UK government shifts stance on encryption in Online Safety Bill
In a recent statement, the government indicated that Ofcom’s powers to mandate content scanning would only be exercised if ‘appropriate technology’ exists, potentially providing a way out of the encryption debate.
The UK government has made a subtle shift in its approach to the controversial encryption provisions of the Online Safety Bill. A recent statement stated that Ofcom cannot mandate content scanning unless ‘appropriate technology’ exists, providing a potential escape from the encryption debate.
This development comes after strong opposition from security experts, privacy advocates, and tech giants like Apple and WhatsApp, who argued that the bill’s broad surveillance powers would jeopardise user privacy and security.
The bill aimed to address various online safety issues, including child sexual abuse material (CSAM), and encouraged the development of CSAM-scanning tools that could be applied to end-to-end encrypted (E2EE) messaging platforms without compromising user privacy, a move criticised by experts and companies like Signal.
The compromise reached by the government now appears to be a nuanced one. However, privacy campaigners remain concerned, as the bill still grants Ofcom powers to order scanning on E2EE platforms if a feasible technical workaround is claimed.
The tech industry somewhat welcomed the government’s statement, with Signal’s president viewing it as a ‘victory, not defeat.’ The Open Rights Group expressed cautious optimism but advocated completely removing the encryption-threatening provisions. WhatsApp reiterated its commitment to not breaking encryption and emphasised that scanning everyone’s messages would compromise privacy.
On the other hand, the government maintained that its position had not changed and that the bill aimed to tackle child sexual abuse online with stringent privacy safeguards. It highlighted constructive engagement with technology companies and ongoing efforts to combat online child exploitation.
Why does it matter?
As mentioned above, the Online Safety Bill’s requirements for content scanning in encrypted messaging apps, while aimed at combating CSMA, create significant concerns about user privacy and the integrity of end-to-end encryption. This could potentially damage the trust in digital technologies while also opening doors for misuse and government surveillance, posing a complex challenge to the balance between online safety and individual privacy.