The UK government has made the decision not to complicate its life with technology companies and activism, when, by approving the controversial Online Safety Billhas clearly specified that the telecommunications regulator, Ofcomwill only require companies to scan their networks for evidence of abuse and child pornography (CSAM) when a technology is developed that is capable of doing so.
Most cybersecurity experts believe that it could be many years yet before any such technology is developed, if and when it is ever developed, encryption systems will most likely have progressed enough that, again, their encryption is still robust. Before the House of Lords, Lord Stephen Parkinson expressly said that
“… a request may only be issued when it is technically feasible to do so and when it has been proven that the technology meets the minimum precision standards to detect only child sexual exploitation and abuse content…”
The Online Safety Bill has been in the works for several years, and was considered one of the toughest attempts by any government to hold big tech companies accountable for content shared over their networks. Several technology companies had threatened to withdraw all or part of the British market if the law was passed without any limitations. Companies like Meta had threatened to remove your whatsappApple had done it with iMessage and FaceTimeand others, from signal until the very Wikipediathey had announced its possible withdrawal.
Now, after very long and Byzantine discussions, everything indicates that the government has given its arm to twist with a Solomonic solution: the law continues to affirm that the government regulator will be able to require technology companies to reveal the contents of communications that occur through of their tools, but they claim that they will not do so until it is technically feasible to do so reliably and without threatening the privacy of all users. The criticism that could be made of this decision, at this stage of the processing of the law, is that the legal status of the text of the law is not comparable at all with the little commitment that a series of specific statements to the press entails, At best, they compromise the government that has made them or even just specific people from it. It could perfectly happen, although today it seems unlikely, that subsequent governments or ministers would try, given that the text of the law is drafted as it is, to require companies to strictly comply with it and provide them with these monitoring tools. In politics, what is not in the law or its regulations does not exist.
The decision is an attempt to save face for the government, which may consider saying that its position has not changed, among other things to try to appease children’s rights associations:
“As has always been the case, as a last resort, on a case-by-case basis and only where strict privacy safeguards have been met, (the legislation) will allow Ofcom to direct companies to use or use best efforts to develop or obtain technology for identify and remove illegal child sexual abuse content, which we know can develop (…) It is right that Ofcom can require technology companies to use their considerable resources and expertise to develop the best possible protections for children in encrypted environments .”
For the British government, as for others, the problem is that they run polls that show that a large majority of the country’s citizens overwhelmingly support measures to tackle child abuse in end-to-end encrypted environments, support that they obviously ignore. the consequences that the development of monitoring tools could have. One of those topics in which everything indicates that one cannot pay attention to a popular opinion that lacks sufficient training to understand this type of issue and its possible scope.
But for the time being, companies will be able to maintain their presence and their messaging products in the UK market, and politicians will be able to look good saying that “if necessary, they will be required to do this or that”, even if it is technically impossible. For some, a triumph, although I am not so clear about it. It will be that I am, every day, a grumpy old man…
This article is also available in Spanish on my Medium page, «Is end-to-end encryption still guaranteed in the UK?»