By Gareth Corfield

Officialdom cannot be trusted to protect privacy online, the boss of messaging app Signal has warned, amid fears that a new bill will hand unprecedented snooping powers to Whitehall.

Meredith Whittaker warned that the Online Safety Bill, which is about to go though its final stage in Parliament, will give TV and tech industry regulators power to read people’s private messages at will.

“It will be a perilous move for the UK”, she said. “We cannot continue to offer a truly private communication service and undermine or adulterate our encryption.”

Whittaker is leading the US-dominated tech industry’s final drive to head off the new rules. Her views are shared by the likes of WhatsApp, which has pledged to leave the UK if the Online Safety Bill becomes law in its current form.

Signal itself is a relatively small player, boasting 125 million downloads compared with WhatsApp’s 2bn+ users.

However, Signal’s encryption technology powers the Meta-owned messaging app, making proposed new laws an equal threat to both.

A global row has engulfed the Government’s flagship Online Safety Bill over what tech bosses say are unprecedented new powers for Ofcom, the TV and radio regulator.

Michelle Donelan, the Technology Secretary wants Ofcom to broaden its powers as the UK’s internet regulator and is poised to hand it sweeping new rights to scrutinise tech companies’ inner workings.

Under these plans, Ofcom will be able to make tech companies install “accredited software” to scan for terrorist and child abuse messages on services such as Signal, WhatsApp and Apple’s iMessage.

The Government says this type of mass-scanning software is safe and will not infringe anyone’s privacy.

Tech advocates such as Whittaker, a one-time senior manager at Google who is now Signal’s president, strongly disagree.

“So there’s some confusion at the heart of this debate,” the American said, “because what we’re hearing from people [who support the new Ofcom powers] is that they agree with our arguments, they understand that there’s no such thing as a safe backdoor and that encryption is a fundamental technology to ensure security and safety of digital infrastructure.”

“But when it comes to brass tacks, to making that set of basic facts clear in the text of the bill, there is some source of hesitation that is unclear to me. I don’t know how to square that circle.”

Current debate over the bill has reached fever pitch as tech advocates, children’s rights activists and even serving Government ministers hurl heated accusations at each other.

Tom Tugendhat, the security minister, claimed in May that Meta boss Mark Zuckerberg cared more for his company’s “vast profits” made from children than for “protecting them from the dangers on [Meta’s] own platform”.

Some on the tech side of the fence have privately described the Online Safety Bill as “dunderheaded” and “incomprehensible”, lashing out at ministers and officials alike.

Tugendhat’s highly personal public outburst prompted the founder of GCHQ’s National Cyber Security Centre, Ciaran Martin, to intervene and call for an end to such “unsubstantiated” accusations.

Tempers have remained frayed, however. Just this week, Whittaker felt driven to ask former minister Damian Collins MP, architect of the Online Safety Bill, if he was accusing her of lying during a televised debate about encrypted messaging.

“What was interesting to me is that he agreed that it’s important not to break encryption,” she said.

“[Collins] even noted that he himself is a Signal user. But when I pushed on the topic of amending the bill, to clarify that we were not going to be breaking encryption… He consistently pushed back and said, ‘No, that’s not possible, just trust us’.”

Whittaker adds: “It would be irresponsible for us just to trust the word of a man in the greenroom of a TV studio when the stakes are so high in the UK and globally”.

At the heart of her objection to the new Ofcom powers in the bill is the ability for government officials to read users’ encrypted messages.

Tech companies say their end-to-end encryption technology cannot have a backdoor inserted for government access because that would let hostile foreign states such as Russia and China hack in too.

With the innermost workings of the British government taking place over WhatsApp, as revealed in The Telegraph’s Lockdown Files investigation, critics are quick to point out the risks of allowing Vladimir Putin to read Whitehall conversations in real time.

Yet ministers are indifferent to this danger, Whittaker argued.

“Encryption either works or it’s broken,” she said. “If the UK police can get in, hackers can get in, hostile states can get in.”

On the other hand, the Government, public sector bodies and charities say encryption technology is also used by terrorists and child abusers to hide from law enforcement.

Officials are keen to crack down on online criminality – and ministers want to deliver on their manifesto pledge to make Britain “the safest place in the world to be online”.

Last year, child protection charity the Internet Watch Foundation received 375,230 reports of child abuse content, a 4pc increase on 2021. Of those reported pieces of content, more than a quarter of a million contained or were advertising illegal imagery.

Rob Jones, a senior director at the National Crime Agency, said in April that “the continuing rollout of privacy-enhancing technologies like end-to-end encryption means the light that has been shone on child abuse on the internet will be switched off”.

“That insight, day on day, results in children being rescued and people who are involved in child abuse being arrested,” he added.

A Government spokesman said: “We are unambiguously pro-innovation and pro-privacy, however we have made clear that companies should only implement end-to-end encryption if they can simultaneously prevent abhorrent child sexual abuse on their platforms.

The spokesman insisted that the Online Safety Bill will not “give Ofcom or the government any powers to monitor users’ private messages”, adding: “As a last resort, and only when stringent privacy safeguards have been met, the Online Safety Bill will enable Ofcom to direct companies to either use, or make best efforts to develop or source, technology to identify and remove illegal child sexual abuse content.”

Tech companies have responded to the Online Safety Bill’s encryption proposals by threatening to withdraw their services from Britain – or accept being banned.

Last week Apple urged the Government “to amend the [Online Safety Bill] to protect strong end-to-end encryption for the benefit of all.”

The head of WhatsApp, Will Cathcart, told The Telegraph in December that the ubiquitous messaging app would sooner leave the UK than comply with the proposed new laws.

Signal will set up proxy servers, similar to how it evades official bans in Iran and China, to let British users carry on using the app after the Online Safety Bill becomes law, Whittaker says.

“We will never leave the UK willingly,” she said.

“Everyone in the world, including people in Iran, people in China, people in North Korea, and people in the UK, deserve the human rights to privacy and free expression and deserve to be safe when they use online services,” she concludes.

Hearing Britain mentioned in the same breath as authoritarian states with a track record of executing dissidents is jarring, and possibly overblown.

Yet in the debate between privacy and security, Signal and the other messaging apps say there’s no middle-ground compromise to be found.