Security Experts Raise Major Concerns With Online Safety Bill

Written by

Dozens of the UK’s leading experts on security and privacy have raised grave concerns with Online Safety Bill provisions which call for the monitoring of end-to-end encrypted messages for child sexual exploitation and abuse (CSEA) content.

Clause 110 of the bill currently making its way through the House of Lords empowers Ofcom to force tech companies to use “accredited technology” in order to identify and rapidly take down CSEA content. This includes providers of encrypted messages, such as WhatsApp and Signal.

Doing so would either require an encryption backdoor or “client-side scanning,” whereby users are forced to download software that monitors all their messages for CSEA material against a database of known illegal content, before they’re encrypted.

“Our concern is that surveillance technologies are deployed in the spirit of providing online safety. This act undermines privacy guarantees and, indeed, safety online,” argued the experts.

“Such monitoring is categorically incompatible with maintaining today’s (and internationally adopted) online communication protocols that offer privacy guarantees similar to face-to-face conversations. Secondly, attempts to sidestep this contradiction are doomed to fail on the technological and likely societal level.”

They argued that it would be impossible to provide a system for access to encrypted content for just the government, which would not ultimately be exposed to future government overreach or “any adversary who compromises the monitoring infrastructure.”

The problem with client-side scanning, they continued, is that current algorithms are not very effective at detecting prohibited content, raising the prospect of damaging false positives. Any scanning software could also be repurposed in the future to peer further into people’s lives, they warned.

Read more on client-side scanning: EU's Client-Side Scanning Plans Could be Unlawful

“We note that in the event of the Online Safety Bill passing and an Ofcom order being issued, several international communication providers indicated that they will refuse to comply with such an order to compromise the security and privacy of their customers and would leave the UK market,” the letter concluded.

“This would leave UK residents in a vulnerable situation, having to adopt compromised and weak solutions for online interactions.”

With Labour backing the bill, it’s likely to make it into law – but it’s hoped that politicians will listen to the experts this time and amend Clause 110.

A new survey from messaging app Element published yesterday revealed that 83% of Brits want to keep their private conversations safe from government snooping, with 70% agreeing that scanning such messages will not stop criminal activity.

What’s hot on Infosecurity Magazine?