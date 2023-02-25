



The non-profit organization responsible for the Signal Messenger app is ready to leave the UK if the country requires encrypted communications providers to modify their products to ensure that users’ messages are free of harmful material. children. We would absolutely leave any country if the choice was between staying in the country and undermining the strict promises of privacy we make to the people who rely on us, Meredith Whittaker, CEO of Signal, told Ars. The UK is no exception. Whittaker’s comments came as the UK Parliament is drafting legislation known as the Online security bill. The bill, introduced by former Prime Minister Boris Johnson, is sweeping legislation that requires virtually all user-generated content providers to block child pornography content, often abbreviated as CSAM or CSA. Providers must also ensure that any legal content accessible to minors, including self-harm topics, is age appropriate. E2EE in the crosshairs The bill’s provisions specifically target end-to-end encryption, which is a form of encryption that only allows senders and recipients of a message to access the human-readable form of the content. Commonly abbreviated as E2EE, it uses a mechanism that even prevents the service provider from decrypting encrypted messages. Robust E2EE enabled by default is Signals’ biggest selling point to its more than 100 million users. Other services offering E2EE include Apple iMessages, WhatsApp, Telegram and Meta’s Messenger, although not all provide it by default. Advertisement Under a provision of the Online Security Bill, service providers are not allowed to provide encrypted information so that it is impossible for [UK telecommunications regulator] Ofcom to understand it, or produces a document which is encrypted so that it is not possible for Ofcom to understand the information it contains, and where the intention is to prevent the UK oversight agency to understand this information. A impact assessment written by the UK Department for Digital, Culture, Media and Sport explicitly states that E2EE falls within the scope of the legislation. A section of the assessment indicates: The government favors strong encryption to protect user privacy, however, there are concerns that a shift to end-to-end encrypted systems, when public security concerns are not taken into account, will erode a a number of existing online security methodologies. This could have significant implications for the ability of tech companies to combat grooming, CSA material sharing, and other harmful or illegal behavior on their platforms. Companies will need to regularly assess the risk of harm to their services, including end-to-end encryption risks. They should also assess the risks before any major design changes, such as moving to end-to-end encryption. Service providers should then take reasonably practicable steps to mitigate the risks they identify. The bill does not provide a specific way for E2EE service providers to comply. Instead, it is funding five organizations to develop innovative ways to detect and process sexually explicit images or videos of children in end-to-end encrypted environments, while ensuring user privacy is respected. .

