ProtonBlog(new window)
Stop the Online Safety Bill

The Online Safety Bill looks set to shatter privacy in the UK

Share this page

The UK Parliament is set to finalize a bill this month that threatens privacy and freedom of speech at a fundamental level. We had hoped for last-minute amendments to be tabled protecting encryption and privacy, but based on information coming from Parliament at the time of writing, this now appears to be a lost cause. The Online Safety Bill is intended to protect people from online abuse, but the law as written would instead empower the UK government to break end-to-end encryption(new window) and monitor the most private aspects of your digital life. 

Proton, along with much of the tech industry, has condemned the Online Safety Bill(new window), specifically, the clauses that would undermine end-to-end encryption. But politicians have been unwilling to listen, and there looks to be little hope for crucial changes that could save encryption. 

As it stands, the Online Safety Bill is one of the most concerning pieces of legislation to come out of the West in years. It would open the door to mass surveillance of the type and scale that Edward Snowden exposed in 2013. The British government would essentially be outlawing private conversations of any kind online, which is an affront to human rights and will likely put Britons in more danger, not less. 

The bill is due to have its final review in the House of Lords on September 6. Regrettably, it appears the House of Lords didn’t take this final opportunity to table any amendments that would protect encryption. So it looks highly likely the bill will pass as it stands, along with its threats to break encryption. While the bill still hasn’t been completely finalized by Parliament, assuming it passes into law as drafted, we’re now counting on Ofcom(new window) to work closely with the industry to mitigate some of the worst effects this bill could have on privacy. 

Proton won’t accept the Online Safety Bill

We would be willing to aggressively defend the right to privacy in the courts as we have successfully done in Switzerland(new window). However, we won’t do anything to put the Proton community at risk. As a company that puts privacy and security above all else, we refuse to do anything that undermines our encryption or our users’ rights, and we plan on continuing to serve the Proton community in the UK, regardless of what happens with the bill.  

We haven’t broken encryption for the governments in China or Iran, and we won’t for the UK government. If the UK pursues this point, we’d sooner be barred from operating in the UK than compromise the security and privacy our community relies on.

The Online Safety Bill would destroy online privacy in the UK

The bill contains a clause that indirectly empowers the government to force companies to weaken or bypass their own encryption. We explained how this works in our previous article condemning the Online Safety Bill(new window), and a group of human rights organizations have submitted a cogent appeal to Parliament(new window) clarifying the risks to civil rights. 

End-to-end encryption underpins the secure exchange of information online. We use it at Proton to ensure no one — not us, not government agencies, nor anyone else — can access your emails, calendar events, files, and other personal data. 

We expect attempts to break or undermine end-to-end encryption from repressive governments like Iran or China because the privacy these services provide allows for dissent, freedom of expression, and autonomy — principles that frighten these regimes. The fact that a modern democracy stands on the precipice of passing such a disastrous bill is a grave threat. 

This also sends a chilling message to the global community. Rather than condemning the surveillance that China, Russia, and others have forced on the internet within their borders, the Online Safety Bill would enable the government to implement similar measures. It would be yet another blow against the open, uncensored internet, only this time it would come from a democracy that’s supposed to defend freedom and free speech.

As we have repeatedly explained(new window), whenever governments try to abridge privacy, there is no such thing as partial end-to-end encryption. It either protects everyone who uses a service, or it protects no one.

This bill threatens to force companies to break end-to-end encryption at a time when Britons say they want more privacy, not less. The results would be catastrophic for Britain:

  • No one will be sure if their online conversations are private or if they’re being watched.
  • Hackers will try to exploit new weaknesses in encryption, threatening the security of financial transactions, official proceedings, business negotiations, and more.
  • Companies could flee the UK, destroying the country’s future as a thriving tech hub.
  • Authoritarian governments will try to copy the British playbook, issuing similar laws that further erode the right to privacy and free speech globally.
  • Many services will no longer be available to UK residents because companies will prefer to pull out of the country rather than deliberately put their users’ privacy at risk.

None of this is news to Parliament. The UK government has had plenty of opportunity to listen to concerns from the tech and security industry, but so far it hasn’t. Instead, it’s suggested technological solutions that simply don’t exist. No matter what politicians claim, you can’t simultaneously scan everyone’s messages for illegal content while preserving privacy.

How to save encryption in the UK

We’ve been calling for UK lawmakers to hear the concerns of the technology industry and reject this bill, which directly threatens end-to-end encryption and the right of people in the UK to privacy. However, by not publishing any amendments that remove the obligation to break encryption, the House of Lords has missed an opportunity to save encryption. 

Considering the political pressure, it’s highly likely that the bill will be passed. Should it be passed as expected, we must look to Ofcom to listen to the hundreds of security, privacy, and tech experts that have raised concerns and work closely with the industry on the privacy implications in the implementation of this bill. Ofcom has an opportunity to mitigate the threats to encryption and, most importantly, work with the industry to protect the privacy of UK citizens.

To our community in the UK, it’s time to make your voices heard. This bill threatens your basic rights to privacy and freedom of speech. Don’t let your government take your civil liberties without a fight.

We understand and appreciate the British government’s desire to make the internet a better place for all because this is our mission, too. People may disagree about the exact steps to get there. But privacy and free expression must be part of any world we want to create. End-to-end encryption is a technological guarantor of these rights. 

Proton is ready to work with Ofcom and the UK government to advance online safety while protecting end-to-end encryption for everyone for good.

Protect your privacy with Proton
Create a free account

Share this page

Andy Yen(new window)

Andy is the founder and CEO of Proton. He is a long-time advocate for privacy rights and has spoken at TED, Web Summit, and the United Nations about online privacy issues. Previously, Andy was a research scientist at CERN and has a PhD in particle physics from Harvard University.

Related articles

What was your first pet’s name? In what city were you born?  We’ve all had to answer these questions to reset a long-forgotten password, but consider how that works. Much of this information is easy to find for others (or easily forgotten by you), m
In the early days when Proton started, we often received a question along the lines of “I love the product and what Proton stands for, but how do I know you will still be around to protect my data 10 years from now?”  Ten years and 100 million accou
Credential stuffing is a popular type of cyberattack where attackers take login credentials and use them on thousands of websites, hoping to fraudulently gain access to people’s accounts. It’s an effective attack, but fortunately, one that’s easy to
With Skiff abruptly shutting down operations, many people are on the lookout for alternatives that don’t compromise on privacy — and won’t suddenly disappear. People were attracted to Skiff because it promised privacy, no ads, end-to-end encryption,
Skiff is dead. On Feb. 9, the email company Skiff announced it was being bought by Notion. Many Skiff customers have been shocked by this news, as their inboxes have been sold out from under them. Skiff gave people six months to export their data be
Looking into the Dropbox privacy policy
Dropbox was the first mainstream cloud storage provider, and still the biggest player on the market, with 700 million users in 2022. We took a dive into Dropbox’s privacy policy to see how well the company protects the personal data of those millions