The ‘Spy Clause’ 

Under what’s been dubbed the ‘spy clause’ (Clause 122) in the UK’s Online Safety Bill, the government had stated Ofcom could issue notices to messaging apps like WhatsApp and Signal (which use end-to-end encryption) that would allow the deployment of scanning software. The reason given was to scan for child sex abuse images on the platforms. However, the messaging apps argued that this would effectively destroy the end-to-end encryption, an important privacy feature valued by customers. This led to both WhatsApp and Signal threatening to pull their services out of the UK if the Bill went through with the clause in it.  

Also, some privacy groups, like the Open Rights Group, argued that forcing the scanning of private messages on apps amounted to an expansion of mass surveillance. 

Climbdown 

However, in a recent statement to the House of Lords junior arts and heritage minister Lord Stephen Parkinson announced that the government would be backing down on the issue. Lord Parkinson said: “When deciding whether to issue a notice, Ofcom will work closely with the service to help identify reasonable, technically feasible solutions to address child sexual exploitation and abuse risk, including drawing on evidence from a skilled persons report. If appropriate technology which meets these requirements does not exist, Ofcom cannot require its use.” 

In other words, the technology that enables scanning of messages without violating encryption doesn’t currently exist and, therefore, under the amended version of the bill, WhatsApp and Signal will not be required to have their messages scanned (until such technology does exist). 

This is a significant climbdown for the government which has been pushing for ‘back doors’ and scanning of encrypted apps for many years, particularly since it was revealed that the London Bridge terror attack appeared to have been planned via WhatsApp. 

Victory – Signal & WhatsApp 

Writing on ‘X’ (formerly Twitter), Meredith Whittaker, the president of Signal, said the government’s apparent climbdown was “a victory, not a defeat” for the tech companies. She also admitted, however, that it wasn’t a total victory, saying “we would have loved to see this in the text of the law itself.” 

Also posting on ‘X,’ Will Cathcart, head of WhatsApp said that WhatsApp “remains vigilant against threats” to its end-to-end encryption service, adding that “scanning everyone’s messages would destroy privacy as we know it. That was as true last year as it is today.” 

Omnishambles 

Following the news of the government’s ‘spy clause’ climbdown, privacy advocates the Open Rights Group’ (ORG) highlighted the fact that on the one hand, the government had conceded that the technology that would have been needed to scan messages didn’t exist, while on the other hand appeared they to say they hadn’t conceded.  Describing the matter as an “omnishambles,” the ORG highlighted how during an appearance on Times radio, Michelle Donelan MP said that, “We haven’t changed the bill at all” and that “further work to develop the technology was needed.” 

What Does This Mean For Your Business? 

For apps like WhatsApp and Signal, this is not only a victory against government pressure but is also good news for business as, presumably, they will continue to operate in the UK market.

This is also good news for many UK businesses that routinely use WhatsApp as part of their business communications and won’t need to worry (for the time being) about having their commercially (and personally) sensitive messages scanned, thereby posing a risk to privacy and security, and perhaps increasing the risk of hacks and data breaches. It appears that the UK government has been forced to admit the technology does not yet exist that can scan messages on end-to-end encrypted services and maintain the integrity of that end-to-end encryption at the same time. It also appears that it may realistically take quite some time (years) before this technology exists, thereby making the victory all the sweeter for the encrypted apps.

The government’s climbdown on ‘clause 122’ (the ‘spy clause’), is also being celebrated by the many privacy groups that have long argued against it on the grounds of it enabling mass surveillance.  

The post Featured Article : Temporary Climb-Down By UK Government appeared first on Mear Technology.

What Is The Online Safety Bill For?

The UK government’s Online Safety Bill is (draft) legislation that’s designed to place a ‘duty of care’ on internet companies which host user-generated content in order to limit the spread of illegal content on these services.

The idea of the Online Safety Bill is essentially to prevent the spread of illegal content and activity (e.g., images of child abuse, terror material, and hate crimes), as well as to protect children from harmful material, and also to protect adults from legal but harmful content.

The Bill applies to social media platforms, video-sharing platforms, search engines, and other tech services, and requires them to put in place systems and processes to remove illegal content as soon as they become aware of it. The Bill also requires these services to take additional proactive measures with regards to the most harmful ‘priority’ forms of online illegal content.

Priority

The kinds of priority offences listed in the draft bill are terrorism, child sexual abuse, and exploitation. The Department for Digital, Culture, Media and Sport’s Secretary of State also has powers to add further priority offences (with Parliament’s approval) via secondary legislation once the bill becomes law.

Other Illegal Behaviour

The Bill can also be applied to other illegal behaviour including more activities recently made illegal, which have emerged alongside the ability to target individuals or communicate en masse online.

