In an apparent admission of defeat, the UK government has conceded that requiring scanning of platforms like WhatsApp for messages with harmful content, as required in the Online Safety Bill, is not (currently) feasible.
The ‘Spy Clause’
Under what’s been dubbed the ‘spy clause’ (Clause 122) in the UK’s Online Safety Bill, the government had stated Ofcom could issue notices to messaging apps like WhatsApp and Signal (which use end-to-end encryption) that would allow the deployment of scanning software. The reason given was to scan for child sex abuse images on the platforms. However, the messaging apps argued that this would effectively destroy the end-to-end encryption, an important privacy feature valued by customers. This led to both WhatsApp and Signal threatening to pull their services out of the UK if the Bill went through with the clause in it.
Also, some privacy groups, like the Open Rights Group, argued that forcing the scanning of private messages on apps amounted to an expansion of mass surveillance.
Climbdown
However, in a recent statement to the House of Lords junior arts and heritage minister Lord Stephen Parkinson announced that the government would be backing down on the issue. Lord Parkinson said: “When deciding whether to issue a notice, Ofcom will work closely with the service to help identify reasonable, technically feasible solutions to address child sexual exploitation and abuse risk, including drawing on evidence from a skilled persons report. If appropriate technology which meets these requirements does not exist, Ofcom cannot require its use.”
In other words, the technology that enables scanning of messages without violating encryption doesn’t currently exist and, therefore, under the amended version of the bill, WhatsApp and Signal will not be required to have their messages scanned (until such technology does exist).
This is a significant climbdown for the government which has been pushing for ‘back doors’ and scanning of encrypted apps for many years, particularly since it was revealed that the London Bridge terror attack appeared to have been planned via WhatsApp.
Victory – Signal & WhatsApp
Writing on ‘X’ (formerly Twitter), Meredith Whittaker, the president of Signal, said the government’s apparent climbdown was “a victory, not a defeat” for the tech companies. She also admitted, however, that it wasn’t a total victory, saying “we would have loved to see this in the text of the law itself.”
Also posting on ‘X,’ Will Cathcart, head of WhatsApp said that WhatsApp “remains vigilant against threats” to its end-to-end encryption service, adding that “scanning everyone’s messages would destroy privacy as we know it. That was as true last year as it is today.”
Omnishambles
Following the news of the government’s ‘spy clause’ climbdown, privacy advocates the Open Rights Group’ (ORG) highlighted the fact that on the one hand, the government had conceded that the technology that would have been needed to scan messages didn’t exist, while on the other hand appeared they to say they hadn’t conceded. Describing the matter as an “omnishambles,” the ORG highlighted how during an appearance on Times radio, Michelle Donelan MP said that, “We haven’t changed the bill at all” and that “further work to develop the technology was needed.”
What Does This Mean For Your Business?
For apps like WhatsApp and Signal, this is not only a victory against government pressure but is also good news for business as, presumably, they will continue to operate in the UK market.
This is also good news for many UK businesses that routinely use WhatsApp as part of their business communications and won’t need to worry (for the time being) about having their commercially (and personally) sensitive messages scanned, thereby posing a risk to privacy and security, and perhaps increasing the risk of hacks and data breaches. It appears that the UK government has been forced to admit the technology does not yet exist that can scan messages on end-to-end encrypted services and maintain the integrity of that end-to-end encryption at the same time. It also appears that it may realistically take quite some time (years) before this technology exists, thereby making the victory all the sweeter for the encrypted apps.
The government’s climbdown on ‘clause 122’ (the ‘spy clause’), is also being celebrated by the many privacy groups that have long argued against it on the grounds of it enabling mass surveillance.