The UK’s chartered institute for IT has slammed proposed legislation that could see the government open a “back door” to encrypted messaging.

BCS, formerly the British Computer Society, has warned that weakening encryption of secure messaging apps in online safety legislation would damage public trust in technology.

The controversial Online Safety Bill is set to be heard in the House of Lords for scrutiny this week. It sets out wide-ranging measures designed to protect people, particularly children, in their online lives.

However, critics have argued that - however well-intentioned - the legislation could create a back door for governments to read encrypted messages.

In a statement, BCS chief executive Rashik Parmar, said: “It’s the wrong time to weaken encryption when it is vital to public trust in the value of technology. Every genuine tech professional wants children to be safe online; but we need to guard the basic security that underpins everyone’s privacy.

“There is grave concern that the Online Safety Bill’s requirements around identifying illegal content could break the principle of end-to-end encryption with the promise of a magical backdoor. Once a backdoor has been compromised, data and content protected by the encryption becomes accessible. This is exactly what many bad actors would welcome.

“Building confidence in technology is a global priority in 2023. A bill aimed at keeping us safe online should protect encrypted messaging,” he said.

We've been here before

This is not the British government's first encryption-breaking rodeo. It has for years called upon tech companies to break encryption so law enforcement can listen in: most notably former Home Sec and then PM Theresa May, and later former Home Sec Amber Rudd and former UK Home Secretary Priti Patel.

Erstwhile Prime Minister David Cameron even proposed banning online messaging applications that support end-to-end encryption in 2015.

What about this bill?

The Online Safety bill legislation is set to give media regulator Ofcom powers to make platforms identify and remove child abuse content. Any compnies refusing to comply could face large fines.

In February, encrypted chat service Signal said it would put an end to its UK operations if the Online Safety Bill was enacted in its current state. Proposals for device-side scanning - designed to protect children from harmful content - break the security of end-to-end encryption at the same time, it argued.

There cannot be a 'British internet,' or a version of end-to-end encryption that is specific to the UK

The legislation contains what critics have called "a spy clause" [PDF]. It requires companies to remove child sexual exploitation and abuse (CSEA) material or terrorist content from online platforms "whether communicated publicly or privately." As applied to encrypted messaging, that means either encryption must be removed to allow content scanning or scanning must occur prior to encryption.

Meredith Whittaker, president of the Signal Foundation, told The Register: "Many millions of people globally rely on us to provide a safe and secure messaging service to conduct journalism, express dissent, voice intimate or vulnerable thoughts, and otherwise speak to those they want to be heard by without surveillance from tech corporations and governments."

"We have never, and will never, break our commitment to the people who use and trust Signal. And this means that we would absolutely choose to cease operating in a given region if the alternative meant undermining our privacy commitments to those who rely on us."

In response to Whittaker's remarks, Dr Monica Horten, policy manager for freedom of expression at Open Rights Group, also urged the UK government to drop the clause.

When the legislation was first proposed in March, 2022, Nadine Dorries, digital secretary at the time, said, “Tech firms haven’t been held to account when harm, abuse and criminal behaviour have run riot on their platforms. Instead, they have been left to mark their own homework. If we fail to act, we risk sacrificing the wellbeing and innocence of countless generations of children to the power of unchecked algorithms.” ®

https://www.theregister.com//2023/04/18/wrong_time_to_weaken_encryption/