Random Image Display on Page Reload

Britain Admits Defeat in Controversial Online Safety Bill

Sep 6, 2023 10:59 AM

Britain Admits Defeat in Controversial Fight to Break Encryption

The UK government has admitted that the technology needed to securely scan encrypted messages sent on Signal and WhatsApp doesn’t exist, weakening its controversial Online Safety Bill.

silhouette of woman on phone

Photograph: Gary D'Ercole/Getty Images

Tech companies and privacy activists are claiming victory after an eleventh-hour concession by the British government in a long-running battle over end-to-end encryption.

The so-called “spy clause” in the UK’s Online Safety Bill, which experts argued would have made end-to-end encryption all but impossible in the country, will no longer be enforced after the government admitted the technology to securely scan encrypted messages for signs of child sexual abuse material, or CSAM, without compromising users’ privacy, doesn’t yet exist. Secure messaging services, including WhatsApp and Signal, had threatened to pull out of the UK if the bill was passed.

“It’s absolutely a victory,” says Meredith Whittaker, president of the Signal Foundation, which operates the Signal messaging service. Whittaker has been a staunch opponent of the bill, and has been meeting with activists and lobbying for the legislation to be changed. “It commits to not using broken tech or broken techniques to undermine end-to-end encryption.”

The UK government hadn’t specified the technology that platforms should use to identify CSAM being sent on encrypted services, but the most commonly-cited solution was something called client-side scanning. On services that use end-to-end encryption, only the sender and recipient of a message can see its content; even the service provider can’t access the unencrypted data.

Client-side scanning would mean examining the content of the message before it was sent—that is, on the user’s device—and comparing it to a database of CSAM held on a server somewhere else. That, according to Alan Woodward, a visiting professor in cybersecurity at the University of Surrey, amounts to “government-sanctioned spyware scanning your images and possibly your [texts].”

In December, Apple shelved its plans to build client-side scanning technology for iCloud, later saying that it couldn’t make the system work without infringing on its users’ privacy.

Most Popular

Opponents of the bill say that putting backdoors into people’s devices to search for CSAM images would almost certainly pave the way for wider surveillance by governments. “You make mass surveillance become almost an inevitability by putting [these tools] in their hands,” Woodward says. “There will always be some ‘exceptional circumstances’ that [security forces] think of that warrants them searching for something else.”

The UK government denies that it has changed its stance. Minister for tech and the digital economy, Paul Scully MP said in a statement: “Our position on this matter has not changed and it is wrong to suggest otherwise. Our stance on tackling child sexual abuse online remains firm, and we have always been clear that the Bill takes a measured, evidence-based approach to doing so.”

Under the bill, the regulator, Ofcom, will be able “to direct companies to either use, or make best efforts to develop or source, technology to identify and remove illegal child sexual abuse content—which we know can be developed,” Scully said.

Although the UK government has said that it now won’t force unproven technology on tech companies, and that it essentially won’t use the powers under the bill, the controversial clauses remain within the legislation, which is still likely to pass into law. “It’s not gone away, but it’s a step in the right direction,” Woodward says.

James Baker, campaign manager for the Open Rights Group, a nonprofit that has campaigned against the law’s passage, says that the continued existence of the powers within the law means encryption-breaking surveillance could still be introduced in the future. “It would be better if these powers were completely removed from the bill,” he adds.

But some are less positive about the apparent volte-face. “Nothing has changed,” says Matthew Hodgson, CEO of UK-based Element, which supplies end-to-end encrypted messaging to militaries and governments. “It’s only what’s actually written in the bill that matters. Scanning is fundamentally incompatible with end-to-end encrypted messaging apps. Scanning bypasses the encryption in order to scan, exposing your messages to attackers. So all ‘until it’s technically feasible’ means is opening the door to scanning in future rather than scanning today. It’s not a change, it’s kicking the can down the road.”

Whittaker acknowledges that “it’s not enough” that the law simply won’t be aggressively enforced. “But it’s major. We can recognize a win without claiming that this is the final victory,” she says.

The implications of the British government backing down, even partially, will reverberate far beyond the UK, Whittaker says. Security services around the world have been pushing for measures to weaken end-to-end encryption, and there is a similar battle going on in Europe over CSAM, where the European Union commissioner in charge of home affairs, Ylva Johannson, has been pushing similar, unproven technologies.

“It’s huge in terms of arresting the type of permissive international precedent that this would set,” Whittaker says. “The UK was the first jurisdiction to be pushing this kind of mass surveillance. It stops that momentum. And that’s huge for the world.”

Updated 10/08/2023 2:50 am ET to add a statement from the UK government.

Get More From WIRED

Peter Guest is acting business editor at WIRED in London. Before WIRED, he was the enterprise editor at Rest of World in Singapore and features editor at Nikkei Asia in Tokyo. He has written for Bloomberg Businessweek, The Atlantic, GQ, the Financial Times, The Wall Street Journal, and *MIT Technology… Read more
More from WIRED

This Is the True Scale of New York’s Airbnb Apocalypse

A law meant to crack down on short-term rentals in New York City took effect Tuesday. Thousands have dropped off the map, but there are still hosts offering bookings that may break the law.

Amanda Hoover

Sundar Pichai on Google’s AI, Microsoft’s AI, OpenAI, and … Did We Mention AI?

The tech giant is 25 years old. In a chatbot war. On trial for antitrust. But its CEO says Google is good for 25 more.

Steven Levy

The End of Airbnb in New York

Thousands of Airbnbs and other short-term rentals are expected to disappear from rental platforms as New York City begins enforcing tight restrictions.

Amanda Hoover

What OpenAI Really Wants

The young company sent shock waves around the world when it released ChatGPT. But that was just the start. The ultimate goal: Change everything. Yes. Everything.

Steven Levy

These Prisoners Are Training AI

In high-wage Finland, where clickworkers are rare, one company has discovered a novel labor force—prisoners.

Morgan Meaker

AI Chatbots Are Invading Your Local Government—and Making Everyone Nervous

State and local governments in the US are scrambling to harness tools like ChatGPT to unburden their bureaucracies, rushing to write their own rules—and avoid generative AI's many pitfalls.

Todd Feathers

Why This Award-Winning Piece of AI Art Can’t Be Copyrighted

Matthew Allen’s AI art won first prize at the Colorado State Fair. But the US government has ruled it can’t be copyrighted because it’s too much “machine” and not enough “human.”

Kate Knibbs

EVs Are Hot. But Hybrid Trucks Are Having a Moment

For environmentalists, hybrid vehicles can feel like a compromise. But demand for hybrid pickup trucks is surging—and they may be the greenest practical option.

Aarian Marshall

*****
Credit belongs to : www.wired.com

Check Also

B.C. firm wins NASA challenge with space-friendly menu

Space food isn't just Tang and puréed meat in a tube anymore — it's mushroom …