Government Abandons Plan To Scan Encrypted Messages

The UK Government denied it has carried out a u-turn after it dropped its controversial plan to scan encrypted messaging services for harmful content as part of the Online Safety Bill.

The Financial Times first reported that the UK had pulled back from a clash with big tech over private messaging, after ministers said they would would not immediately enforce online safety bill powers to scan apps.

It comes after multiple warnings and opposition from the tech industry. In March WhatsApp and fellow messaging firm Signal said they would rather pull out of the UK than comply with the bill’s requirements.

Tech opposition

A month later in April WhatsApp and six other providers of end-to-end encrypted messaging services urged the UK government to “urgently rethink” the Online Safety Bill.

They said it presented an “unprecedented threat to the privacy, safety and security” of UK citizens and those they communicate with around the world.

In June Apple called for the Online Safety Bill to be amended in order to protect encryption.

Now the FT reported that the UK government has conceded it will not use its controversial powers in the online safety bill to scan messaging apps for harmful content, until it is “technically feasible” to do so.

The FT reported that in a statement to the House of Lords on Wednesday afternoon, junior arts and heritage minister Lord Stephen Parkinson said that Ofcom, the tech regulator, would only require companies to scan their networks when a technology was developed that was capable of doing so.

The FT reported that many security experts believe it could be years before any such technology is developed, if ever.

“A notice can only be issued where technically feasible and where technology has been accredited as meeting minimum standards of accuracy in detecting only child sexual abuse and exploitation content,” he reportedly said.

Tech relief

The u-turn has been welcomed with relief by the tech industry and privacy campaigners.

Meredith Whittaker, the president of the Signal Foundation, tweeted that the government’s move as “a victory, not a defeat” for the tech companies, and she was grateful to the UK government for making its position clear.

I would call this a victory, not a defeat. And am grateful to the UK government for making their stand clear. This is a really important moment, even if it’s not the final win.https://t.co/tq1Oflu7Qq

— Meredith Whittaker (@mer__edith) September 6, 2023

Will Cathcart, head of WhatsApp, also tweeted about the development.

WhatsApp it should be remembered had switched on its end-to-end encryption back in 2016 and Cathcart had previously made clear it would not be removed to suit the UK legislation.

“The fact remains that scanning everyone’s messages would destroy privacy as we know it,” he tweeted this week. “That was as true last year as it is today. @WhatsApp will never break our encryption and remains vigilant against threats to do so.”

The fact remains that scanning everyone’s messages would destroy privacy as we know it. That was as true last year as it is today. @WhatsApp will never break our encryption and remains vigilant against threats to do so. https://t.co/iHsBOhkp8r

— Will Cathcart (@wcathcart) September 6, 2023

“Over the moon to learn that the UK govt has backtracked on its spy clause in the Online Safety Bill – which would have undermined the privacy of millions,” tweeted Pat de Brún, head of big tech accountability and deputy director at Amnesty International

No u-turn

The government however has denied it has committed a climbdown over the matter, saying on Wednesday that its position on the issue “has not changed”.

“As has always been the case, as a last resort, on a case-by-case basis and only when stringent privacy safeguards have been met, [the legislation] will enable Ofcom to direct companies to either use, or make best efforts to develop or source, technology to identify and remove illegal child sexual abuse content – which we know can be developed,” the government was quoted by the FT as saying.

The online safety bill, which has been in development for a number of years and is now in its final stages in parliament, is one of the toughest attempts by any government to make Big Tech companies responsible for content shared on their platforms.

Under the bill, Ofcom could require a tech platform to apply content moderation policies that would be impossible to comply with, without removing end-to-end encryption.

If the company refused to do, it could face fines of up to 4 percent of its parent company revenue – unless it pulled out of the UK market entirely.

Unworkable proposals

The government u-turn was welcomed by Paul Holland CEO at communication protection specialist Beyond Encryption.

“It was abundantly clear to all those with knowledge of encryption that the Government’s proposals were unworkable and the Online Safety Bill put them on a collision course with encrypted messaging services,” said Holland.

“As the Government admits there simply is no technology currently that wouldn’t fundamentally break the encrypted nature of these messages and such a conclusion was inevitable,” said Holland.

“Hopefully this can signal a new era of cooperation between Government and Big Tech,” Holland concluded. “The goal of the Online Safety Bill is a noble one. It’s crucial that the online world is shaped into a safer place, but a top down and stringent approach to implementing regulation will not deliver the change we all require.”