Apple calls UK’s Online Safety Bill a “serious threat” to end-to-end encryption

Apple calls UK's Online Safety Bill a "serious threat" to end-to-end encryption featured image
Apple store sign | Credit: Medhat Dawoud – Unsplash

Apple has publicly criticized powers in the United Kingdom’s proposed Online Safety Bill which threaten end-to-end encryption on messaging platforms.

End-to-end encryption (E2EE) is a technology which encrypts communications, so that no one except the sender and recipients can decrypt a communication and view its contents.

The UK’s proposed Online Safety Bill, currently making its way through the British Parliament, would give the UK’s communications regulator Ofcom (Office of Communication), new legal powers to force messaging platforms (available to British users) to scan the contents of every message users’ send for illegal content.

As reported by BBC News, Apple told the BBC that the Online Safety Bill should be amended to protect encryption.

In a statement Apple said: “End-to-end encryption is a critical capability that protects the privacy of journalists, human rights activists, and diplomats.”

“It also helps everyday citizens defend themselves from surveillance, identity theft, fraud, and data breaches. The Online Safety Bill poses a serious threat to this protection, and could put UK citizens at greater risk.”

“Apple urges the [British] government to amend the bill to protect strong end-to-end encryption for the benefit of all.”

Mass criticism of Online Safety Bill powers over end-to-end encryption

According to BBC News, Apple’s criticism comes as 80 organizations and tech experts have written to the UK’s Technology Minister Chloe Smith urging a rethink on the new proposed powers.

Alongside Apple which operates iMessage, rival messaging services WhatsApp and Signal, all three of which are encrypted, have also criticized the UK’s proposed Online Safety Bill.

In March, WhatsApp’s head Will Cathcart said that WhatsApp would not weaken its encryption to comply with the Online Safety Bill and in February Signal said it would “walk” from the UK if forced to weaken its encrypted messaging apps privacy.

Prior to Apple’s new stance, the company itself in 2021 announced plans to scan images on users’ iPhones before being uploaded to iCloud, but Apple abandoned the idea after backlash.

Despite the opposition, supporters of the new powers in the Online Safety Bill including the UK government, British Police and child protection charities continue to maintain their resolve that end-to-end encryption in messaging apps, prevents law enforcement and messaging platforms from identifying the sharing of child abuse material by users.

As reported by The Guardian in December 2022, when Apple announced it would introduce a new privacy feature called “advanced data protection for iCloud”, which lets users apply end-to-end encryption to all their data stored in the cloud, a British government spokesperson said: “We support strong encryption but it cannot come at the expense of protecting the public. End-to-end encryption cannot be allowed to hamper efforts to catch perpetrators of the most serious crimes”.

“Firms will be required to adhere to the strong child safety duties in the online safety bill, and we remain committed to continuing to work with the tech industry to develop innovative solutions that protect public safety and privacy.”

British Home Office ministers have also been very critical of Meta’s recent decision to introduce encryption into Facebook messages, as reported by BBC News.

Client-side scanning and mass surveillance

Though the Online Safety Bill does not outlaw encryption, the British government believes there are technological solutions that would allow users to have both privacy through encryption, whilst combating the sharing of child abuse material on messaging platforms.

Many technology experts argue that the only way to achieve this, would be to install software on a user’s device, referred to as client-side scanning, which would scan every message on a phone or computer before they are sent.

Such an idea has been widely criticized as defeating the purpose of encryption as it undermines privacy.

However, according to new research from Imperial College London, client-side scanning software could do more than the British government’s initial aim of scanning for illegal content such as child abuse material.

According to a news article from Imperial College London, new research unveiled in a recent paper from the institution itself, shows that client-side scanning technology could be used to turn millions of phones into facial recognition tools, by searching people’s private messages using facial recognition, without a user’s consent.

Dr Yves-Alexandre de Montjoye, of Imperial College London’s Department of Computing, a corresponding author of the recently published paper on the matter, unveiled at IEEE Security and Privacy said: “what our paper shows is that the software [client-side scanning] could be built or tweaked to include other hidden features such as scanning private content from the phones of hundreds of millions of people using facial recognition, the same technology used at airport gates.”

For further information on the UK’s proposed Online Safety Bill visit: