The UK government appears to have pulled back on a controversial clause in its forthcoming Online Safety Bill that would have forced tech companies to snoop on users’ messages.
Clause 110 of the mammoth piece of legislation enables regulator Ofcom to force messaging providers to use “accredited technology” to perform so-called “client-side scanning.”
That is, they would need to scan messages before they are end-to-end encrypted in order to check against a database of child sexual exploitation and abuse (CSEA) content.
This set tech giants like WhatsApp and Signal on a collision course with the government. They threatened to pull their services from the UK if the bill went ahead in its current form, arguing it would be impossible to deliver a system which would not be exposed to future government overreach or “any adversary who compromises the monitoring infrastructure.”
They also argued that the scanning and matching technology itself is far from accurate, raising the prospect of dangerous false positives.
Read more on the Online Safety Bill: UK Government Slammed For Encryption Mistruths
The government appears to have conceded this. Junior arts and heritage minister Stephen Parkinson told the House of Lords yesterday that Ofcom would not use its powers until it’s “technically feasible” to do so – which could take years.
“A notice can only be issued where technically feasible and where technology has been accredited as meeting minimum standards of accuracy in detecting only child sexual abuse and exploitation content,” he said, according to the Financial Times.
The government statement was welcomed by Signal president, Meredith Whittaker.
“I would call this a victory, not a defeat. And am grateful to the UK government for making their stand clear. This is a really important moment, even if it’s not the final win,” she tweeted.
“Is it everything we want or need? No. But it’s vital clarity and I’m hopeful that it opens the door for changes to the text of the bill in the final stages.”
However, WhatsApp boss, Will Catchcart was more circumspect.
“The fact remains that scanning everyone’s messages would destroy privacy as we know it. That was as true last year as it is today,” he tweeted. “WhatsApp will never break our encryption and remains vigilant against threats to do so.”