The technology secretary has drawn the ire of encryption experts by repeating false claims and half-truths about the Online Safety Bill.
The proposed legislation will effectively force private messaging companies that use end-to-end encryption to scan their users’ content for child abuse material. This would require users to download client-side scanning software to read messages on their devices before they’re encrypted.
Michelle Donelan told Radio 4’s Today program: “Technology is in development to enable you to have encryption as well as to be able to access this particular information.”
This prompted a furious backlash from experts.
Matthew Hodgson, CEO of secure messaging app Element, branded the statement as “factually incorrect.”
“No technology exists which allows encryption and access to ‘this particular information.’ Detecting illegal content means all content must be scanned in the first place. By adding the ability to use scanning technology at all, you open the floodgates to those who would exploit and abuse it,” he said.
“You put the mechanism in place for mass surveillance on UK citizens by the ‘good guys’ and the bad. It is utterly unacceptable to attempt to force tech companies to implement mass surveillance within their products.”
Read more on the Online Safety Bill: Security Experts Raise Major Concerns With Online Safety Bill
Donelan added that “the onus is on tech companies to invest in technology to solve this issue.” It’s an argument often repeated by lawmakers and law enforcers but roundly dismissed by technology experts as either disingenuous or ignorant.
“Countless experts, from private companies to academics and civil society organizations have told you this technology is impossible to build,” Hodgson responded. “Is the government expecting every tech company to plough money into a never-ending R&D project that will never result in a workable product?”
Matthew Lesh, director of public policy and communications at think tank the Institute of Economic Affairs, joined the criticism.
“The government’s claims on encryption are delusional. The Online Safety Bill empowers Ofcom to require scanning of private messages – undermining encryption and potentially leading the likes of WhatsApp and Signal to leave the UK,” he argued.
“There is no magic technological solution in existence or development that can protect user privacy while scanning their messages. It’s a contradiction in terms.”
Privacy experts have also criticized client-side scanning in the past, saying the false positive rate for matches of child abuse material is too high to make it useful.