The Online Safety Bill gives the regulator, Ofcom, the power to require tech companies to identify child sex abuse material in private messages. However, WhatsApp’s boss has said it would rather be blocked in the UK than compromise on privacy, with Signal, its smaller rival, saying the same.
The company argues that the proposals would expose its products to vulnerabilities from bad actors, including foreign governments. Tech firms claim that they can’t create backdoors in encrypted digital services, even to protect kids online. According to cybersecurity experts, the bill’s requirements are incompatible with a desire to protect encryption.
Leaders at Britain’s National Cyber Security Centre and security agency GCHQ believe such technology can protect children and privacy simultaneously. However, a raft of cryptographers criticized the technique in a report called “Bugs in Our Pockets” in 2021. This prompted tech giant Apple to abandon plans to introduce client-side scanning on its services.
In Australia, the country’s eSafety Commissioner recently published a report highlighting how Microsoft and Apple had few mechanisms to track child sexual abuse material, including via their encrypted services.
Cybersecurity experts agree that the UK bill’s demands are incompatible with a desire to protect encryption. They claim privacy is not a fungible issue – services either have it or don’t.
Ministers claim to support strong encryption and privacy, just not at the cost of public safety. Melanie Dawes, Ofcom’s chief executive, said that any efforts to break encryption in the name of safety would have to meet stringent rules, and such requests would be made in only the most extreme situations.
Politicians are keen to lower the temperature. However, two former ministers said that doing so will prove challenging. They point out the likelihood of pushback from MPs, the technology’s complexity, and the issue’s emotiveness.
Finding a compromise is unlikely to be easy. The row mirrors similar debates underway in the European Union and Australia over how accountable tech platforms should be for potentially harmful content on encrypted services.
Also read: WhatsApp refuses to comply with UK’s new Online Safety Bill