WhatsApp: Rather be blocked in UK than weaken security
WhatsApp says it would rather be blocked in the UK than undermine its encrypted-messaging system, if required to do so under the Online Safety Bill.
Its head, Will Cathcart, said it would refuse to comply if asked to weaken the privacy of encrypted messages.
The app Signal previously said it could stop providing services in the UK if the bill required it to scan messages.
The government said it is possible to have both privacy and child safety.
WhatsApp is the most popular messaging platform in the UK, used by more than seven in 10 adults who are online, according to communication regulator Ofcom.
End-to-end encryption scrambles messages so even the company running the service cannot view the contents.
But critics of the Online Safety Bill say it grants Ofcom the power to require private encrypted-messaging apps and other services to adopt “accredited technology” to identify and remove child-abuse material.
Undermining the privacy of WhatsApp messages in the UK would do so for all users, Mr Cathcart said.
“Our users all around the world want security – 98% of our users are outside the UK, they do not want us to lower the security of the product,” he said. And the app would rather accept being blocked in the UK.
“We’ve recently been blocked in Iran, for example. We’ve never seen a liberal democracy do that,” he added.
Signal president Meredith Whittaker previously told BBC News it “would absolutely, 100% walk” and stop providing services in the UK if required by the bill to weaken the privacy of its encrypted messaging system.
She later tweeted she was “looking forward to working with @wcathcart and others to push back”.
A day later, Mr Cathcart replied: “And very important we work together (and honoured to get to do so) to push back.”
Asked if he would go as far as Signal, Mr Cathcart said: “We won’t lower the security of WhatsApp. We have never done that – and we have accepted being blocked in other parts of the world.” And he feared the UK would set an example other nations might follow.
“When a liberal democracy says, ‘Is it OK to scan everyone’s private communication for illegal content?’ that emboldens countries around the world that have very different definitions of illegal content to propose the same thing,” Mr Cathcart said.
The government, and prominent child-protection charities, have long argued encryption hinders efforts to combat the growing problem of online child abuse.
“It is important that technology companies make every effort to ensure that their platforms do not become a breeding ground for paedophiles,” the Home Office said.
The National Society for the Prevention of Cruelty to Children (NSPCC) says research shows grooming and child-abuse-image crimes recorded in the UK have increased dramatically.
The charity’s Richard Collard said the Online Safety Bill “will rightly make it a legal requirement for platforms to identify and disrupt child sexual abuse taking place on their sites and services and companies could be preparing by developing technological solutions that protect the safety and privacy of all users, not least that of child abuse victims”.
“Experts have demonstrated that it’s possible to tackle child-abuse material and grooming in end-to-end encrypted environments,” he added.
The government said: “The Online Safety Bill does not represent a ban on end-to-end encryption.
“It is not a choice between privacy or child safety – we can and we must have both.”
But critics say the only way to check the contents of encrypted messages for child-sexual-abuse material would be to have services scan them on a device such as a phone before they are encrypted and sent. And this client-side scanning undermines the privacy encryption provides.
Lawyer Graham Smith tweeted: “You could argue that you don’t break a fence by digging round the end of it – literally true but where does it get you if the objecti[ve] is to trespass on private property? And once the hole has been dug, you might as well not have the fence.”
And Mr Cathcart asked: “If companies installed software on to people’s phones and computers to scan the content of their communications against a list of illegal content, what happens when other countries show up and give a different list of illegal content?”
Dr Monica Horten, of digital-rights campaigners the Open Rights Group, said: “With over 40 million users of encrypted chat services in the UK, this turns it into a mass-surveillance tool, with potentially damaging consequences for privacy and free-expression rights.”
The Information Commissioner’s Office, which says it is working closely with Ofcom, told BBC News any interventions that could weaken encryption must be “necessary and proportionate”.
“Where less intrusive measures are available, they should be used,” it said. And it supported “technological solutions that facilitate the detection of illegal content without undermining privacy protections for everyone”.