UK set to amend encrypted message scanning plans
The UK government is set to change a plan to get tech firms to scan encrypted messages for child abuse images.
Tech firms have opposed the plans due to privacy concerns.
In an amendment to be discussed on Wednesday, the government now wants a report to be written before the powers are used by the regulator.
But campaigners say this extra safeguard is inadequate to protect privacy.
The government amendment comes after concerns raised by major messaging apps and others..
Signal and WhatsApp had previously said they wouldn’t comply, and Apple also opposed the plans.
The amendment to the Online Safety Bill says that a “skilled person” must write a report for communications regulator Ofcom before it can use the new powers and compel a firm to scan messages.
In previous versions of the bill this was optional.
The report could cover issues such as the impact on freedom of expression or privacy, and whether there are less intrusive technologies that could be used instead.
The bill would let Ofcom force tech companies to use “accredited technology” to scan messages for child sex abuse material.
The Online Safety Bill is currently in the later stages of its journey through Parliament,
Ministers, police and children’s charities say the powers are necessary to tackle “record levels” of child abuse such as imagery and grooming on online platforms, and to prevent encrypted platforms allowing child abusers to “operate with impunity”.
As end-to-end encrypted messages can only be read by the sender or recipient, critics suggest this means companies would need to scan messages before they are encrypted – so called client-side scanning.
This, they say, fundamentally undermines the privacy and security of encrypted messaging.
Meredith Whittaker of Signal previously told the BBC the powers would mean tech firms would have to “run government-mandated scanning services on their devices”.
The BBC understands that the new amendment is in response to concerns about the privacy implications and technical feasibility of the powers in the bill.
Privacy concerns
Ofcom must take the report into account when deciding if it is necessary and proportionate to force a firm to scan messages and share a summary of its findings with the tech firms.
But campaigners said that as a minimum a judge should have to authorise the scanning of user messages.
Index on Censorship said of the new plans: “This is not the legal oversight that these important new powers require, and give short shrift to users’ rights.
“Judicial oversight is a bare minimum for a government appointed body to be able to break encryption and access private messages” the free-speech campaigners said.
The Open Rights Group which campaigns for digital rights has also criticised the government amendment:
“Given that this ‘skilled person’ could be a political appointee, and they would be overseeing decisions about free speech and privacy rights, this would not be effective oversight”, the group wrote.
An amendment supported by Labour and Liberal Democrat spokesmen proposes oversight by judges.
And Conservative peer Lord Moylan has proposed an amendment that would exempt encrypted services from scanning altogether.
