- UK to alter Online Safety Bill to appease messaging encryption
- Statement confirming the changes to be made official later today
- Apple, Whatsapp, Signal threatened to pull away from UK market if law was passed
- Investigatory Powers Act 2016 reforms still planned
The United Kingdom government is set to acknowledge that it won’t employ contentious plans within its proposed Online Safety Bill to scan messaging services – such as iMessage and Whatsapp – for harmful content until such actions become “technically feasible.” The wording effectively postpones this surveillance measure for the foreseeable future, reports The Financial Times.
UK government ministers will make the conceding statement to the House of Lords – the UK’s Parliament upper chamber – on Wednesday afternoon as a last-minute effort to appease numerous tech companies who earlier threatened they would cull their messaging platforms from the UK if the government moved forward with its plans to scan messages.
Apple earlier threatened to remove iMessage from the UK over concerns that the new law would effectively break end-to-end encryption, with Apple extremely unlikely to create an encryption-free version of iMessage specifically for use in the country. WhatsApp similarly stated they would refuse to weaken their encryptions. Signal also said in February it would leave the UK market entirely if the law passes.
The statement is expected to specify that Ofcom- the UK’s telecommunications regulator – will mandate companies to perform the required message scanning only once a viable technology for this purpose becomes available. Numerous security experts are of the opinion that the development of such technology may take years, or it might not materialize at all.
A notice can only be issued where technically feasible and where technology has been accredited as meeting minimum standards of accuracy in detecting only child sexual abuse and exploitation content.
Section of the statement obtained by The Financial Times
The controversial Bill’s primary objective is to allow the scanning of messages by law enforcement agencies in the UK to detect illegal child abuse material and broadly defined “inappropriate” content as determined by Ofcom. This legislation represents one of the most significant erosions of privacy and security within messaging platforms to date.
Financial Times reports that officials have privately admitted to tech companies that there is currently no available technology capable of scanning end-to-end encrypted messages without compromising users’ privacy. Nevertheless, the law will still grant Ofcom the authority to compel platforms to create or procure new technology for this purpose, adds the report.
Apple reached a similar conclusion with content scanning after it abandoned its controversial on-device scanning for Child Sexual Abuse Material (CSAM) for photos backed up to iCloud. Apple announced the controversial feature in August of 2021, before ultimately canceling its rollout in December 2022 after severe backlash from privacy advocates.
The proposed scale-back of the law is sure to be a welcome one by privacy advocates, yet the UK government has another Act up its sleeves that similarly threatens privacy. The government has not indicated any plans to curtail its proposed changes to the Investigatory Powers Act, over which Apple submitted a nine-page document threatening to disable iMessage and FaceTime altogether in the UK if proposed changes to the Act are passed.