In summary, the main groups of offences that the Bill now covers are are:

– Encouraging or assisting suicide

– Offences relating to sexual images (revenge and extreme pornography)

– Incitement to and threats of violence

– Hate crime

– Public order offences (harassment and stalking)

– Drug-related offences

– Weapons / firearms offences

– Fraud and financial crime

– Money laundering

– Controlling, causing or inciting prostitutes for gain

– Organised immigration offences

Strengthened Recently

Following Criticism that the original draft Bill’s scope hadn’t gone far enough and that services/firms would only have been forced to take such content down after it had been reported to them by users, the Bill has now been strengthened (hence the quite extensive list of offences shown above). On 4 Feb this year, Digital Secretary Nadine Dorries announced that the Bill had been strengthened in the following ways:

– The addition of extra priority illegal offences; i.e. revenge porn, hate crime, fraud, the sale of illegal drugs or weapons, the promotion or facilitation of suicide, people smuggling and sexual exploitation. The naming of the new offences is designed to remove the need for them to be set out in secondary legislation later. The government says that it will also enable Ofcom (which issues the fines under the Bill) to take quicker enforcement action against tech businesses which fail to remove the named illegal content.

– The requirement for services to be proactive and prevent people being exposed in the first place rather than waiting for users to report incidents before taking the content down.

Three More New Offences Being Considered

The government is also considering the Law Commission’s recommendations for three other offences to be created and added to the Online Safety Bill, namely. cyberflashing, encouraging self-harm, and epilepsy trolling.

Back in July, the Commission recommended other new offences which the Digital Secretary has only just cofirmed will be created and legislated for in the Online Safety Bill. These are harmful and abusive emails, harmful social media posts and WhatsApp messages, as well as ‘pile-on’ harassment (where many people target an individual with abuse e.g., in a comments section). These new offences do not apply to regulated media – print and online journalism, TV, radio, and film.

Named Individuals

One large aspect of the debate around the Online Safety Bill is the naming of specific individuals/executives in offending companies. The draft Bill, for example, already included the ability to impose criminal sanctions of named tech executives. These sanctions (i.e. prison sentences) however, were originally due to be delayed for two years (a grace period) after the laws are passed but some UK MPs have been asking the government to remove this long grace period before criminal sanctions can be faced. Digital Secretary Nadine Dorries, who has personal experience of having been targeted by trolls, is believed to favour a six months timeline (grace period) before the imposition of prison terms for those tech execs who fail to remove “harmful algorithms”.

Freedom and Legal Commentators

Freedom groups, such as the Index on Censorship and the Open Rights Groups have expressed concerns about Silicon valley companies making outsourced decisions about whether speech is harmful or not. Some legal commentators have also expressed concern that the Bill essentially allows the government to delegate all aspects of investigating and making judgements about online crimes to the tech companies/social media platforms.

Tech Companies

The big social media platforms have expected the Bill for some time and although they have given no major reactions to the most recent announcements, they are thought to be broadly in agreement with its aims. For example, Monica Bickert, vice-president of content policy at Meta (Facebook) said recently (in the Telegraph): “While we won’t agree with all the details, we’re pleased the Online Safety Bill is moving forward.”

Other Comments and Criticism

The NSPCC recently criticised the Bill for (in an open letter to Nadine Dorries) for not doing enough to put children at its the heart. Also, the Labour Party has said that the bill needs to go further in terms of tougher sanctions on executives who breach the new laws.

Enforcement

Ofcom, the UK’s communications regulator will be in charge of issuing the fines for offences under the bill.  For example, Ofcom will be able to issue fines of up to 10 per cent of annual worldwide turnover to non-compliant sites or block them from being accessible in the UK.

What Does This Mean For Your Business?

Tech companies, particularly social media platforms, have been forced to make changes for several years now in response to a series of trust-damaging events (e.g. Facebook’s Cambridge Analytica scandal, the platform’s use for influence in the previous US election and UK referendum), pressure from governments, and widespread concerns from users about the safety of young and vulnerable people online. The government sees the recently boosted powers of the (draft) Online Safety Bill as a way to send a much clearer message now to online services, particularly social media platforms that these issues now need to be taken more seriously, with the threat of possible prison terms for executives designed to make companies take more notice and make more changes. Facebook already appears to have started morphing into something different for the future (Meta) and, for example, Twitter’s co-founder Jack Dorsey stepped down last November. The aims of the bill appear noble in terms of the extra protections against a much wider range of offences that it may offer, but it remains to be seen how well it will work in reality when it passes into law, and whether it needs to be strengthened further.

The post What Is The Online Safety Bill? appeared first on Mear Technology.