UK Government Seeks to Dispel Encryption ConcernsOnline Safety Bill Close to Passage With 'Accredited Technology' Clause Intact
The U.K. government may have sidestepped a looming fight with American tech companies by appearing to soften a legislative mandate for chat apps to actively scan for terrorist and child sexual abuse content.
Privacy activists were quick to declare victory after a Conservative member of the House of Lords said Wednesday the government will forbear, "if appropriate technology does not exist," from enforcing a clause in legislation requiring online services to deploy "accredited technology" to identify the prohibited content.
The House of Lords is set this week to return the Online Safety Bill to the House of Commons, where it is widely expected lawmakers will clear the legislation for royal assent.
The bill - and especially the "accredited technology" clause - has provoked opposition among major U.S. tech companies including Facebook and Apple, which have said the bill would undermine privacy protections enabled by end-to-end encryption (see: Tech Companies on Precipice of UK Online Safety Bill).
During House of Lords debate on the bill, Tory peer Stephen Parkinson said British telecom regulator Ofcom will not order online intermediaries such as chat apps and search engines to use government-endorsed methods of scanning to identify outlawed content so long as a technically feasible solution "accredited as meeting minimum standards of accuracy in detecting only child sexual abuse and exploitation content" does not exist.
"If the appropriate technology doesn't exist which meets those requirements, then Ofcom will not be able to use Clause 122 to require its use," he said, referring to the bill section containing the so-called "spy clause."
"That is why the power includes the ability for Ofcom to require companies to make best endeavors to develop or source a new solution. It is right that Ofcom should be able to require technology companies to use their considerable resources and expertise to develop the best possible protection for children in encrypted environments," Parkinson said.
Meredith Whittaker, president of encrypted app developer Signal, called the government's position "a victory, not a defeat. And am grateful to the U.K. government for making their stand clear. This is a really important moment, even if it’s not the final win." Whittaker has repeatedly said the bill's language could force Signal to leave the British market, and executives at Facebook-owned WhatsApp echoed that warning.
Will Cathcart, head of WhatsApp, tweeted that the company "remains vigilant" against threats to break encryption. "The fact remains that scanning everyone's messages would destroy privacy as we know it," he said.
Labour peer Kenneth Owen Morgan said during parliamentary debate that he doubts whether Parkinson's assurance changes matters. Forbearance in not ordering the use of "accredited technology" without first identifying a feasible solution doesn't appear directly in the bill's language, he said.
"The fact of the matter is everybody knows that you cannot do what Ofcom is empowered by this bill to do without breaching end-to-end encryption. It's as simple as that," Morgan said.
"Now, my noble friend may say, 'That's not the government's intention,' and he may say, 'Well, they can't be forced to do it if the technology isn't there.' None of that is in the bill," he told the lords.
"That doesn't address the fact that end-to-end encryption will be breached if Ofcom finds a way of doing what the bill empowers it to do. So why have we empowered Ofcom to do that?"