Proton Mail CEO: An Online Safety Bill that doesn’t protect encryption is a paradox
In 1763, William Pitt the Elder stood in Parliament and outlined why privacy is a vital right afforded to all, saying, “The poorest man may in his cottage bid defiance to all the forces of the Crown. It may be frail—its roof may shake—the wind may blow through it—the storm may enter—the rain may enter—but the King of England cannot enter!”
Roughly 260 years later, that same Parliament will likely approve the Online Safety Bill (OSB) and shatter the rights Pitt so passionately asserted. The Bill, which received its final reading in the Lords this week, gives the government the power to compel companies to monitor anyone’s private conversations, despite universal condemnation.
Criticism has come from all corners. The UN said laws like the OSB would have “a significant chilling effect on free expression and association,” and Meta said it “risks people’s private messages being constantly surveilled and censored.”
This week, to the government’s credit, a spokesperson admitted that if there isn’t technology that allows companies to scan messages without breaking end-to-end encryption, Ofcom won’t be able to require scanning. Another spokesman said Ofcom could only require companies to use “technically feasible” means to scan end-to-end encrypted messages. However, this leaves it up to Ofcom to define “technically feasible” and doesn’t provide any legal safeguards to encryption within the bill itself.
Unfortunately, you can’t scan encrypted messages while preserving encryption. End-to-end encryption either protects everything or it protects nothing. There’s no way for the government to scan an end-to-end encrypted message without breaking it and putting everyone under threat of hacks and surveillance.
Instead of balancing citizens’ right to privacy with tackling online harms, this bill has the power to destroy end-to-end encryption, and the government is asking people to trust that it won’t use it. This is a grave mistake. As long as there aren’t strong legal protections for encryption, it empowers any future government to undermine it.
There are many pragmatic reasons why undermining encryption would be disastrous. First, it ensures no one eavesdrops on your messages or spies on the files you share. Security has taken on a new importance as cyber warfare has become a daily norm (see Russia and Ukraine). Undermining it will only make cyberattacks and data breaches more common. Additionally, numerous studies have shown public opinion is firmly behind improving privacy online.
Finally, there are the dangers to London’s reputation as the tech capital of Europe. Even with the government’s promises about waiting for “technically feasible” solutions, the OSB undermines the legal assurances businesses need. Meta and Apple have already threatened to leave. Why would future start-ups and entrepreneurs choose London over Paris, Munich, or Zurich?
Some say that breaking end-to-end encryption is necessary to combat abusive content, but history is riddled with appeals to security to sweep away people’s rights, going back to Pitt’s time. As he said, “Necessity is the plea for every infringement of human freedom. It is the argument of tyrants.”
That’s why the principle of privacy is vital. The OSB allows the government to access, collect and read anyone’s private conversations anytime they want. No one would tolerate this in the physical world. Yet, the OSB will allow this in the digital realm. Britain rightly condemns Russia, China or Iran when they surveil their populations, but it’s giving itself the power to do the exact same thing.
At Proton, we’ve made enormous efforts to ensure people living under authoritarian governments have access to the privacy and freedoms we enjoy in established liberal democracies. End-to-end encryption makes this possible. It’s distressing that the UK government wants to give up the rights that people in Russia, Iran, and elsewhere so desperately want.
Unfortunately, the opportunity for elected officials to fix the OSB in the legal text has passed, and its implementation now falls to unelected regulators. What’s to say, Ofcom won’t attempt to break end-to-end encryption, just as Parliament empowered it to do? The legality of its actions would then be decided by more unelected officials in the courts. This is a dereliction of duty by Parliament, a failure of the democratic process, and an affront to British citizens’ rights.
The internet of the future should be one that protects privacy. We believe everyone, including your family, your neighbours, your friends, journalists, human rights activists, and MPs themselves, have the right to communicate without being spied upon. However, this future isn’t a given. We must remain vigilant to ensure Ofcom doesn’t fire the loaded pistol Parliament has handed it. The future of the internet — and privacy — depends on it.
Andy Yen is founder and CEO of Proton, the company behind end-to-end encrypted email, cloud storage and VPN services