As the UK government proudly hosts the AI Safety Summit next week, showcasing Britain as one of the leading nations in digital innovation, there is an unintended but contradictory narrative unfolding in the wings.
The Online Safety Act, which received Royal Assent today, stands in stark contrast to the UK’s ambition to be at the forefront of technology. While the summit aims to project the UK as a global player in AI, the Online Safety Act, with its potential to undermine end-to-end encryption, appears anti-business, illiberal and regressive, attracting criticism from both leading tech companies and human rights organisations.
End-to-end encryption ensures that only the sender and the recipient of a message can access its content. Intermediaries, be they messaging platforms, telecom companies or potential eavesdroppers, cannot decrypt these communications. This encryption is crucial for the confidentiality and security of digital conversations whether they be personal chats, support for dissidents living under authoritarian regimes, business communications or financial transactions.
However, the Online Safety Act, while well-intentioned, creates an unintended consequence which threatens the encrypted services that users, and innovation, rely on. Demanding tech companies create “backdoors” for accessing encrypted messages, may open the door to regulatory oversight, but it also makes it easier for malicious actors and repressive regimes to access messages.
It can be likened to providing keys to both the police and potential burglars. And here lies a serious unintended consequence of the Act: in striving for online safety, it might inadvertently make online users more vulnerable.
For businesses, the ramifications are profound. Firstly, consider our burgeoning cybersecurity industry. The UK cybersecurity sector is thriving, contributing over $10.5 billion to our economy and providing tens of thousands of jobs. Undermining encryption not only threatens the integrity of this industry but also jeopardises the trust of its global clientele. If our cybersecurity standards are compromised, why would international clients entrust companies in the UK with their digital safety? Leading private messaging services, Whatsapp and Signal have threatened to pull out of the UK market should the Online Safety Act’s encryption-breaking powers be used, undermining attempts to promote the UK as a hub for digital enterprise.
Then, there’s the broader business landscape to consider. In an era where digital transactions are the norm, encryption acts as the bedrock of trust. Financial transactions, contact with those living under repressive regimes and proprietary business communications all rely on encryption for security. Weakening this protection will deter businesses and human rights organisations from operating in the UK or using UK-based digital platforms, fearing exposure to cyber threats.
Not least, the undermining of encryption sends a message to the rest of the world that the UK is willing to compromise on digital privacy and security for government access. In an age where data is a valuable resource, such a message could deter tech innovators and other businesses from investing or basing their global HQ in the UK.
A nation that projects itself as a tech leader at the AI Safety Summit should avoid simultaneously casting a shadow of doubt over its commitment to digital trust and security.
Previously, I’ve raised concerns over making apps vulnerable to attacks by “bad actors”, since when encryption is compromised, it’s not just the good guys who gain access; it’s also those with criminal intentions. The average economic cost of a data breach for UK companies stands at £3.2m. Nearly a third of UK companies polled in 2023 reported a data breach in the last 12 months. Given this, combined with the potential loss of intellectual property and diminished consumer trust from undermining encryption, the overall economic impact could be staggering
While most people would agree with the aims of the Online Safety Act in seeking to protect users, especially the vulnerable, from online harms, it’s crucial to ensure that in doing so, we don’t inadvertently expose other users to greater risks.
While the UK government rightly pursues an ambition to be a global tech leader, it should be wary of legislation that could undermine digital trust. It is essential to strike an appropriate balance between online safety and digital security. The two need not be mutually exclusive.
While we look forward to next week’s AI safety summit, we should also reflect on Global Encryption Day, which took place this week by championing strong encryption. For the UK to truly position itself as a global leader in technology and innovation, I hope the government will strongly defend digital privacy and security and introduce safeguards and reassurances for encryption through OFCOM’s upcoming code of conduct. The business community, and indeed our society at large, deserves nothing less.