WhatsApp would rather quit UK than comply with Online Safety Bill

The head of WhatsApp has said he would rather the messaging app was blocked in the UK than weaken the privacy of its encrypted messages, if required by the UK’s Online Safety Bill.

The comments from Will Cathcart, Meta’s head of WhatsApp were made in a meeting with local politicians and regulators during a visit to London.

WhatsApp competitor Signal offered a similar response to the bill when company President Meredith Whittaker told BBC News that the encrypted messaging app “would absolutely, 100% walk” and stop providing services in the UK if the bill required the company to weaken the privacy of its messaging system.

End-to-end encryption is used in messaging services to keep messages private from everyone but the sender and the recipient, including the messaging service that the content has been sent via.

However, the UK government’s Online Safety Bill contains a clause that mandates tech companies providing end-to-end encrypted messaging to scan for child sex abuse material, which would require them to use client-side scanning and check the contents of messages before they were encrypted.

This would require WhatsApp to remove end-to-end encryption from its product. If the app refused to comply, it would either have to pull out of the UK market or have its parent company Meta face fines of up to 4% of its annual turnover.

“The reality is, our users all around the world want security,” said Cathcart. “Ninety-eight per cent of our users are outside the UK. They do not want us to lower the security of the product, and just as a straightforward matter, it would be an odd choice for us to choose to lower the security of the product in a way that would affect those 98% of users.”

He added that while some countries like Iran have blocked WhatsApp, it’s not something that has ever been done by a liberal democracy.

UK’s encryption policy in contrast to EU laws

The UK government’s stance is in contrast to similar legislation that has been put forward by other governments. The EU’s Digital Markets Act, for example, explicitly defends end-to-end encryption for messaging services.

Since this clause was added to the Online Safety Bill, organizations, cybersecurity experts, and privacy campaigners have been warning that if the bill were to pass in its current form, it would have serious security and privacy implications for UK citizens.

Weakening the privacy of encrypted messaging will not only damage the security but it will also damage people’s trust in messaging platforms, said Jake Moore, global cyber security advisor at ESET.

“If encryption is given a backdoor, large scale cyberattack and nation state opportunities are instantly created and if governments are given access to private messages, threat actors would without doubt also gain access to these messages,” Moore said.

While he acknowledged that the Online Safety Bill in the UK has been designed to help provide more protection for people when using the internet, Moore said that there are ways to provide security and child safety but requesting an entry point to access encrypted messages is effectively a quick way of “breaking the internet.”