Online Safety Bill: Messaging apps 'forced to scan messages' for child abuse content in fresh amendment
Apps utilising end-to-end encryption would require backdoors or new mechanisms to allow user data to be scanned and passed on to authorities
A new amendment tabled for the upcoming Online Safety Bill would compel companies to identify child sexual exploitation and abuse (CSEA) content and take it down.
Previous versions of the bill have only compelled companies to use “accredited technology” to detect CSEA and terrorism content, but the July 6 amendment goes further in stating that companies should further seek to use “best endeavours to develop or source technology” to detect and remove CSEA content.
It is unclear whether the government has undertaken research into what form this technology could take, or whether the expectation is companies will fall back on “accredited technology” such as encryption backdoors.
The clarification within the bill that the requirement applies to messages “communicated publicly or privately” seeks to extend oversight to messages currently protected by end-to-end encryption messaging, in which messages are encrypted before being transmitted and thus are accessible only by the sender and recipient.
Under powers already established in earlier drafts of the bill, Ofcom would have the power to fine non-compliant companies up to £18 million or 10% of their worldwide revenue in the most recent complete accounting period.
The government argues that giving security and law enforcement services unfettered access to encrypted messages will improve safety at home and abroad, but critics have argued that once ways around message encryption are established, no messages can properly be considered private.
Companies such as Meta have committed to not only keeping WhatsApp direct messages encrypted but to eventually roll out end-to-end encryption to Messenger and Instagram, a move which has increasingly put them at odds with government ideology.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
The last few cabinets have been particularly vocal in their opposition to encryption. Last year, Home Secretary Priti Patel responded to Meta’s commitment to providing end-to-end encryption across its messaging platforms in harsh terms, stating:
"The offending will continue, the images of children being abused will proliferate - but the company intends to blind itself to this problem through end-to-end encryption which prevents all access to messaging content.”
The bill was first published as a draft in May 2021, and since then has been subject to much criticism for providing the government with what is seen as overreaching powers over privacy. The digital rights and freedoms organisation The Open Rights Group has been a particularly vociferous critic of the bill, which is described on its website as “an Orwellian censorship machine.”
Securing endpoints amid new threats
Ensuring employees have the flexibility and security to work remotely
“Dropping powers to ban encryption would be a major step forward if confirmed in the Bill. Ukrainians and Russian dissidents today are relying on encryption to protect themselves from real-world harm.
“We have repeatedly warned the Government that attacks on encryption would only help blackmailers, scammers and other criminals,” stated the Executive Director of the Open Rights Group, Jim Killock, in a blog post.
WhatsApp was first released in 2009, but it wasn’t until two years after Facebook’s (now Meta) 2014 acquisition of the company that end-to-end encryption was fully implemented across the app. The WhatsApp product page on security currently promises “only you and the person you're communicating with can read or listen to what is sent, and nobody in between, not even WhatsApp.”
IT Pro has approached Meta for comment on the bill.
Rory Bathgate is Features and Multimedia Editor at ITPro, overseeing all in-depth content and case studies. He can also be found co-hosting the ITPro Podcast with Jane McCallion, swapping a keyboard for a microphone to discuss the latest learnings with thought leaders from across the tech sector.
In his free time, Rory enjoys photography, video editing, and good science fiction. After graduating from the University of Kent with a BA in English and American Literature, Rory undertook an MA in Eighteenth-Century Studies at King’s College London. He joined ITPro in 2022 as a graduate, following four years in student journalism. You can contact Rory at rory.bathgate@futurenet.com or on LinkedIn.