The head of Meta’s WhatsApp, Will Cathcart, has effectively said that WhatsApp will leave the UK if the country’s upcoming Online Safety Bill requires it to undermine its encryption.
Cathcart has reportedly spoken about WhatsApp’s stance towards the UK’s proposed Online Safety Bill, during a visit to the UK in which he will meet legislators to discuss the British government’s new internet regulation.
As reported by The Guardian and BBC News, Will Cathcart has said that WhatsApp would refuse to comply with requirements in the UK government’s proposed Online Safety Bill that would weaken the privacy of encrypted messages.
Cathcart said, “It’s a remarkable thing to think about. There isn’t a way to change it in just one part of the world. Some countries have chosen to block it; that’s the reality of shipping a secure product. We’ve recently been blocked in Iran, for example. But we’ve never seen a liberal democracy do that.”
“The reality is, our users all around the world want security – ninety-eight percent of our users are outside the UK, they do not want us to lower the security of the product and just as a straightforward matter, it would be an odd choice for us to choose to lower the security of the product in a way that would affect those ninety-eight percent of users.” Cathcart said.
Effectively, this means that WhatsApp would rather accept being blocked in the UK, instead of compromising its users privacy.
Comprising end-to-end encryption
Under the UK’s Online Safety Bill, WhatsApp would be required to moderate the content that people communicate through it, in accordance with a fixed list of what the British government deems illegal and harmful content.
End-to-end encryption prevents anyone except the sender and recipients from decrypting a communication and viewing its contents. WhatsApp itself cannot read messages sent over its own service, therefore preventing it from complying with content monitoring and law enforcement requests to hand over messages.
Although the bill does not out-law encryption for communications, in order to comply with the new laws, WhatsApp would have to effectively undermine its own security, thus defeating the purpose of having encrypted communication for the sake of privacy.
As proposed by critics of the Online Safety Bill, reported on by BBC News, one of the only ways to check the contents of encrypted messages for illegal content would be for services to scan a communication before it was encrypted and sent. But such client-side scanning would undermine the privacy encryption provides.
The British government has separately said “the Online Safety Bill does not represent a ban on end-to-end encryption. It is not a choice between privacy or child safety – we can and we must have both.” as reported by BBC News.
According to The Guardian, Cathcart said that similar legislation in other jurisdictions, such as the EU’s Digital Markets Act (DMA), explicitly defends end-to-end encryption for messaging services.
The DMA entered into force last year on November 1st, 2022. According to a press release from the European Commission, the EU’s new regulation is designed to put an end to unfair practices by companies that act as gatekeepers in the online platform economy.
Cathcart called for similar language to be inserted into the UK’s Online Safety Bill before it is passed. “It could make clear that privacy and security should be considered in the framework. It could explicitly say that end-to-end encryption should not be taken away. There can be more procedural safeguards so that this can’t just happen independently as a decision.”, as reported by The Guardian.
If WhatsApp were to refuse to comply and continue providing their service to people in the UK, then they could face heavy fines, criminal charges against senior managers and potential greater penalties including an outright ban of the service in the UK.
On another note, concerns about the requirements of the Online Safety Bill creating a new tool for mass surveillance have also been raised, due to the idea of having to scan every message sent through an encrypted chat service for illegal content.
As reported on BBC News, Dr Monica Horten of Open Rights Group, a UK based organization that campaigns for digital rights said, “with over 40 million users of encrypted chat services in the UK, this turns it into a mass surveillance tool, with potentially damaging consequences for privacy and free expression rights.”
Regardless of the potential issues which could arise to UK citizens rights, the British government and prominent child protection charities, have long argued that encryption hinders efforts to combat the growing problem of online child abuse, as reported on BBC News.
WhatsApp’s stance towards the Online Safety Bill follows suit with Signal, another popular encrypted messaging service. Last February, Meredith Whittaker, President of the Signal Foundation which develops the service, told BBC News that the organization “would absolutely, 100% walk” if forced to weaken the privacy of its messaging system under the Online Safety Bill.
In January, BBC News reported that Wikipedia warned the Online Safety Bill could “limit freedom of expression”.
What is the UK’s proposed Online Safety Bill?
The UK’s proposed Online Safety Bill introduces new rules for any internet service that allows people (users) to share content with others on an online service. The bill holds internet services accountable for protecting children and adults in the UK from illegal and harmful content.
Under the bill, Ofcom (Office of Communication – the UK government’s communications regulator) will be given additional legal powers to regulate internet services and take action against those who do not comply with the new laws. Such penalties for breaching the new laws can result in fines of up to eighteen million pounds or ten percent of an internet service’s annual global turnover, as well as criminal action taken against senior managers, with the possibility of further actions (subject to court approval) to prevent an internet service from generating money or being accessed from the UK.
Official guidance for the UK’s Online Safety Bill can be found on the British Government’s website.
