The UK government appears to have back-pedalled on controversial provisions in its proposed Online Safety Bill that critics said posed a serious threat to privacy.
Clauses tabled in the Bill, which has been undergoing scrutiny in the country’s second chamber, would have forced messaging apps to access users’ private messages in order to check for content relating to child abuse or terrorism. But the proposals were strongly criticised.
WhatsApp and Signal
Tech companies and privacy campaigners, along with organisations such as Amnesty International, have spoken out against the threat to encrypted services, and WhatsApp and Signal threatened to pull out of the UK market if the measures passed into law.
On September 6, as the Bill cleared its final reading stage in the House of Lords, junior arts and heritage minister Lord Stephen Parkinson said companies would only be required to scan messages “where technically feasible and where technology has been accredited as meeting minimum standards of accuracy in detecting only child sexual abuse and exploitation content”.
Referring to clauses in the Bill that would require companies to use “accredited technology” to search for and take down offending material, Parkinson said: “If the appropriate technology doesn’t exist which meets those requirements, then Ofcom will not be able to use clause 122 to require its use.”
Ofcom and harmful content
The government is denying its position has changed, telling the BBC: “As has always been the case, as a last resort, on a case-by-case basis and only when stringent privacy safeguards have been met, [the Bill] will enable Ofcom to direct companies to either use, or make best efforts to develop or source, technology to identify and remove illegal child sexual abuse content.”
Some opponents of the Bill, however, are claiming success. “It’s absolutely a victory,” said Meredith Whittaker, president of the Signal Foundation which operates the Signal messaging service. And, she told Wired: “The UK was the first jurisdiction to be pushing this kind of mass surveillance. It stops that momentum. And that’s huge for the world.”
But the move is more widely seen as an attempt to kick the can down the road, with other critics pointing out that provisions to effectively undermine end-to-end encryption remain in the Bill. ‘It would be better if these powers were completely removed from the Bill,” said James baker of the Open Rights Group.
Other observers agree, pointing out that ‘until technically feasible’ leaves the door open for scanning of private messages in future. Encryption experts argue than the principles of end-to-end encryption and scanning messages for harmful content are fundamentally incompatible.
The UK government seems to have put the onus on the tech companies to develop software that will somehow square the circle. Whether they have either the will or the incentive to do so will be interesting to observe.