The long-debated and controversial Online Safety Bill finally received Royal Assent on October 26, 2023, the very last step for officially making it law.
The 300-page-long bill promises to make “the UK the safest place to be online,” especially for children, by forcing tech firms to take more responsibility for the content users spread across their platforms. Yet, tech firms claim that it actually threatens the internet as we know it.
Deemed by Technology Secretary Michelle Donelan as a “game-changing piece of legislation,” the Act gathered criticism from all fronts during its 6-year-long legal journey. From VPN services and messaging platforms to politicians, civil societies, industry experts, and academics, commentators fear its provisions may end up increasing the government’s surveillance and censorship reach while curbing people’s privacy.
What is the Online Safety Bill?
In an attempt to clean up the internet and protect children from some legal, but harmful, material, the OSB rules out a series of new powers and obligations for social media platforms and digital services. It also recognizes a list of new offenses, including cyber-flashing and the sharing of “deepfake” pornography.
Digital platforms now have a “duty of care” to protect children and prevent them from accessing harmful and age-inappropriate content, while enforcing age limits. They need to give an option to users to filter out harmful content, while parents will be entitled to obtain information about their children from tech firms. Platforms are also required to be transparent about all the risks of using their services beforehand.
Tech firms are responsible for removing illegal content from their platforms, too—from child sexual abuse, extreme sexual violence, and coercive behavior, to illegal immigration, self-harm, animal cruelty, and terrorism. Penalties for noncompliance include fines up to £18 million or 10% of their global annual revenue, whichever is larger, and even prison time for the company’s owners.
A threat to encryption
The aim might be lofty, yet tech experts fear the means might end up undermining safety online instead.
“As the Online Safety Bill becomes law without critical legal safeguards to end-to-end encryption, the internet as we know it faces a very real threat,” Andy Yen, Founder and CEO at Proton, told TechRadar right after the OSB received the long-awaited Royal Assent.
Yen’s company develops security software (VPN, secure email, and cloud storage services) which are based on encryption. These tools allow users to enjoy better privacy online as they secure all their communications, sensitive files, and browsing activities behind an encrypted wall.
However, one of the most contentious obligations ruled out by the Online Safety Act seeks to find a way to pick into the lock of this secure wall. Clause 122 gives the government the power to access, collect, and read anyone’s conversation to facilitate the hunt for illegal materials linked, for example, to child sexual abuse or terrorism. That’s something that shouldn’t be negotiable, according to Yen. “No one would tolerate this in the physical world, so why do we in the digital world?”
Even more concerning, perhaps, the UK government actually admitted that this so-called client-side scanning technology isn’t available right now, and decided to postpone what’s deemed as the ‘spy clause’ until it is “technically feasible” to deploy.
Matthew Hodgson, CEO and co-founder of Element, told TechRadar he’s now discussing potential added clauses into contracts with customers, promising scanning software will not be integrated into their software. The only UK-based end-to-end encrypted messaging platform, Element provides secure communications services to many governmental bodies including the UK Ministry of Defense, US Navy, Ukraine MoD, German army, NATO, and more.
He said: “Our Fortune-100 customers have started to ask us to put clauses in our contracts which assert that we will never put OSB scanning systems in our software, in order to protect their privacy. Which we would never do anyway, but that we’re having to put it into commercial contracts highlights just how impractical the OSB is on encryption.”
Signal and WhatsApp are just a few of the messaging platforms that have already threatened to withdraw from the UK market if they are obliged to spy on user conversations. Proton has also ensured that the company is ready to fight in court for its encryption and users’ privacy.
In the meantime, Yen hopes the UK body regulator will keep these wider implications in mind. He said: “The Government itself has previously admitted that the proposals are technically unfeasible and we hope Ofcom keeps this front of mind during the implementation process.”