Snooper’s Charter Updated. (Poorly)
Amendments to the UK Online Safety Bill mean a report must be written before powers can be used by the regulator to force tech firms to scan encrypted messages for child abuse images.
What Is The Online Safety Bill?
The Online Safety Bill is the way the UK government plans to establish a new regulatory regime to address illegal and harmful content online and to impose legal requirements on search engine and internet service providers, including those providing pornographic content. The bill will also give new powers to the Office of Communications (Ofcom), enabling them to act as the online safety regulator.
The Latest Amendments
The government says the latest amendments to the (highly controversial) Online Safety Bill have been made to address concerns about the privacy implications and technical feasibility of the powers proposed in the bill. The new House of Lords amendments to the bill are:
– A report must be written for Ofcom by a “skilled person” (appointed by Ofcom) before the new powers are used to force a firm, such as an encrypted app like WhatsApp or Signal, to scan messages. Previously, the report was optional. The purpose of the report will be to assess the impact of scanning on freedom of expression or privacy, and to explore whether other less intrusive, less alternative technologies that could be used instead. The report’s findings will be used to help decide whether to force a tech firm, e.g. an encrypted messages app, to scan messages, and a summary of those findings must be shared with the tech firm concerned.
– An amendment to the bill requiring Ofcom to look at the possible impact of the use of technology on journalism and the protection of journalistic sources. Under the amendment, Ofcom would be able to force tech companies to use what’s been termed as “accredited technology” to scan messages for child sexual abuse material.
The response from privacy campaigners and digital rights groups has focused on the idea that the oversight of an Ofcom-appointed “skilled person” is not likely to be as effective as judicial oversight (for example), and may not give the right level of consideration to users’ rights. For example, the Open Rights Group described the House of Lords debate on the amendments as a “disappointing experience” and said, that this “skilled person” could be a political appointee, and they would be overseeing decisions about free speech and privacy rights, this would not be “effective oversight”.
Apple’s Threats In Response To ‘Snoopers Charter’ Proposals
In the same week, Apple said it would simply remove services like FaceTime and iMessage from the UK rather than weaken its security under the new proposals for updating the UK’s Investigatory Powers Act (IPA) 2016. The new proposals for updates to the act would mean tech companies like Apple and end-to-end encrypted message apps having to clear security features with the Home Office before releasing them to customers and allow the Home Office to demand security features are immediately disabled, without telling the public. Apple has submitted a nine-page statement to the government’s consultation on amendments to the IPA outlining its objections and opposition. For example, Apple says the proposals “constitute a serious and direct threat to data security and information privacy” that would affect people outside the UK.
What Does This Mean For Your Business?
What the government says are measures to help in the fight against child sex abuse are seen by some rights groups as a route to monitoring and surveillance, and by tech companies as a way to weaken products and the privacy of their users. The idea that a “skilled person” (e.g. a consultant or political appointee) rather than a judge compiling a report to justify the forced scanning of encrypted messaging apps has not gone down well with the tech companies and rights groups. The fact that the House of Lords debate was the final session of the Report Stage and the last chance for the Online Safety Bill to be amended, before the Bill becomes law with so many major objections from tech companies still being made, it looks unlikely that the big tech companies will comply with the new laws and changes. WhatsApp for example (owned by Meta) has simply said it would pull out the UK market over how new UK laws would force it compromise security which would be considerable blow to many people who use the app for business daily. Signal (app) has also threatened to pull out of the UK and some critics think that the UK government may be naïve to think that simply pushing ahead with new laws and amendments will result in the big tech companies backing down and complying any time soon. It looks likely that the UK government will have a big fight on its hands going forward.