The government has denied that it is considering modifying its plans to require messaging applications to access customers’ private communications if requested to do so by the regulatory body Ofcom.
A dispute has arisen between the government of the United Kingdom and various tech companies around a provision in the Online Safety Bill that is related to encrypted messages.
These are messages that are only visible to the sender and the recipient of the message.
According to the bill, internet service providers may be required to view content that raises concerns about possible instances of child abuse.
However, messaging services such as WhatsApp, Signal, and iMessage have stated that they are unable to access or monitor the communications of any user without compromising the already existing privacy protections for all users. These services have threatened to leave the UK rather than undermine the security of their users’ messages.
The discussion has been going strong for a few months now, and for some people it has evolved into a debate about whether or not privacy should be prioritized over the safety of children. The administration maintains that it is not only possible but also desirable to have both.
On Wednesday, the Online Safety Bill was passed through its last stage in the House of Lords before being sent back to the House of Commons for further consideration. The bill is expected to become law in the fall.
The government has denied that there has been any shift in its policy. In a statement delivered in the House of Lords, the Minister for Digital, Culture, Media, and Sport, Lord Parkinson, clarified that if the technology to access messages without breaking their security did not exist, then Ofcom would have the power to ask companies to develop the ability to identify and remove illegal child sexual abuse content from their platforms. Lord Parkinson made this clarification in response to a question from a member of the House of Lords.
In point of fact, the Bill already included language stating that the regulatory agency Ofcom would not compel technology companies to access messages until “feasible technology” had been created that would expressly only target content related to child abuse and would not break encryption.
The development of these tools has been delegated to private technology companies by the government.
According to a spokesperson for the government, “as has always been the case, as a last resort, on a case-by-case basis, and only when stringent privacy safeguards have been met, [the Bill] will enable Ofcom to direct companies to either use, or make best efforts to develop or source, technology to identify and remove illegal child sexual abuse content,” and this is something that “we know can be developed.”
Some information security professionals believe that such technological tools will never be produced, and the companies that produce such technologies have stated that this cannot be done.
On Wednesday, Will Cathcart, the head of WhatsApp, tweeted on X that “the fact remains that scanning everyone’s messages would destroy privacy as we know it.”
Meredith Whittaker, the president of the encrypted messaging service Signal, has stated in the past that believing that we can have privacy “but only for the good guys” was “magical thinking” and that it was impossible.
She expressed to the BBC that the company was pleased with the most recent explanation, describing it as “a good start to incorporating the voices of human rights defenders into the final stages.”
According to Ms. Whittaker, “we hope to see more progress over the next few days, and ideally making stronger commitments in the text of the bill,”
In response to the minister’s clarification that in practical terms this meant that the powers to access private messages would not be deployed, the former head of the National Cyber Security Centre, Professor Ciaran Martin, said the following in response to the minister’s statement: “The government is still technically taking the power but is placing so many conditions on its use it cannot to my mind ever be used.”
However, there were campaign organizations who cautioned nothing had changed. The organization Index on Censorship stated in an interview with the BBC that the Bill “still poses a threat to encryption and as a result puts everyone at risk, from journalists working with whistleblowers to ordinary citizens speaking in private.”
It was noted that “We need to see amendments as soon as possible in order to protect our right to free speech online.”
And Matthew Hodgson, who operates the messaging platform Element, which is based in the United Kingdom, claimed that “all ‘until it’s technically feasible’ means is opening the door to scanning in the future rather than scanning today.”
In his opinion, this was nothing more than “kicking the can down the road.”
The Internet Watch Foundation, an organization that searches for, reports, and removes photographs and videos of child sexual abuse from the internet, expressed the opinion that it was already theoretically viable to scan encrypted chat networks while maintaining users’ anonymity.
It was said in the report that “as far as we can see, the Government’s position on this has not changed.”
“We are aware that the technology to do this already exists, and that it does not invade users’ privacy any more than a virus guard or spam filter would.”
Another point of view is that this is an attempt at a last-minute diplomatic resolution in which neither the tech firms nor the government lose face. According to this point of view, the government is saying that it knew all along that the technology did not exist, which removes immediate pressure from the tech firms to invent it, and the tech firms are claiming that they have won the battle for privacy.
At the moment, the two technological options that are most likely to be successful are either to break the encryption, which would make a backdoor accessible to any malicious actors who discovered it, or to implement software that examines the content that is stored on a device. Client-side scanning is a practice that some have referred to as “the spy in your pocket” due to its pervasiveness.
Due to the many privacy settings, encrypted texting has been labeled as the “front line” of child abuse by organizations that support children, such as the NSPCC.
But advocates for individuals’ rights to privacy maintain that everybody has a right to have their private protected.
