zgphotography - stock.adobe.com

Parliament passes sweeping Online Safety Bill but tech companies still concerned over encryption

Ofcom will consult on standards to enforce new powers, but tech companies remain concerned about the impact of the bill’s ‘spy clause’, which could require them to scan encrypted messages

The Online Safety Bill is set to become law after peers passed the controversial legislation that places new duties on social media and technology companies to protect children and other users from harmful and illegal content.

The bill, which the government says will make the UK the safest place online, places obligations on technology companies, backed by the threat of fines and criminal sanctions, to remove illegal content from their platforms or to prevent it from being posted.

Its most controversial provision gives the communications regulator, Ofcom, powers to require technology companies to use “accredited technology” to scan the contents of encrypted email or messaging services for illegal child abuse content – a move critics say cannot be achieved without fundamentally weakening encryption.

Zero tolerance to internet ‘wild west’

Technology secretary Michelle Donelan, comparing the internet to the “wild west”, said the bill would protect children from illegal, harmful and age-inappropriate material that could put their lives and mental health at risk.

“The bill has a zero-tolerance approach to protecting children, meaning social media platforms will be legally responsible for the content they host and keeping children and young people safe online,” she said.

The bill will place obligations on digital platforms to prevent children from viewing posts promoting self-harm and to enforce age limits and age verification.

Technology companies will also be required to block fraudulent advertisements and scams, posts that promote animal cruelty and torture, and provide users with options to block harmful content such as bullying.

The government said technology firms would also be required to remove video footage that shows people crossing the English Channel in small boats in “a positive light” or other material that could encourage illegal migration.

There are also provisions in the bill to make it easier to convict people who share intimate images or artificially created deep fake images or videos without consent.

Ofcom will have powers to fine non-compliant companies up to £18m, or 10% of their annual turnover, whichever is the greatest, which means fines for the biggest platforms could run into billions.

Encryption controversy

As the bill passed through the Lords yesterday, home secretary Suella Braverman launched a campaign to put pressure on social media company Meta to halt its plans to offer encrypted messaging services on Instagram and Facebook.

Messaging companies, including WhatsApp, Signal and encrypted email service provider Proton, have warned that powers in the bill could require them to scan encrypted messages, which could have detrimental impact for security and privacy.

Meredith Whittaker, president of Signal, wrote on X, formerly Twitter, that the company would never undermine encryption and the privacy promises it makes to users.

“Our position remains firm: we will continue to do whatever we can to ensure people in the UK can use Signal. But if the choice came down to being forced to build a backdoor, or leaving [the UK], we’d leave,” she wrote.

Civil society group Index on Censorship said it relied on encryption to protect the safety of people it assists in dictatorships around the world.

“The Home Office’s long-standing war on encryption is misguided and opens us up to new threats. Encryption keeps our private messages safe. It means journalists can communicate with whistleblowers, that MPs can message constituents (and each other),” an Index on Censorship spokesperson said.

James Baker, campaigns manager at the Open Rights Group, said the bill’s powers to require companies to introduce technology to scan encrypted messages could harm journalists and whistleblowers, as well as domestic violence survivors, parents and children who want to keep their communications secure from online predators and stalkers.

“No one disputes that tech companies could do more to keep children safe online, but the Online Safety Bill is an overblown legislative mess that could seriously harm our security by removing privacy from internet users. The bill will also undermine the freedom of expression of many people in the UK,” he said.

Wikipedia questions future in UK

The non-profit Wikimedia Foundation, which hosts the online encyclopaedia Wikipedia, warned that the bill could threaten its ability to operate in the UK.

The company said in a statement that the bill’s requirements invalidate Wikipedia’s volunteer-led model for creating and moderating content.

Rebecca McKinnon, vice-president of global advocacy at the foundation, suggested Wikipedia might not survive in the UK in its current form.

“It is simply inconceivable to imagine the UK without access to Wikipedia, the world’s largest online knowledge repository. The Online Safety Bill’s passage may be the end of a chapter, but we are determined that it will not be the end of our story in the UK,” she said.

Major milestone

Ofcom’s chief executive, Melanie Dawes, described the bill’s passage as a “major milestone”.

The regulator said it would start consulting on the introduction of standards that tech companies will be required to meet once the bill receives Royal Assent.

The regulator said it would take a phased approach to bringing the bill into force, starting with standards for tech companies to tackle illegal online harms, including child abuse, fraud and terrorism.

The government has provided Ofcom with pre-legislative funding, which has allowed it to hire more than 300 staff from technology companies, other regulators and law enforcement agencies.

Read more about the debate over end-to-end encryption

Read more on Security policy and user awareness

Data Center
Data Management