Saturday, 11 March 2023

Secure messaging apps line up to warn UK’s Online Safety Bill risks web security

by Berkeley Lovelace

Secure messaging apps are lining up to opposite measures in the UK government’s Online Safety Bill (OSB) they argue will do the opposite of promoting online safety by undermining the robust encryption web users rely upon to safeguard their communications.

Meta-owned WhatsApp, the not-for-profit Signal Foundation behind the Signal app, Element, which operates the decentalized Matrix protocol, along with end-to-end encrypted email providers like Proton (ProtonMail) are warning the draft legislation contains measure that risk the security of robust encryption — a technology they say is vital to keep web users’ comms safe.

Speaking to the BBC and the Guardian yesterday, WhatsApp’s head, Will Cathcart, described the OSB as the most concerning piece of legislation in the Western world. He also suggested the platform will not comply with a UK legal requirement to weaken the level of encryption it offers its users — and would instead prefer to be blocked by UK authorities.

The draft legislation, which has reached the committee stage of scrutiny in the House of Lords, puts a duty of care on digital services to protect users from a range of harms and contains powers for the UK’s Internet regulator, Ofcom, to block non-compliant services in cases of serious infringement — in addition to a regime of hefty fines (of up to 10% of global turnover); and even the threat of jail time for law-breaking senior execs under recently expanded criminal liability.

“There isn’t a way to change [WhatsApp] in just one part of the world,” Cathcart told the newspaper. “Some countries have chosen to block it; that’s the reality of shipping a secure product. We’ve recently been blocked in Iran, for example. But we’ve never seen a liberal democracy do that.

“The reality is, our users all around the world want security Ninety-eight per cent of our users are outside the UK. They do not want us to lower the security of the product, and just as a straightforward matter, it would be an odd choice for us to choose to lower the security of the product in a way that would affect those 98% of users.”

The Signal Foundation also sounded another klaxon over the legislation this week, with president Meredith Whittaker warning in a blog post that the platform will “stand firm against threats to private and safe communication” — reiterating a message she gave to the BBC last month when she said the not-for-profit will “100%” walk away from the UK rather than weaken security and privacy for its users.

“As written, the provisions in the Online Safety Bill are poised to eviscerate privacy while opening new vectors for exploitation that threaten the safety and security of everyone in the UK. As one of the first of its kind, it could also create a template that would certainly be copied by authoritarian governments. We oppose the Bill in its current form, and believe key provisions need to be fundamentally reconsidered,” she wrote yesterday.

“When the Iranian government blocked Signal, we recognized that the people in Iran who needed privacy were not represented by the authoritarian state, and we worked with our community to set up proxies and other means to ensure that Iranians could access Signal. As in Iran, we will continue to do everything in our power to ensure that people in the UK have access to Signal and to private communications. But we will not undermine or compromise the privacy and safety promises we make to people in the UK, and everywhere else in the world.”

Also raising concerns in a blog post last month, Element, the UK startup behind the E2EE Matrix protocol for decentralized messaging, called for the government to rip the whole thing up and start again — dubbing the current draft “an attack on encryption”.

“What could have been a constructive piece of legislation has ended up as a bloated and overreaching proposal, drafted with little technical prowess. As it currently stands the bill weakens the UK’s digital security, threatens basic privacy, stymies the UK tech industry, and introduces the prospect of ever-creeping censorship and blanket surveillance,” blogged co-founder Matthew Hodgson. “Instead of setting a principled example to the rest of the world, the OSB sees the UK proposing state surveillance and censorship. It’s far closer to the approach seen from regimes in Russia and China than anything in Europe or the US.”

Discussing his concerns via email with TechCrunch today, Hodgson also warned that if the OSB is passed in its current form, and not amended to fix the threats to encryption, Element would be forced to stop providing its services to UK users.

“We cannot add client-side surveillance/content-scanning to our apps, as it fundamentally undermines encryption and makes it enormously easier for bad actors to access encrypted content,” he told us, emphasizing its red lines. “We cannot insert third party proprietary code in our apps, even if it’s special ‘government accredited’ code.”

