The UK government has admitted it won’t use controversial powers under the Online Safety Bill to scan messaging apps to check for harmful content, until it’s “technically possible” to do so. This will delay measures critics claim threaten users privacy.
Lord Stephen Parkinson, a junior arts and heritage Minister, made a statement in the House of Lords Wednesday afternoon to try to resolve a standoff between tech firms including WhatsApp that had threatened to withdraw their services from the UK due to what they claimed were an intolerable risk to millions of users’ privacy and security.
Parkinson stated that Ofcom would require companies to scan networks only when technology capable of scanning them is developed. Security experts say it may be many years, if not decades, before such a technology is developed.
He said that a notice could only be given if it was technically possible and the technology used met minimum accuracy standards for detecting child sexual abuse.
The Online Safety Bill, which has been developed for several years, and is now in the final stages of its development in Parliament, is one the most aggressive attempts by any Government to hold Big Tech companies accountable for the content shared on their networks.
Social media platforms have protested against the provisions of the bill which would force them to allow the UK regulators to monitor their encoded messages for harmful content including child sexual abuse material.
WhatsApp, owned and operated by Meta, the parent company of Facebook, and Signal, an encrypted messaging app that is also popular, have warned that they would leave the UK market if ordered to weaken the encryption. Encryption, which is a widely-used security technology, allows only the sender or recipient to see the contents of a message, has been a threat for some time.
Meredith Whittaker is the president of Signal. She described the move by the government as “a win, not a loss” for tech companies.
“Of Course, This Isn’t a Total Victory,” She wrote on X (formerly Twitter). “We would love to have seen this in the actual text of the law. This is still a big deal, and the fact that the implementation guidance will shape Ofcom’s framework is a good thing.
Will Cathcart said that WhatsApp “remains vigilant” against threats to its encryption. He shared in X, saying: “The truth is that scanning all messages will destroy privacy as we currently know it.” It was just as true last summer as it is now.
According to people who have been briefed about the government’s thinking, officials privately admitted to tech companies there is currently no technology that can scan encrypted messages from end to end without also compromising users’ privacy.
The critics have long claimed that such a technology doesn’t exist. They also claim that the current scanning technologies make mistakes, misidentifying safe content as dangerous, and forcing flagged content to be checked manually by monitors. This exposes private content.
On Wednesday, the government stated that its position “has not changed”.
The government stated that “as always, in a last-resort, case-by case basis, and only after stringent privacy safeguards are met, [the law] will allow Ofcom to direct businesses to either use or make the best efforts to source or develop technology to identify and delete illegal child sexual abuse material — which we know is possible.”
Parkinson said in the Lords that it was right for Ofcom to be able require technology companies to utilize their resources and expertise to create the best protections possible for children in encrypted environments. But he didn’t give any specifics.
Children safety advocates have been pushing for years to make tech companies more accountable for the abuse that they share on their apps.
Richard Collard, the head of online child safety policy at the National Society for the Prevention of Cruelty to Children said: “Our survey shows that the UK public supports measures to combat child abuse in environments with end-to-end encryption. Tech companies can demonstrate industry leadership by listening and investing in technologies that protect both the privacy and safety rights of users.