“An attack on encryption unprecedented in any democracy” 
The Online Safety Bill returns to the House of Commons for the first time in eight months on 11 September. This is the last chance the Government has to follow up words with actions
08 Sep 23

The Online Safety Bill risks giving the Home Office access to British citizens' private messages. Photo: TheDigitalArtist/Pixabay

Cast your mind back to January 2023, and the “world-leading, world-first Online Safety Bill” (Rishi Sunak responding to Labour’s Alex Davies-Jones) faced a significant backbench rebellion over an executive liability clause.

When the Bill landed in the House of Lords days later, a precarious agreement between Government and rebels had passed on a vast baton of legislative issues. There was a collective sigh of relief that the upper chamber would be taking on the mantle.

The threat to encryption, or private messaging, didn’t even feature as a concern amongst legislators, let alone the government, despite the Bill introducing measures unprecedented in any western democracy.

Flash forward to September, and encryption features as the most important and urgent issue that needs addressing before the Online Safety Act receives imminent Royal Assent.

The efforts of my colleagues at Index on Censorship, partners across civil society, and the businesses that rely on encryption have all been vital in achieving this.

Confidence in the Government’s ability to grasp the full consequences and details of their legislation has waned thin. Index and others have consistently warned that Section 122 of the Act is a gateway to the unprecedented mass-surveillance of British citizens and a threat to vulnerable people up and down the country.

As Index on Censorship’s report with Matthew Ryder KC set out:

  • Section 122 notices install the right to impose technologies that would intercept and scan private communications on a mass scale. The principle that the state can mandate the surveillance of millions of lawful users of private messaging apps should require a higher threshold of justification which has not been established to date.

  • Ofcom could impose surveillance on all private messaging users with a notice, underpinned by significant financial penalties, with less legal protections than equivalent powers under the Invetsigatory Powers Act.

  • The proposed interferences with the rights of UK citizens arising from surveillance under the Bill are unlikely to be in accordance with the law and are open to legal challenge.

  • Journalists will not be properly protected from state surveillance, risking source confidentiality and endangering human rights defenders and vulnerable communities.

From raising awareness of encryption in public debate, demonstrating its real-world effects for policy makers, to highlighting the unintended legal and technological consequences of the Bill, we finally have a Government that is at least not running head first into an attack on encryption that would be unprecedented in any democracy.

But the encryption die remains far from cast. Reports in the FT and elsewhere alluded to a Government ‘u-turn’ ahead of a Ministerial statement on Wednesday (6 September) that delivered nothing of the sort.

While some in the Government are briefing that encryption will be protected, the actions of its ministers do not match up to those words.

A new report by Index on Censorship this week revealed that that Online Safety Bill has alarming consequences when put alongside the controversial Investigatory Powers Act (snooper’s charter). This access, unprecedented in any Western democracy, could provide the Home Office with entry to British citizens’ personal messages as follows:.

  • Ofcom issues notice mandating the use of Accredited Technology to provide a backdoor to encrypted messages under the Online Safety Bill (section 122)

  • The Home Office or security services apply for a bulk surveillance warrant on account of a matter of national security (Investigatory Powers Act) granting them access to bulk data

This is extremely concerning, not least because the window in which the Government can legislate its way out of this mess is rapidly closing. The Online Safety Bill will return to the House of Commons for the first time in eight months on Monday (11 September) for a consideration of Lords’ amendments.

This is the last and only chance the Government has to follow up words with actions. They must go beyond Wednesday’s ministerial statement and allay the concerns once and for all by amending the Bill’s Section 122 notices as well excluding use of the IPA in conjunction with the Bill.

Our report sets out how the government can get this right. We’re running out of time. We hope that the government will see sense and put down amendments to fix the backdoor in the Online Safety Bill.