A comparison with the EU regulation shows striking structural and methodical parallels in addition to time and content. This is no coincidence.
In the UK, the Online Safety Bill has already passed its second reading in the House of Lords. The changes are currently being incorporated by the House of Lords, and some passages that obviously went far beyond have been removed. What has remained, however, is the principle that all communications from all providers will be included, regardless of whether they are in plain text or securely encrypted. It’s the same totalitarian approach as the “chat control” being pushed by EU Commissioner Ylva Johansson.
Coordinated attack on encryption
This British child protection law on the Internet not only coincides with the EU chat control , which started in December. In terms of content and even methods, the parallels can hardly be overlooked, because both legislative proposals are based on a common strategic goal. End-to-end encryption (E2E) of WhatsApp and the other messenger services is to be pushed out of the network by requirements that E2E providers cannot technically meet. At the end of January , the Swedish EU Council Presidency claimed that prosecutors would be “blind and deaf” through E2E encryption.
Encrypted communications are also found in Section 98 of the Online Safety Bill , which lists all types of violations that can be sanctioned. If a provider cannot deliver the communications requested in the search warrant in plain text, this becomes just as punishable as falsifying or subsequently deleting these communications.
Encryption systematically not mentioned
In Great Britain, E2E providers will therefore potentially be subject to criminal penalties simply because of what they offer. The same can be expected in the EU area, because the present draft for a European child protection regulation is based on the same premise, namely that E2E encryption threatens public security. The methods of how encryption is presented in these two bills are basically identical. Encryption is not mentioned as far as is at all possible. In the excerpt above, it is paraphrased as “not readable for OFCOM”, overall the term “encrypted” only appears three times in both the “Online Safety Bill” and in the text of the EU chat control.
The actual key term is deliberately left out, but the requirements for the providers are designed in such a way that they can only be met if the companies have duplicate or master keys for the communications. The following passage shows what consequences an E2E offer can have if the regulatory authority issues a search warrant and the provider can only deliver encrypted data.
In Great Britain, it is not only the companies that are under threat of punishment. From executives all the way down, everyone who is operationally responsible for forums, chats, or even e-mail services has one foot in jail. Originally, even the possible extent of punishment was included in the text, in addition to fines, up to two years imprisonment can also be imposed. Will Cathcart, the CEO of WhatsApp, had already announced several times that he would leave the British market in the event of an adoption in this form.
Almighty authorities, courts not needed
The search warrants to the platform operators do not come from a regular court, but from the British regulatory authority Ofcom. Almost at the request of this authority, WhatsApp and all other providers are obliged to scan the communications of entire segments of their network if there is a complaint. Objections and all other interactions also go through the authority. According to a legal opinion for the civil rights organization Index on Censorship , Ofcom will receive far more surveillance powers from the “Online Safety Bill” than the “Investigatory Powers Act” of 2016 granted to the British secret service GCHQ .
Even in the EU area, no courts will be needed for a search warrant. This emerges from the accompanying documents of the Commission draft on chat control. Reports of the distribution of “child pornography” go directly from the police authorities of the member state to the new “EU Center against Child Abuse” provided for in the framework of the EU regulation. From there, a “detection order” is issued to the operator in question, who then has to compare communications in certain segments of his platform with a central database maintained by the EU Center against Child Abuse.
With an annual expense of more than two billion euros and 100 employees, a completely new authority is being created, which will be based directly at Europol in The Hague. In fact, this is tantamount to an increase in Europol’s powers.
On the occasion of the “Online Safety Bill”, the British authorities updated their joint statement on E2E encryption from 2018 in mid-January. It was signed by the Home and Justice Ministers of Great Britain, the USA, Australia, New Zealand and Canada. These are all five states of the “Five Eyes” spy alliance.
The approach described above was agreed neither by politicians in London nor in Brussels, but at the conferences of the “Five Eyes” and the meetings in the “Club de Berne”, the informal body of European secret services. Encryption is one of the core competencies of these services and therefore they were the first to deal with it, only then were the FBI and Europol sent forward in 2017. The campaign, luridly titled “Police Going Blind,” ran for several months in 2018. Then, in November, two senior GCHQ technical staff published a manifesto on the renowned LawFare blog . The content is the long version of the Five Eyes statement above.
In Australia, the goal was achieved just a few days after this manifesto. In December 2018, the Australian Parliament passed the Assistance and Access Act without debate or amendment . It is purely an enabling law for the “Australian Signals Directorate” secret service and the police authorities to access encrypted communications.
How to proceed now
The British “Online Safety Bill” may come back to the House of Lords for the third and final reading as early as next week, after which the final vote will follow. In the USA, on the other hand, the “Kids Online Safety Act” (KOSA) is expected in the next few days or weeks; the draft for this has been in the US Senate since mid-December. Unsurprisingly, this bill, drafted by Democratic Senator Richard Blumenthal, contains pretty much all of the provisions found in EU Commissioner Ylva Johansson’s chat control, as well as relevant laws in the UK and Australia.
