The UK Parliament is set to finalize a bill this month that threatens privacy and freedom of speech at a fundamental level. We had hoped for last-minute amendments to be tabled protecting encryption and privacy, but based on information coming from Parliament at the time of writing, this now appears to be a lost cause. The Online Safety Bill is intended to protect people from online abuse, but the law as written would instead empower the UK government to break end-to-end encryption(new window) and monitor the most private aspects of your digital life.
Proton, along with much of the tech industry, has condemned the Online Safety Bill(new window), specifically, the clauses that would undermine end-to-end encryption. But politicians have been unwilling to listen, and there looks to be little hope for crucial changes that could save encryption.
As it stands, the Online Safety Bill is one of the most concerning pieces of legislation to come out of the West in years. It would open the door to mass surveillance of the type and scale that Edward Snowden exposed in 2013. The British government would essentially be outlawing private conversations of any kind online, which is an affront to human rights and will likely put Britons in more danger, not less.
The bill is due to have its final review in the House of Lords on September 6. Regrettably, it appears the House of Lords didn’t take this final opportunity to table any amendments that would protect encryption. So it looks highly likely the bill will pass as it stands, along with its threats to break encryption. While the bill still hasn’t been completely finalized by Parliament, assuming it passes into law as drafted, we’re now counting on Ofcom(new window) to work closely with the industry to mitigate some of the worst effects this bill could have on privacy.
Proton won’t accept the Online Safety Bill
We would be willing to aggressively defend the right to privacy in the courts as we have successfully done in Switzerland(new window). However, we won’t do anything to put the Proton community at risk. As a company that puts privacy and security above all else, we refuse to do anything that undermines our encryption or our users’ rights, and we plan on continuing to serve the Proton community in the UK, regardless of what happens with the bill.
We haven’t broken encryption for the governments in China or Iran, and we won’t for the UK government. If the UK pursues this point, we’d sooner be barred from operating in the UK than compromise the security and privacy our community relies on.
The Online Safety Bill would destroy online privacy in the UK
The bill contains a clause that indirectly empowers the government to force companies to weaken or bypass their own encryption. We explained how this works in our previous article condemning the Online Safety Bill(new window), and a group of human rights organizations have submitted a cogent appeal to Parliament(new window) clarifying the risks to civil rights.
End-to-end encryption underpins the secure exchange of information online. We use it at Proton to ensure no one — not us, not government agencies, nor anyone else — can access your emails, calendar events, files, and other personal data.
We expect attempts to break or undermine end-to-end encryption from repressive governments like Iran or China because the privacy these services provide allows for dissent, freedom of expression, and autonomy — principles that frighten these regimes. The fact that a modern democracy stands on the precipice of passing such a disastrous bill is a grave threat.
This also sends a chilling message to the global community. Rather than condemning the surveillance that China, Russia, and others have forced on the internet within their borders, the Online Safety Bill would enable the government to implement similar measures. It would be yet another blow against the open, uncensored internet, only this time it would come from a democracy that’s supposed to defend freedom and free speech.
As we have repeatedly explained(new window), whenever governments try to abridge privacy, there is no such thing as partial end-to-end encryption. It either protects everyone who uses a service, or it protects no one.
This bill threatens to force companies to break end-to-end encryption at a time when Britons say they want more privacy, not less. The results would be catastrophic for Britain:
- No one will be sure if their online conversations are private or if they’re being watched.
- Hackers will try to exploit new weaknesses in encryption, threatening the security of financial transactions, official proceedings, business negotiations, and more.
- Companies could flee the UK, destroying the country’s future as a thriving tech hub.
- Authoritarian governments will try to copy the British playbook, issuing similar laws that further erode the right to privacy and free speech globally.
- Many services will no longer be available to UK residents because companies will prefer to pull out of the country rather than deliberately put their users’ privacy at risk.
None of this is news to Parliament. The UK government has had plenty of opportunity to listen to concerns from the tech and security industry, but so far it hasn’t. Instead, it’s suggested technological solutions that simply don’t exist. No matter what politicians claim, you can’t simultaneously scan everyone’s messages for illegal content while preserving privacy.
How to save encryption in the UK
We’ve been calling for UK lawmakers to hear the concerns of the technology industry and reject this bill, which directly threatens end-to-end encryption and the right of people in the UK to privacy. However, by not publishing any amendments that remove the obligation to break encryption, the House of Lords has missed an opportunity to save encryption.
Considering the political pressure, it’s highly likely that the bill will be passed. Should it be passed as expected, we must look to Ofcom to listen to the hundreds of security, privacy, and tech experts that have raised concerns and work closely with the industry on the privacy implications in the implementation of this bill. Ofcom has an opportunity to mitigate the threats to encryption and, most importantly, work with the industry to protect the privacy of UK citizens.
To our community in the UK, it’s time to make your voices heard. This bill threatens your basic rights to privacy and freedom of speech. Don’t let your government take your civil liberties without a fight.
We understand and appreciate the British government’s desire to make the internet a better place for all because this is our mission, too. People may disagree about the exact steps to get there. But privacy and free expression must be part of any world we want to create. End-to-end encryption is a technological guarantor of these rights.
Proton is ready to work with Ofcom and the UK government to advance online safety while protecting end-to-end encryption for everyone for good.