Security researchers have expressed their criticism of the UK's Online Safety Bill, citing concerns about its potential impact on privacy and security technologies.
In an open letter, a group of researchers and scientists specializing in information security and cryptography highlighted the misconceptions surrounding the bill and its implications for online safety.
Researchers Raise Concerns
The researchers emphasized their role in developing practical technological solutions to ensure online safety, including cryptographic protections for private messages and information security defense mechanisms.
They acknowledged the importance of end-to-end encryption in safeguarding privacy, particularly in response to revelations of extensive digital surveillance by nation-state actors.
However, the researchers expressed alarm regarding the proposal to enable routine monitoring of personal, business, and civil society online communications.
While the motivation behind such monitoring is to prevent the dissemination of child sexual exploitation and abuse (CSEA) content, the researchers stressed the incompatibility of such monitoring with existing online communication protocols that prioritize privacy.
The researchers argued that there is no technological solution that simultaneously maintains confidentiality from third parties and enables access to private messages and images. Granting the state access to encrypted information implies that any actor with access to monitoring facilities would also have the same level of access.
They highlighted the risks of compromising the monitoring infrastructure and the history of failures associated with cryptographic backdoors.
The proposal for client-side scanning, which involves scanning content on devices before encryption, was also criticized. This approach raises technological challenges in accurately detecting targeted content while avoiding false positives.
The researchers pointed out that existing technologies for detecting known images of abuse have shown various issues and may be repurposed for covert surveillance.
AI Models for Scanning Messages
Furthermore, the researchers raised concerns about proposals to deploy AI models for scanning messages for previously unseen prohibited content related to CSEA.
They highlighted the lack of reliable solutions in this area and the potential consequences of false positives, which could result in the sharing of private and sensitive messages with third parties.
The open letter also highlighted the potential ramifications if the Online Safety Bill is passed and international communication providers refuse to comply with compromising the security and privacy of their customers.
"This would leave UK residents in a vulnerable situation, having to adopt compromised and weak solutions for online interactions," the researchers wrote in the letter.
"As independent information security and cryptography researchers, we build technologies that keep people safe online. It is in this capacity that we see the need to stress that the safety provided by these essential technologies is now under threat in the Online Safety Bill."
The researchers hail from various academic institutions, including King's College London, Queen's University Belfast, University of Edinburgh, University of Birmingham, De Montfort University, University of Surrey, University College London, Edinburgh Napier University, University of Bristol, and many more.