If the technology to scan messages for CSAM cannot be developed, the only way for companies to comply with the law would be to break their encryption, something platforms like WhatsApp and Signal have refused to do . In February, Signal threatened to leave the UK if the new law forced it to weaken its encryption. “We would absolutely 100% walk the talk rather than undermine the trust that people have in us to provide a truly private means of communication,” Signal president Meredith Whittaker told the BBC.
Cathcart says WhatsApp will not bend to any efforts to undermine the company’s encryption. “We were recently stuck in Iran,” he said. “We’ve never seen a liberal democracy do this, and I hope it doesn’t come to that.” But the reality is that our users around the world want security.
The bill does not explicitly call for weakening encryption, but Cathcart and others who oppose it say it creates legal gray areas and could ultimately be used to undermine privacy.
“This is a first step,” says Jan Jonsson, CEO of Swedish VPN company Mullvad, which sees the UK as one of its biggest markets. “And I think the general idea is to tackle encryption for the long term.”
“No one is defending CSAM,” says Barbora Bukovská, senior director of law and policy at Article 19, a digital rights group. “But the bill has the potential to violate privacy and legislate wild surveillance of private communications. How can this be conducive to democracy?
The UK Home Office, the government department overseeing the development of the bill, did not provide a relevant response to a request for comment.
Children’s charities in the UK say it is misleading to portray the debate around the bill’s CSAM provisions as a black and white choice between privacy and security. The technical challenges posed by the bill are not insurmountable, they say, and forcing the world’s largest technology companies to invest in solutions increases the chances of solving the problems.
“Experts have demonstrated that it is possible to combat child pornography and bullying in end-to-end encrypted environments,” says Richard Collard, deputy head of child online safety policy at the charity. British Children’s NSPCC, referring to a paper published in July by two, for example, the senior technical directors of GCHQ, the UK’s cyber intelligence agency.