zgphotography - stock.adobe.com
Parliament passes sweeping Online Safety Bill but tech companies still concerned over encryption
Ofcom will consult on standards to enforce new powers, but tech companies remain concerned about the impact of the bill’s ‘spy clause’, which could require them to scan encrypted messages
The Online Safety Bill is set to become law after peers passed the controversial legislation that places new duties on social media and technology companies to protect children and other users from harmful and illegal content.
The bill, which the government says will make the UK the safest place online, places obligations on technology companies, backed by the threat of fines and criminal sanctions, to remove illegal content from their platforms or to prevent it from being posted.
Its most controversial provision gives the communications regulator, Ofcom, powers to require technology companies to use “accredited technology” to scan the contents of encrypted email or messaging services for illegal child abuse content – a move critics say cannot be achieved without fundamentally weakening encryption.
Zero tolerance to internet ‘wild west’
Technology secretary Michelle Donelan, comparing the internet to the “wild west”, said the bill would protect children from illegal, harmful and age-inappropriate material that could put their lives and mental health at risk.
“The bill has a zero-tolerance approach to protecting children, meaning social media platforms will be legally responsible for the content they host and keeping children and young people safe online,” she said.
The bill will place obligations on digital platforms to prevent children from viewing posts promoting self-harm and to enforce age limits and age verification.
Technology companies will also be required to block fraudulent advertisements and scams, posts that promote animal cruelty and torture, and provide users with options to block harmful content such as bullying.
The government said technology firms would also be required to remove video footage that shows people crossing the English Channel in small boats in “a positive light” or other material that could encourage illegal migration.
There are also provisions in the bill to make it easier to convict people who share intimate images or artificially created deep fake images or videos without consent.
Ofcom will have powers to fine non-compliant companies up to £18m, or 10% of their annual turnover, whichever is the greatest, which means fines for the biggest platforms could run into billions.
Encryption controversy
As the bill passed through the Lords yesterday, home secretary Suella Braverman launched a campaign to put pressure on social media company Meta to halt its plans to offer encrypted messaging services on Instagram and Facebook.
Messaging companies, including WhatsApp, Signal and encrypted email service provider Proton, have warned that powers in the bill could require them to scan encrypted messages, which could have detrimental impact for security and privacy.
Meredith Whittaker, president of Signal, wrote on X, formerly Twitter, that the company would never undermine encryption and the privacy promises it makes to users.
“Our position remains firm: we will continue to do whatever we can to ensure people in the UK can use Signal. But if the choice came down to being forced to build a backdoor, or leaving [the UK], we’d leave,” she wrote.
Civil society group Index on Censorship said it relied on encryption to protect the safety of people it assists in dictatorships around the world.
“The Home Office’s long-standing war on encryption is misguided and opens us up to new threats. Encryption keeps our private messages safe. It means journalists can communicate with whistleblowers, that MPs can message constituents (and each other),” an Index on Censorship spokesperson said.
James Baker, campaigns manager at the Open Rights Group, said the bill’s powers to require companies to introduce technology to scan encrypted messages could harm journalists and whistleblowers, as well as domestic violence survivors, parents and children who want to keep their communications secure from online predators and stalkers.
“No one disputes that tech companies could do more to keep children safe online, but the Online Safety Bill is an overblown legislative mess that could seriously harm our security by removing privacy from internet users. The bill will also undermine the freedom of expression of many people in the UK,” he said.
Wikipedia questions future in UK
The non-profit Wikimedia Foundation, which hosts the online encyclopaedia Wikipedia, warned that the bill could threaten its ability to operate in the UK.
The company said in a statement that the bill’s requirements invalidate Wikipedia’s volunteer-led model for creating and moderating content.
Rebecca McKinnon, vice-president of global advocacy at the foundation, suggested Wikipedia might not survive in the UK in its current form.
“It is simply inconceivable to imagine the UK without access to Wikipedia, the world’s largest online knowledge repository. The Online Safety Bill’s passage may be the end of a chapter, but we are determined that it will not be the end of our story in the UK,” she said.
Major milestone
Ofcom’s chief executive, Melanie Dawes, described the bill’s passage as a “major milestone”.
The regulator said it would start consulting on the introduction of standards that tech companies will be required to meet once the bill receives Royal Assent.
The regulator said it would take a phased approach to bringing the bill into force, starting with standards for tech companies to tackle illegal online harms, including child abuse, fraud and terrorism.
The government has provided Ofcom with pre-legislative funding, which has allowed it to hire more than 300 staff from technology companies, other regulators and law enforcement agencies.
Read more about the debate over end-to-end encryption
- Technology companies say reassurances by government ministers that they have no intention of weakening end-to-end encrypted communication services do not go far enough.
- BCS, The Chartered Institute for IT, argues the government is seeking a technical fix to terrorism and child abuse without understanding the risks and implications.
- Government boosts protection for encryption in Online Safety Bill but civil society groups remain concerned.
- CEO of encrypted messaging service Element says Online Safety Bill could pose a risk to the encrypted comms systems used by Ukraine.
- Tech companies and NGOs urge rewrite of Online Safety Bill to protect encrypted comms.
- Protecting children by scanning encrypted messages is ‘magical thinking’, says Cambridge professor.
- Proposals for scanning encrypted messages should be cut from Online Safety Bill, say researchers.
- GCHQ experts back scanning of encrypted phone messages to fight child abuse.
- Tech companies face pressure over end-to-end encryption in Online Safety Bill.
- EU plans to police child abuse raise fresh fears over encryption and privacy rights.
- IT professionals wary of government campaign to limit end-to-end encryption.
- John Carr, a child safety campaigner backing a government-funded campaign on the dangers of end-to-end encryption to children, says tech companies have no choice but to act.
- Information commissioner criticises government-backed campaign to delay end-to-end encryption.
- Government puts Facebook under pressure to stop end-to-end encryption over child abuse risk.
- Former UK cyber security chief says UK government must explain how it can access encrypted communications without damaging cyber security and weakening privacy.
- Barnardo’s and other charities begin a government-backed PR campaign to warn of dangers end-to-end encryption poses to child safety. The campaign has been criticised as ‘one-sided’.
- Apple’s plan to automatically scan photos to detect child abuse would unduly risk the privacy and security of law-abiding citizens and could open up the way to surveillance, say cryptographic experts.
- Firms working on UK government’s Safety Tech Challenge suggest scanning content before encryption will help prevent the spread of child sexual abuse material – but privacy concerns remain.
- Private messaging is the front line of abuse, yet E2EE in its current form risks engineering away the ability of firms to detect and disrupt it where it is most prevalent, claims NSPCC.
- Proposals by European Commission to search for illegal material could mean the end of private messaging and emails, says MEP.
Read more on Security policy and user awareness
-
![]()
Crime agency criticises Meta as European police chiefs call for curbs on end-to-end encryption
By: Bill Goodwin
-
![]()
Tech firms cite risk to end-to-end encryption as Online Safety Bill gets royal assent
By: Bill Goodwin
-
![]()
Braverman puts pressure on Meta to pause end-to-end encryption plans
By: Bill Goodwin
-
![]()
UK minister fails to reassure tech companies over encryption risk
By: Bill Goodwin