If the UK law ends up going to this dark place, he said Element would also have no choice but to be “forced to stop providing services to UK citizens” — meaning it would likely remove its app from UK app stores, relocate UK-hosted public-facing servers to other countries and block UK IP addresses from being able to connect to those servers.

“If forced, we would switch our headquarters to a different country and close our UK legal entity (we already have US, French and German entities),” he also told us, warning: “This would fundamentally reduce privacy for law-abiding UK citizens (and catastrophically damage Element as one of the UK’s leading encrypted communication startups, in turn damaging Element’s paying customers, which include the UK Government).”

We reached out to the Department of Science, Innovation and Technology for a response to the messaging apps’ concerns about the OSB’s impact on E2EE but at the time of writing it had not sent one. We’ll update this report if we get a response from the government.

The OSB is a sprawling, multi-year attempt by the UK, helmed by a succession of Conservative prime ministers, to create rules aimed at tackling illegal (or otherwise harmful) content online. It touches on many aspects of digital activity in a bid to address a spectrum of risk and harms — from terrorism and child sexual abuse material (CSAM), to hate speech, online sexual aggression and cyberbullying, and even scam ads (to name a few) — including harms that may arise when web users communicate with each other.

Ministers have generally argued that legislation in this area is needed because major social media platforms have failed to uphold safety standards they claim to maintain in their own T&Cs, although the bill as drafted would apply to scores of digital services, not just social media giants.

Child protection has been the main motivation the government has claimed for why a law is needed to force web firms to clean up their act. However the bill goes further than setting out rules governing how in-scope services should go about moderating public conversations as it also puts requirements on user-to-user services to police private speech to ensure it does not contain terrorism or CSAM. And it’s these provisions, especially, legal experts have warned threaten end-to-end encryption (E2EE).

Even if the bill does not explicitly demand that providers ditch E2EE the concern is the regime will force them to fatally weaken the level of security and privacy they provide their users in order to avoid the risk of major penalties.

Digital rights groups were early to sound the alarm about the bill’s potential impact on encryption — and their alarm has only grown as the bill has progressed through parliament. In a policy briefing put out last month, the Open Rights Group warned that what it called “a form of chat surveillance” is being slipped in through “a back door measure” in the legislation. Its paper went on to call for E2EE private messaging services to be put out of scope of the bill entirely.

The risk the bill poses to encryption looks to be two-fold: Either 1) a service provider may feel forced to remove (or indeed never implement) E2EE — downgrading the level of security offered to users by retaining encryption keys so it can decrypt (and scan) content in order to comply with requirements placed on them by the legislation to check users’ comms for illegal activity.

Or 2) an E2EE service may feel compelled (or indeed be ordered by Ofcom) to implement client-side scanning in order to comply with the law — which would mean that the contents of users’ messages would be scanned on their device prior to that data being encrypted.

In recent years, client-side scanning has been an area of interest for the UK government — which has been actively encouraging development of scanning technologies that could be applied to scan E2EE messages without technically breaking the encryption. Then, last year, ministers tabled an amendment to the OSB which proposed to give Ofcom new powers to force service providers to implement content-scanning technologies even if their platform is E2EE — laying out a scenario where a platform could be legally forced to do client-side scanning.

The move has substantially dialled up concern about the bill’s impact on web security.

While client-side scanning technology is not usually considered to amount to a backdoor in encryption, per se, it remains hugely controversial — since it requires the blanket scanning of message content (which is both horrible for privacy and risks creating a massive new harm of ‘false positives’ — for example, if a photo of a child’s bath-time that’s shared between parents gets wrongly identified as CSAM by scanning algorithms and caregivers who have done nothing wrong have their private comms handed to the police); and also because it introduces additional technology into the E2EE mix which could create new vulnerabilities in systems that represent the current ‘gold standard’ of encryption.

