On April 14, 2022, CDT joined forty-four other technologists, security experts, and NGOs, including members of the Global Encryption Coalition, in signing on to and publishing an open letter highlighting important concerns with the threat that the United Kingdom’s Online Safety Bill poses to end-to-end encryption.
From the letter:
In particular, we wish to bring attention to clause 103(2)(b) of the Online Safety Bill which provides the UK communications regulator, OFCOM, with the powers to order a provider of a user-to-user service, which includes private messaging platforms, “to use accredited technology” to identify child sexual exploitation and abuse (CSEA) content, including on private messaging platforms. However, in doing so, these notices could require that providers of such services introduce scanning capabilities into their platforms to scan all user content. Such scanning cannot be accomplished on end-to-end encrypted services for the simple reason that nobody, including the provider, has access to the content carried on that service except for the sender and the intended recipient(s). As a result, such a requirement could put users at risk by compelling their service providers to compromise or abandon end-to-end encryption.
We agree that more must be done to tackle pernicious CSEA content online. It is important to note that law enforcement agencies in the UK already possess a wide range of powers to seize devices, compel passwords and even covertly monitor and hack accounts to overcome security measures and identify criminals.