The vital cybersecurity tool of end-to-end encryption is under threat. Here's why:
Ofcom are currently running a consultation on their framework for implementing the 'Spy Clause' section 121 of the Online Safety Act. This clause gives Ofcom the power to issue a technical notice to a provider, and require them to use a specific technology to scan everyone's messages for terrorist material or child sexual exploitation materials (CSEM).
This consultation closes at 5pm on Monday 10th March.
The problem is there is no safe scanning technology that exists. Many of the imagined solutions (such as client-side scanning) could create major cybersecurity risks for the UK and our allies.
Practice Safe Text
Open Rights Group's Practice Safe Text campaign fights for our right to use end-to-end encrypted messaging apps.
End-to-end encryption is a vital tool. It keeps us safe online by:
- Protecting our communications with family and friends.
- Protecting activists worldwide from oppressive regimes.
- Ensuring LGBTQ+ people can communicate without fear.
- Helping people who have experienced domestic violence escape and hide from abusers.
- Safeguarding women who are enquiring about abortions in jurisdictions where it's illegal.
- Protecting MPs and important decision makers from espionage and hostile states.
Ofcom need to implement a framework that adequately considers the risks of trying to implement unsafe scanning tech. Those risks include:
- Breaking Article 8 Human Right to Privacy through a failure to adequately consider if these notices are “proportionate” ( ECHR ruling on Podchasov v Russia)
- Overwhelming law enforcement agencies with a flood of false reports.
- Placing innocent people under suspicion when the algorithm wrongly flags a joke, nude, medical picture or DM.
- Undermining global cybersecurity by forcing companies to develop backdoors to end-to-end messaging systems.
- Creating attack vectors for GRU Russian Army intelligence to gain access to European communications.
- Forcing services to pull out of the UK market because they won't weaken the security of their products.
- Facilitating the spread of harmful CSEA content through the vulnerability of perceptual hash inversion attacks.
- Implementing discriminatory systems that breach Ofcom's public sector equalities duty.
You are free to read Ofcom's consultation and reply to them directly with your response. We have also created this tool as a quick and easy way to ensure your voice is heard.
Either way, be sure to warn Ofcom of the risks involved by implementing unsafe scanning tech. Tell them to practice safe text and back end-to-end encryption.
