UK Government withdraws proposal for controversial spy clause in its Online Safety Bill
The UK Government has announced that it will not scan users' messages for harmful content. The announcement comes after Apple, WhatsApp and Signal had threatened to remove their messaging services from Britain if a controversial clause had been included in the Online Safety Bill.
Earlier this year, the British Government had proposed a new clause in its Online Safety Bill, which would grant it powers to scan users' messages to detect harmful content such as child sexual abusive material (CSAM) and terrorist acts. The surveillance law, which had been in development for many years, would have forced messaging apps to have a backdoor, essentially weakening the end-to-end encryption (E2EE) protection in chats. Imagine a Government agency being able to snoop on a private conversation between two people, that is precisely what this controversial law could allow.
Users were outraged by the proposal, and several tech companies including WhatsApp, Session, Signal, Element, Threema, Viber, and Wire took a stand against the controversial proposal, which has been termed as the "spy clause". Apple had informed the UK Government that it would remove FaceTime and iMessage from its territory, if the surveillance laws were changed. Signal and WhatsApp had issued a similar ultimatum, in order to protect their users. Apple had also highlighted that the new law could pose a hurdle to security updates, as it would require the UK Home Office's approval before publishing updates. The company was also unwilling to disable or block features at the Government's beck and call.
UK Government backtracks its controversial spy clause
The UK Government had been analyzing the changes to the Investigatory Powers Act, before finalizing the laws. But, it has backtracked on its decision after strong criticism from security experts. The withdrawal wasn't made out of a change of heart, the officials had finally realized that the technology to scan users' messages without compromising on their security and privacy simply does not exist. The Financial Times reports that the UK's communications regulator, Ofcom, would only require companies to scan their networks when such a technology was developed. In other words, the controversial change could still happen in the future. Current technologies related to this are considered flawed, and inaccurate. Security experts believe that the surveillance technology that could respect end-to-end encryption without compromising on the user's privacy is years away from reality, if at all possible.
Signal's president, Meredith Whittaker, described the government's withdrawal of the policy as a victory, but not a complete one, because it was not included in the text of the law. Will Cathcart, head of WhatsApp, was skeptical about the news, stating that scanning everyone’s messages would destroy privacy as we know it, and this hasn't changed.
The UK Government has also admitted that its stance hasn't changed. This is what it had to say, “As has always been the case, as a last resort, on a case-by-case basis and only when stringent privacy safeguards have been met, [the legislation] will enable Ofcom to direct companies to either use, or make best efforts to develop or source, technology to identify and remove illegal child sexual abuse content — which we know can be developed,”
Wired mentions Prof Alan Woodward, a Cyber-security expert from Surrey University, who termed client-side scanning of a user's images and texts, as government-sanctioned spyware. He also believes that backdoors to scan for CSAM would inevitably turn into mass surveillance tools. James Baker, a campaign manager for the Open Rights Group, that had opposed the law, stating that it would have been better if the powers had been removed from the bill, and that their continued existence could mean such surveillance could be introduced in the future.
The fact that such surveillance laws were proposed is absurd. Then again, Apple had once planned to create its own CSAM detection system in iMessage, but hastily backtracked after users and critics voiced their opinion. On a side note, the EU has designated 6 big tech companies as gatekeepers.