WhatsApp would not remove end-to-end encryption under UK law, says | WhatsApp

WhatsApp refuses to comply with requirements in an online security bill that sought to ban end-to-end encryption, the chat app’s boss has said, casting doubt on the service’s future in the UK.

Will Cathcart, the head of Meta WhatsApp, on a visit to the UK where he is meeting with lawmakers to discuss the government’s flagship internet regulation, called the bill the most impactful piece of legislation currently being debated in the Western world.

He said: “It is a remarkable thing to think about. It cannot be changed in a single part of the world. Some countries have decided to ban it: this is the reality of transporting a safe product. We were recently blocked in Iran, for example. But we have never seen a liberal democracy like this.

“The reality is that users around the world want security,” Cathcart said. “Ninety-eight percent of our users are outside the UK. They don’t want us to compromise the security of the product, and obviously, it would be a strange decision to decide to compromise the security of the product in a way that affects 98% of users.”

“End-to-end” encryption is used in messaging services to prevent decryption by anyone other than the recipients of the communication. WhatsApp cannot read messages sent through its own service, so it cannot respond to requests from law enforcement agencies to hand over messages or to actively monitor communications for child protection or counter-terrorism purposes.

Thanks to a 2016 investigative warrant, the UK government already has the right to demand that encryption be removed, but WhatsApp has never received a legal demand to do so, Cathcart said. The Online Safety Bill is a worrying extension of this power due to a legislative ‘grey area’.

Under the bill, the government or Ofcom could require WhatsApp to implement content moderation policies that would be impossible to comply with without removing end-to-end encryption. If the company, or its parent company, refuses to do so, it could face fines of up to 4 per cent of Meta’s annual turnover – unless it pulls out of the UK market entirely.

Similar legislation in other jurisdictions, such as the EU’s Digital Markets Act, specifically protects end-to-end encryption for messaging services, Cathcart said, and he called for similar text to be inserted into the UK bill before it passes. “You can make it clear that privacy and security should be considered in the framework. One could specifically say that end-to-end encryption should not be taken away. There could be more procedural safeguards so that this does not just happen as an independent decision.”

While WhatsApp is best known as a messaging app, the company also offers social networking-like functionality through its “communities” offering, which allows group chats of more than 1,000 users to be grouped together to mimic services like Slack and Discord. These are also end-to-end encrypted, but Cathcart argued that there is little chance of a large community causing trouble. “When you get into a group that big, it’s very easy for one person to report it, to the point that if something really serious is going on, it’s very easy for one person to report it, or it’s easy for someone to investigate. to have access to it.”

The company officially requires UK users to be over 16, but Cathcart advised against parents with children who have accounts on the service, saying “it is important that parents make informed decisions”.

The online security bill is expected to return to parliament this summer. If passed, it will give Ofcom significant new powers as internet regulator and allow it to impose effective content moderation with significant fines.