Your Daily Broadsheet

To Members of Parliament: end-to-end encryption keeps us safe

68 million of your constituents are at risk of losing the most important tool to keep them safe and protected from cyber-criminals and hostile governments.

End-to-end encryption means that your constituents' family photographs, messages to friends and family, financial information, and the commercially sensitive data of businesses up and down the country, can all be kept safe from harm's way. It also keeps us safer in a world where connected devices have physical effect: end-to-end encryption secures connected homes, cars and children's toys. The government should not be making those more vulnerable to attack. The draft Online Safety Bill contains clauses that could undermine and in some situations even prohibit the use of end-to-end encryption, meaning UK citizens will be less secure online than citizens of other democracies. British businesses operating online will have less protection for their data flows in London than in the United States or the European Union. Banning end-to-end encryption, or introducing requirements for companies to scan the content of our messages, will remove protections for private citizens and companies' data. We all need that protection, but children and members of at-risk communities need it most of all.

Don't leave them exposed.

With more people than ever before falling prey to criminals online, now is not the time for the UK to undertake a reckless policy experiment that puts its own citizens at greater risk. We, the undersigned, are calling on the Home Office to explain how it plans to protect the British public from criminals online when it is taking away the very tools that keep the public safe. If the draft Online Safety Bill aims to make us safer, end-to-end encryption should not be threatened or undermined by this legislation.

Sincerely,

• ARTICLE 19*
• Association for Proper Internet Governance
• Big Brother Watch*
• Bikal
• Blacknight*
• CCAOI*
• Centre for Democracy and Technology*
• Coalition for a Digital Economy (COADEC)
• Defenddigitalme
• Derechos Digitales*
• Digital Rights Watch*
• eco 203 Association of the Internet Industry*
• English PEN
• Global Partners Digital*
• Internet Governance Project, Georgia Institute of Technology*
• Internet Society*
• Internet Society Ghana Chapter*
• Internet Society Hyderabad Chapter*
• Internet Society UK England Chapter*
• Mega Limited*
• New America's Open Technology Institute*
• Open Rights Group*
• Paradigm Initiative (PIN)*
• Praxonomy*
• Privacy International*
• Prostasia Foundation*
• Riana Pfefferkorn, Research Scholar, Stanford Internet Observatory
• Simply Secure*
• Statewatch
• techUK
• The Tor Project*
• Tresorit*
• Tutao GmbH 203 Tutanota*

*Members of the Global Encryption Coalition

Rhoda Grant is a campaigning MSP with a long and miserable history of calling for bans on sex work and lap dancing. She has now tabled a motion for consideration by the Scottish Parliament expressing concern the UK government's reported failure to implement Part 3 of the Digital Economy Act 2017 seeking to impose age verification for porn but without any consideration for the dangers to porn users of having their personal data hacked or abused.

Grant's motion has received the backing of Labour and SNP MSPs and notes that a coalition of women's organisations, headteachers, children's charities and parliamentarians want the government to enforce Part 3 without further delay. Grant said:

How we keep our children safe online should be an absolute priority, so the failure to implement Part 3 of the Digital Economy Act 2017 is a terrible reflection on the UK government.

Members of the House of Lords are clamouring for more red tape and censorship in the name of protecting children from the dangers of the internet. Of course these people don't seem to give a shit about the safety of adults using the internet.

Maurice Morrow is attempting to revive the failed age verification for porn in his bill, Digital Economy Act 2017 (Commencement of Part 3) Bill [HL]. The original bill failed firstly because it failed to consider data protection for porn user's identity data. The original authors of the bill couldn't even be bothered to consider such security implications as porn users handing over identity data and porn browsing data directly to Russian porn sites, possibly acting as fronts for the Russian government dirty tricks dept.

Perhaps the bill also failed because the likes of GCHQ don't fancy half the porn using population of the UK using VPNs and Tor to work around age verification and ISP porn blocking.

See Morrow's bill progress from bills.parliament.uk and the bill text from bills.parliament.uk . The bill had its first reading on 9th June.

Meanwhile Beeban Kidron has proposed a bill demanding accurate age assurance. Age assurance is generally an attempt to determine age without the nightmare of dangerously handing over full identity identity data. Eg estimating the age of soical media users from the age of their friends.

See Kidron's bill progress from bills.parliament.uk and the bill text is at bill text from bills.parliament.uk . The bill had its first reading on 27th May

The Digital Policy Alliance is a campaign group most notably lobbying parliament in support of the age and identity verification trade.

The group has just published a lobbying paper sent to parliamentarians calling for full identity verification requirements to use any internet service offering open interaction with other users.

The group writes:

Neither banning anonymity nor absolute anonymity are fit for purpose. The risks posed by anonymity, and requirements for verification, are different for different use cases. Different types of online activity require different levels of accountability and/or different attributes to be verified.

Regulation therefore shouldn't impose a one size fits all approach on all businesses. Instead, it should set minimum standards to ensure that platforms can't just wash their hands of the challenges of ensuring accountability or the risks associated with anonymity. If a platform fails to take an effective know your user approach, or ensure that its users can be held accountable for their behaviour or their content, then the platform should be held accountable instead.