Privacy and security experts remain united in warning about the risks posed by client-side scanning — pointing out, for example, that the technology is abusively disproportionate and has not been demonstrated to a robust level of accuracy such sensitive use-cases should demand. They also warn that Western democracies going down this road could given succour to and encourage authoritarian regimes to pass versions of the tech that scan for political opposition and further seek to oppress free expression.

So far, none of these concerns have stopped lawmakers from rushing to promote a popular policy goal (child safety) by seizing on an intrusive and unproven technology — which offers a cheap and easy way to claim they’re doing something about a type of abuse that emerges from complex social problems, including poor resourcing of social and public services, that’s something they seem less far interested in trying to ‘fix’. (See also: The EU’s proposal on CSAM mitigation — which also wants to push platforms to adopt scanning technologies — although, in practice, lawmakers there are likely to struggle to impose such a regime given the bloc’s prohibition on general monitoring obligations.)

While email services are not explicitly in scope of the OSB such is the level of concern about the direction of travel in the UK that E2EE email providers are adding their voices to the public chorus of concern about the bill.

E2EE email provider Proton has dubbed the OSB “misguided and dangerous” and “a ban on end-to-end encryption in all but name” — calling recently for the draft to be amended to protect the encryption that it said the internet relies upon to function. “Weakening end-to-end encryption would reduce everyone’s safety online, including the children this bill is trying to protect,” it further warned. “Without strong encryption, the sensitive data of millions of people would be at risk.”

In another public intervention, Tutanota — a continental-Europe based E2EE email provider — wondered aloud whether the UK is set to follow the likes of Russia and Iran and block access to encryption? “It is really worrying what is going on in the UK — once the greatest democracy in the world,” suggested co-founder, Matthias Pfau. “The British government still believes they can have a ‘magical key’ to access encrypted communication — completely ignoring the technical background and what cryptography experts have said again and again: You can’t backdoor encryption and make sure that this backdoor is not going to be abused by malicious actors.”

While the OSB has had many extra measures bolted on to it since the 2019 ‘online harms’ white paper — and since the 2021 first draft of the bill — all of which the government has claimed have strengthened the proposal, as it’s responded to ongoing campaigning by child safety groups which have urged ministers to go further to tackle safety risks, the most recent revision to the bill actually dialled back provisions that had targeted legal but harmful speech — after some MPs raised concerns about the impact on freedom of expression — suggesting ministers are not immune to criticism of their approach.

Although it remains to be seen whether the prospect of voters reading headlines in the not too distant future that blame the government for WhatsApp going dark in the UK will be enough for ministers to rethink their stance on strong encryption or not.

Whatever happens with WhatsApp, the bill seems unlikely to be able to stop use of all E2EE messaging apps that refuse to deploy client-side scanning if that really is ministers’ aim.

Much like Signal’s suggestion that UK users could resort to proxy servers to retain access to its app if it’s forced to officially shutter UK service, Element’s Hodgson points out that if it has to quit the UK it does not necessarily mean the end of local usage of the technologies it develops either — given that its apps, and the Matrix protocol itself, are open source and “anyone can run their own deployments”.

“Secure end-to-end encryption has been out there in the public domain for over 30 years, and attacking end-to-end encryption service providers will not make it disappear given anyone can run their own services,” he suggests, adding: “We also have a long-running project to make servers optional in Matrix in the form of Peer-to-Peer (P2P) Matrix. Once P2P Matrix or similar technologies become prevalent in the coming months, users no longer need servers — each app effectively is its own service. Therefore users will be able to communicate securely without dependency on any service provider, irrespective of the OSB’s attack on encryption.”

If the UK government is really serious about addressing child abuse Hodgson suggests that it hire more police officers — to “focus on traditional investigation and infiltration, and arm them with the tools and training to fight bad actors online”.

“Forcing encryption services to add mass surveillance is trying to outsource policing on the cheap to service providers,” he adds — dubbing it the online equivalent of forcing CCTV cameras to be installed in everyone’s bedrooms to catch “possible abuse”.

Secure messaging apps line up to warn UK’s Online Safety Bill risks web security by Natasha Lomas originally published on TechCrunch