The UK government has acknowledged the absence of technology to securely scan encrypted messages on apps like WhatsApp and Signal, leading to a revision in the Online Safety Bill. This “spy clause” had previously threatened the viability of end-to-end encryption in the UK, prompting companies like WhatsApp to consider leaving the UK market. The UK’s decision might influence global stances on encryption and surveillance.
WIRED: The UK government has conceded that the technology required to securely scan encrypted messages on platforms like Signal and WhatsApp is non-existent. This admission weakens the contentious Online Safety Bill, which had a “spy clause” that experts believed would render end-to-end encryption virtually unfeasible in the UK. Messaging services, including WhatsApp and Signal, had even threatened to exit the UK market if the bill was enacted. While this is seen as a triumph for tech companies and privacy activists, the controversial clauses still exist in the legislation, suggesting potential future challenges.
The proposed solution for scanning encrypted messages was “client-side scanning“, which would inspect the content of a message before it’s sent and compare it to a database of Child Sexual Abuse Material (CSAM). Alan Woodward, a cybersecurity professor, likened this to “government-sanctioned spyware”. Apple had previously abandoned its plans for such technology, citing privacy concerns. Critics of the bill argue that introducing backdoors for CSAM detection could inadvertently lead to broader governmental surveillance.
Despite the UK government’s decision not to enforce unproven technology on tech firms, the contentious clauses remain in the bill, which is still expected to become law. James Baker from the Open Rights Group suggests that the continued presence of these powers means that encryption-breaking surveillance might still be introduced later. Matthew Hodgson, CEO of Element, believes that the government’s current stance merely postpones the issue.
The UK’s partial retreat on this issue could have global implications. Security agencies worldwide have been advocating for measures to weaken end-to-end encryption. The European Union is also grappling with the CSAM issue, with similar unproven technologies being promoted. Meredith Whittaker of the Signal Foundation believes that the UK’s decision halts the momentum for such surveillance measures on a global scale.