The UK’s controversial Online Safety Bill is now law

27 Oct 2023

Image: © jroballo/Stock.adobe.com

The Online Safety Bill aims to protect children by making tech companies monitor and remove harmful content, but the rules around encryption have raised privacy concerns.

The UK’s Online Safety Bill has entered into law, with supporters claiming it will bring in a new era of internet safety.

The new rules are focused on protecting children from online harm by placing more responsibility on tech companies to prevent and remove illegal and harmful content. Harmful and age-inappropriate content includes pornography, bullying, serious violence and the promotion of suicide, self-harm or eating disorders.

Companies that fail to comply with these rules could face fines of up to 10pc of their global revenue and potential prison sentences for executives. UK technology secretary Michelle Donelan, MP, said the bill will ensure the online safety of the UK “for decades to come”.

“I am immensely proud of the work that has gone into the Online Safety Act from its very inception to it becoming law,” Donelan said. “The bill protects free speech, empowers adults and will ensure that platforms remove illegal content. At the heart of this Bill, however, is the protection of children.”

This bill was first drafted in 2021, with a large focus to stop the sharing of child sex abuse material (CSAM) on privacy-focused messaging apps. The bill was passed in the UK parliament last month.

But while supporters of the bill say it will protect children, various companies and privacy rights groups have spoken out against parts of the bill that could compromise end-to-end encryption.

This form of encryption ensures that messages can only be read by the sender and receiver, making it a popular form of privacy protection on apps such as WhatsApp, Signal and iMessage. However, the bill means communications regulator Ofcom can direct companies to deploy certain technologies that bypass encryption to scan for CSAM.

During the final stages of the bill passing through parliament, the UK government admitted that no technology is currently in operation that would allow the scanning for CSAM without infringing on people’s right to privacy and said that this measure in the bill would only be adopted when it was “technically feasible” to do so with more targeted tech.

In a UK parliament debate last month, Stephen Parkinson of the house of lords said the bill allows Ofcom to “require companies to make best endeavours to develop or source a new solution” if technically feasible options are not available.

Matthew Hodgson, the CEO of secure messaging platform Element, claims that customers have asked the company to put in contract clauses to state that Element will never put Online Safety Bill scanning systems into its software.

“Which we would never do anyway, but that we’re having to put it into commercial contracts highlights just how impractical the [Online Safety Bill] is on encryption,” Hodgson said.

Companies like Apple and Meta-owned WhatsApp have previously spoken out against this part of the bill, while Signal president Meredith Whittaker previously said the company would exit the UK market if the bill is passed without changes to certain rules.

The UK’s Open Rights Group spoke out against the Online Safety Bill earlier this year, describing it as a threat to democracy and a move that could turn the UK into a surveillance state.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic

editorial@siliconrepublic.com