The head of messaging app Signal has warned it will leave the UK if the upcoming online security law weakens end-to-end encryption.
Signal’s president said the organization would “absolutely, 100% walk” if the legislation hurt its crypto service.
Asked by the BBC whether the bill would compromise Signal’s ability to operate in the UK, Meredith Whittaker said: “It could, and we absolutely would walk 100% rather than undermining the trust that people have in us to provide a truly communication private. We have never weakened our privacy promises and never would.”
The bill has been criticized by privacy activists for a provision that allows Ofcom, the communications watchdog, to order a platform to use certain technologies to identify and remove child sexual abuse and exploitation material. It also requires technology companies to use their “best efforts” to deploy new technologies that identify and remove such content.
Privacy advocates warn that the bill could force encrypted messaging services such as Signal, WhatsApp and Apple’s iMessage to monitor users’ messages and create vulnerabilities in their platforms that can be exploited by rogue actors and governments.
Whittaker told the BBC it was “magical thinking” to believe we can have privacy “but only for the good guys”, adding that the bill was an example of such thinking. She said: “Is encryption protecting everyone or is it broken for everyone.”
Signal, which has more than 40 million monthly users, is operated by a US-based non-profit organization and is widely used by activists and journalists, as well as some intelligence services. End-to-end encryption ensures that only the sender and recipient of a message can view its contents.
Whittaker also criticized a system called client-side scanning, where images are scanned before being encrypted. In 2021, Apple was forced to halt its client-side scanning plans, which would have involved the company scanning user photos before they were uploaded to its image-sharing service.
Whittaker said such a system would turn everyone’s phone into a “mass surveillance device that calls tech companies, governments and private entities”. She added that technological “back doors” to encrypted services could be hijacked by “evil state actors” and “create a way for criminals to access these systems”.
Will Cathcart, the head of WhatsApp, told the Financial Times last year that any move by the UK against cryptocurrency would have repercussions around the world.
“If the UK decides it’s OK for a government to get rid of crypto, there are governments around the world who will do exactly the same thing, where liberal democracy isn’t as strong,” he said.
A Home Office spokesman said the online security law, which is expected to become law this year, said the legislation did not prohibit encryption.
“The Online Safety Act does not represent a ban on end-to-end encryption, but it makes clear that technological changes must not be implemented in a way that diminishes public safety – especially the safety of children online. It is not a choice between privacy or child safety – we can and should have both.”