to remove end-to-end encrypted services from the scope of the Bill.

A day after, the Big Tech giant Apple joined the crowded ranks of the opposition by voicing its concerns over the scanning of encrypted communications. In May, a coalition of more than 45 organizations took to the defense of this crucial technology—especially for journalists and activists—on the occasion of the last World Press Freedom Day.

Secure messaging platforms like Element, WhatsApp and Signal said in February that they would quit the UK if the Act becomes law. This exodus to save encryption would ultimately "leave UK residents in a vulnerable situation, having to adopt compromised and weak solutions for online interactions," warned researchers.

The political debate

The Online Safety Bill is a clear example of the existing tensions between politics and technology. As the internet evolves, lawmakers attempt to keep up with the new threats of the digital age—too often, though, without the necessary knowledge to understand its implications.

"The biggest single issue with the Online Safety Bill is that it's too big. It tries to do too many things," Robin Wilton, Internet Society’s Director for Internet Trust, told TechRadar. "Every politician sees something in there that they want and so they will vote for it, even if there are other things to which they're either indifferent or they shouldn't want it because it's actually actively harmful."   

According to Wilton, the current political debate raises the same privacy tensions spread around the Labour proposal on national identity cards a few years back. By playing the child safety card this time, the act has a much better chance of finally becoming law. 

"[Child safety online] becomes the default justification regardless of whether that's the purpose of the policy," he said. " But, there's plenty of evidence to say that actually, if you want to ensure child safety online, the place you should start is child safety offline."

At the time of writing, the Online Safety Bill is still in the House of Lords. This means that it will soon get back in the Commons where MPs will decide whether or not accept any amendments the Lords might propose and, eventually, send it back for further review.

At this point, there are a few things to consider. For starters, with the Parliament session due to expire in autumn, it means that the time is almost up for the Bill. It was, in fact, already a leftover from the previous government, and due to this it cannot be carried on in its current form into the next. That's just theoretical, though, as the government is said to be willing to extend this parliamentary session if needed.

The second and perhaps biggest question is whether or not the Lords would decide to implement the so-called Davis amendment put forward by Conservative MP David Davis to remove the ability to monitor private messaging services from the scope of the bill.

"The government hates that idea. They think that would destroy the whole point of the bill, but that simple amendment would actually solve most of its privacy problems," explained Wilton.

Some of the Lords already voted to support the bill, so now the question is whether or not enough of them will in the final vote. 

"The House of Lords can't actually stop the bill by amending it, they can only send a strong signal," said Wilton. "So, will it be strong enough for the Commons to actually change their mind?"

Chiara Castro
News Editor (Tech Software)

Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life – wherever cybersecurity, markets, and politics tangle up. She writes news, interviews, and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar and TechRadar Pro. Got a story, tip-off, or something tech-interesting to say? Reach out to chiara.castro@futurenet.com

Read more
A hand holding an iPhone with the iCloud logo on screen.
UK's Apple iCloud backdoor "jeopardizes the security and privacy of millions," warn experts
Conceptual image of a large group of cctv camera watching and spying on a mobile phone with messages, it illustrates digital surveillance concept
New EU Chat Control makes scanning encrypted chats optional – but privacy experts are still worried
Privacy
"Anonymity is not a fundamental right": experts disagree with Europol chief's request for encryption back door
View on National Assembly building in Paris, France, with French and European flags flying.
France rejects controversial encryption backdoor provision
ignal messaging application President Meredith Whittaker poses for a photograph before an interview at the Europe's largest tech conference, the Web Summit, in Lisbon on November 4, 2022.
"We will not walk back" – Signal would rather leave the UK and Sweden than remove encryption protections
Actalis SSL encryption
Apple is right not to bow down to the UK government's encryption backdoor request - but users should still be angry
Latest in Cyber Security
The X logo next to a silhouette of Elon Musk
Who was really behind the massive X cyberattack? Here’s what experts say about Elon Musk’s claims
A person holding a phone looking at a scam text with warning signs around
A massive SMS toll fee scam is sweeping the US – here’s how to stay safe, according to the FBI
View on National Assembly building in Paris, France, with French and European flags flying.
France rejects controversial encryption backdoor provision
ignal messaging application President Meredith Whittaker poses for a photograph before an interview at the Europe's largest tech conference, the Web Summit, in Lisbon on November 4, 2022.
"We will not walk back" – Signal would rather leave the UK and Sweden than remove encryption protections
Man uses a laptop in a hotel room
4 ways to avoid misinformation on social media and retain control of your newsfeed
An AI face in profile against a digital background.
Worried about DeepSeek? Well, Google Gemini collects even more of your personal data
Latest in News
Panos Panay and Alexa Plus
Amazon's Panos Panay teases future Alexa+ devices from speakers to possible wearables
Metroid Prime 4
I reckon the Nintendo Switch 2 could launch with Metroid Prime 4 – here’s why
Samsung Galaxy Z Fold 6
New rumors predict a foldable iPhone will launch next year – and cost almost twice as much as the iPhone 16 Pro Max
Pebble smartwatch countdown
Pebble confirms its smartwatch announcement is just hours away
Logo of YouTube Shorts
Is YouTube auto-playing Shorts when you open the app? Well, you’re not alone - here’s how to fix it
Google DeepMind panel discussion
“More sovereignty and protection” - Google goes all-in on UK AI with data residency, upskilling projects, and startup investments