The UK government’s plans to weaken encryption can “easily be exploited” by hackers and officials, experts have warned. The proposals are part of the controversial Online Safety Bill, which is currently working its way through parliament. Ministers say the legislation would make Britain “the safest place in the world to be online,” but campaigners fear it will erode free speech and privacy. Their prime concern involves the threat to end-to-end encrypted (E2EE) messenger apps. Under the mooted measures, telecoms regulators could force platforms to scan through private messages for illegal content. A new clause in the legislation requires services to use “accredited technology” to stop people from encountering terrorist or child sexual abuse material. This amendment may compel apps to use government-approved tools to monitor users.

“No communications in the UK — whether between MPs, between whistleblowers and journalists, or between a victim and a victims support charity — would be secure or private,”. “In an era where Russia and China continue to work to undermine UK cybersecurity, we believe this could pose a critical threat to UK national security.”

Some technologists have called for an alternative safety measure in the bill, which is currently progressing through parliament. Andersen Cheng, CEO of cyber security firm Post-Quantum, advocates for an encryption “side door.” Cheng told TNW that this view stems, in part, from running his own encrypted messaging service — which showed up on a list of tools recommended by Islamic State.

“I believe government-sanctioned backdoors in encryption aren’t the answer — a backdoor for one is a backdoor for all, and anyone can walk through it, whether that’s the intended government agency, a hacker, or a malicious nation,” he said. “In my view, we need a pre-agreed ‘side door’ that allows you to split control and responsibility, and one you can only access if multiple parties like governments, private companies, privacy groups, and preferably courts each provide their section of the key.” Cheng argues this can be achieved through “threshold cryptography,” which effectively chops the data into multiple frameworks. As a result, the message is only accessible when the majority of parties agree to provide their portion of the key. Such agreements, however, may prove elusive. In the current battle over encryption, neither government nor big tech are likely to budge — and the public’s privacy is caught in the middle.