Privacy at stake – how technology can help us overcome encryption conundrum
Living in the UK can sometimes seem like something of a paradox. The cost-of-living crisis means the country is now home to more foodbanks than McDonald’s, while years of cuts have placed severe pressures on the NHS. At the same time, industrial action has brought the many essential services to a standstill.
Yet, we still have the right to complain, protest and question the status quo – and this freedom of speech is one of the fundamental ideologies on which a free society is based.
One of the most powerful tools of self-expression, and a key source of information, is the internet. It has empowered citizens to unite against tyranny, identify abuses of authority and bring those responsible to justice.
The Online Safety Bill, which is currently being debated in Parliament, has the potential to undermine this freedom.
The far-reaching piece of legislation aims to regulate how tech companies deal with users’ content on their platforms. One of the many clauses addresses illegal content and will see all user-to-user services and search services required to take ‘proportionate’ steps to mitigate and effectively manage the risks of harm caused by different categories of illegal content.
Essentially, this could damage end-to-end encryption, which ensures that nobody, including Google or other third parties, can read messages or access data as it travels between devices.
It is easy to understand why opponents of the bill are concerned. In the worst-case scenario, it represents the latest in Orwellian censorship and political repression
If the bill is passed, messaging platforms, such as WhatsApp and others, must access messages and decide whether their users’ speech is legal – or not. According to the international human rights organisation, Article 19, the move is deeply problematic as “only independent judicial authorities should be given the power to make such a determination”.
Article 19 argues that these assessments are complex and context-dependent, and therefore should be made by “trained” individuals. Platforms are not happy either — WhatsApp, Session, Signal, Element, Threema, Viber and Wire have all signed a letter asking the government to “urgently rethink” the proposed law.
WhatsApp has even suggested it would leave the UK if the law is passed in its current form.
Finding the middle ground
It’s worth noting that the legislation does have noble objectives. Protecting children from harm and stopping the spread of sexually explicit material involving minors should be of utmost importance for big tech firms.
As we search for balance, there is a method of accessing encrypted messages in instances where harm is being done that should satisfy law enforcement, privacy advocates and the government alike.
Market-ready solutions can create a pre-agreed side door, which offers messaging platforms the ability to split control and responsibility. The technology, powered by UK-based cybersecurity specialists, Post-Quantum, makes it possible to split an encryption key into fragments, creating what is known as a ‘quorum’.
Through this process, multiple stakeholders – a court, the police or a privacy rights group – can vote on whether the encryption protecting a message should be unlocked. A simple quorum might require 3/5 key fragments before access to the data is granted.
While it’s understandable that some might balk at embracing any solution that might weaken encryption, it’s worth considering this viable democratic method of access. And, for those that argue that this method has been tried before – key escrow in the 1990s – technology has come on a long way since.
With the Online Safety Bill now at the committee stage in the House of Lords, it remains to be seen what the outcome will be.
What’s certain is the need for a system that preserves our privacy while identifying and persecuting those that abuse the anonymity gifted by encrypted messaging apps.