The head of WhatsApp has warned UK ministers that moves to undermine encryption in a relaunched online safety bill would threaten the security of the government’s own communications and embolden authoritarian regimes.
In an interview with the Financial Times, Will Cathcart, who runs the Meta-owned messaging app, insisted that alternative techniques were available to protect children using WhatsApp, without having to abandon the underlying security technology that safeguards its more than 2bn users.
The UK’s bill, which the government argues will make the internet safer, has become a focus of global debate over whether companies such as Google, Meta and Twitter should be forced to proactively scan and remove harmful content on their networks.
Tech companies claim it is not technically possible for encrypted messaging apps to scan for material such as child pornography without undermining the security of the entire network, which prevents anyone — including platform operators — from reading users’ messages.
Cathcart said the UK’s ultimate position on the issue would have a global impact. “If the UK decides that it is OK for a government to get rid of encryption, there are governments all around the world that will do exactly the same thing, where liberal democracy is not as strong, where there are different concerns that really implicate deep-seated human rights,” he said, citing Hong Kong as a potential example.
His warnings come after Liz Truss, the UK prime minister, said earlier this month that she would press ahead with the legislation under her new government, with “some tweaks” to refocus the bill on child safety.
Tech companies, as well as some security experts and free-speech campaigners, largely opposed the bill’s previous proposals that apps and online services should block “legal but harmful” content for both adults and children.
Given so much of the public sector is now run digitally, Cathcart said he found it “puzzling that the pressure we’re getting from governments is to weaken security, not to increase it”.
“Governments around the world should be pushing tech companies as hard as possible to up the security of their communications, especially liberal democracies,” said Cathcart. “We’re in an era on the internet where cyber attacks are going way up, especially from hostile nation states. And so the idea that now is a moment to weaken security, I just think it’s very, very wrong,” he added.
So-called “end-to-end” encryption — where messages can only be viewed by the sender and recipient — has become a recurring issue between law enforcement and civil liberties campaigners from Washington and Brussels to New Delhi.
The UK Home Office has taken a strong stand on end-to-end encryption in messaging apps, urging tech companies to give “lawful access” to encrypted communications. Former UK home secretary Priti Patel said this summer it “intentionally blinds companies to abhorrent child sex abuse”, with a “disastrous impact on child safety”.
Tech companies have so far struggled to find a technical compromise between personal privacy and community safety on encrypted apps. Apple last year announced a system that could recognise images of child pornography stored in iCloud Photos but postponed its launch following a backlash from privacy campaigners.
“I’m very worried about people believing we can have our cake and eat it, too,” Cathcart said, comparing Apple’s “client-side scanning” concept to someone saying: “Let’s put a camera in everyone’s living room, but don’t worry there’ll be a magic algorithm that decides whether the camera gets turned on or not.”
“Magic algorithms are not perfect,” he said, suggesting that hackers could exploit the system or other governments could repurpose it.
WhatsApp’s existing safety systems include allowing users to flag abusive messages and tracking patterns of behaviour to identify potential risks, Cathcart said. This has led to hundreds of thousands of reports of child sexual abuse material being sent to organisations such as the US-based National Center for Missing and Exploited Children.
“We don’t have to take the huge hit to people’s safety and fundamental rights to go monitor all their communications,” he said. “We can actually make a lot of progress.”
Since Cathcart took charge of the world’s most popular messaging app in 2019, much of his time has been occupied by debates about safety and how users’ data is protected, including a row over changes to its privacy terms in early 2021.
But the former Facebook and Google product manager is also charged with turning WhatsApp — which Facebook bought for $22bn in 2014 — into a profitable business.
WhatsApp currently generates revenue by pushing business users to advertise on Facebook or Instagram, and from larger corporate accounts who plug deeper into its infrastructure, for instance to manage customer service inquiries.
Cathcart sees further opportunities for monetisation by allowing consumers to make payments to businesses. Today WhatsApp has only enabled payments between individual users in India and Brazil, where such transactions typically have no charge to the user.
“In the future, you might expect to see us add in the ability to pay merchants [or] pay businesses,” he said, allowing WhatsApp to charge a commission.
However, local regulations have slowed WhatsApp’s efforts to offer payment services more widely, he added. The FT reported earlier this year that the messaging app’s payments system in Brazil has also been held back by negotiations over fees and other contract terms with local payments groups.
“There’s a lot of countries in the world where there’s more people using WhatsApp than there are people using a bank account,” Cathcart said. “Our business is growing very, very quickly. I’m pretty optimistic about where it will be in a couple of years.”
Additional reporting by Hannah Murphy in San Francisco
Source: Financial Times