Criticism of the UK Online Safety Bill

After much debate and delay, the UK Parliament has today finally passed the Online Safety Bill (1).

The aims of the Bill in its original form, scribbled on the back of a sandwich packet by Prof Lorna Woods of the University of Essex and William Perrin of the charitable foundation Carnegie UK, could have been considered laudable. Its stated aim was protecting children from accessing harmful content online, such as the self-harm material that teenager Molly Russell accessed on Pinterest and Instagram just before she committed suicide.

However, since that day six years ago it has morphed into what is now simple a snooper’s charter. The expectation is now placed on tech companies to vet every single online interaction on their respective platforms, in case it might be illegal or even just considered harmful. For firms that supply encrypted services, including chat apps like Signal, WhatsApp, iMessage and Facebook Messenger, this is an impossible situation. Their customers quite rightly expect encrypted messages to be private. To comply with the new Bill, encryption would have to be broken and messages scanned after the user hits ‘send’ but before they actually reach the providers servers. If the message is considered illegal or problematic the suggested solution is to send all details of it to authorities automatically!

This is akin to to allowing the Police to read every letter addressed to you before you get it, and listening in to every phone call you make just in case it’s illegal or “harmful”.

After tech companies pointed out that what the Government were asking for isn’t actually technically possible, and threatened to simply disable access to their services from the UK, the wording was softened slightly. The “compromise”: to state that this should happen once the technology was able to do this. Although this was a welcome piece of news, it is merely a temporary reprieve. Their suggestion prior to that was to break encryption, but only for the ‘right’ people..!

If the history of computer security has taught us anything, it’s that any weakness will be exploited. Leaving “back doors” in encryption software for official use has gone disastrously wrong in the past – and with a high potential reward for discovering and exploiting them, bad actors are sure to leave no stone unturned in racing to unlock everyone’s communications. Attempting to outlaw encrypted communication is akin to the USA’s 2004 decree that all suitcases transported by air must be able to be unlocked with one of a set of “high-security” keys for security and customs inspections. Within a few short years the keys were duplicated, and now can be trivially bought online and used to unlock anybody’s luggage at any time. Despite the best of intentions, these locks have compromised security for everybody. Encryption works the same way – there are undoubtably reasonable arguments to be made for allowing governments to read some people’s messages, but these should not be allowed to compromise the undeniable benefits of encryption for all. Once it’s broken, it’s broken for everyone at all times.

Aside from the obvious security implications for digital wallets and banking apps, there are many disturbing scenarios that this Bill has now made much more likely. Women in abusive relationships often communicate with charities and support services via encrypted services. Young people who want to discuss their sexuality without their parents knowing used to be able to rely on securely communicating with peers and support charities and groups. And of course, children being abused. Adult abuse survivors have gone on record as saying they wish secure, private ways of communicating had been available to them. Similar legislation is going through the EU and several adult survivors have spoken out against it. Their words (2) are just as true as in regard to the Online Safety Bill:

“As an abuse survivor, I (and millions of other survivors across the world) rely on confidential communications to both find support and report the crimes against us – to remove our rights to privacy and confidentiality is to subject us to further injury and frankly, we have suffered enough.”
– An Irish survivor of child abuse

“Using the veil of morality and the guise of protecting the most vulnerable and beloved in our societies to introduce this potential monster of an initiative is despicable.”
– A German survivor of child abuse

“Especially being a victim of sexual abuse, it is important to me that trusted communication is possible, e.g. in self-help groups and with therapists. If encryption is undermined, this also weakens the possibilities for those affected by sexual abuse to seek help.”
– A French survivor of child abuse

Graham Smith is a lawyer who has written books on Internet Law. He has said of this Bill – “If the road to hell is paved with good intentions, this is a motorway,” and called it “a deeply misconceived piece of legislation“, and that the threat it posed to legitimate speech was likely to be “exposed in the courts” (3).

Global Order Of Satan foresee many potential abuses of this legislation, from preventing people being able to privately access support groups and charities regarding mental health, sexuality, gender, freedom of religion and abuse to the more generalised threat of mass surveillance. Whilst protecting people from harmful content is well-intentioned, this legislation is in our view, overreaching, invasive and may harm the very people it seeks to protect.

While we have briefly detailed our opposition here on the basis of its harm to freedom of association and protection from leaks of personal and private data, there are so many problematic aspects of this bill that it would be hard to cover them all at once. Look out for future articles outlining our stance with regards to the difficulties of defining specific types of content as “harmful”, the implications for freedom of speech, the technical difficulties in keeping children out of so-called “dangerous areas” of the internet and – given their poor records with technical legislation and forcing their parties’ particular brands of faux-concerned paternalism – whether we should even permit governments to try.

1. BBC
2. ChatControl
3. Graham Smith on Inform