The British government decided to leave out the so-called ‘spy clause’ from its upcoming Online Safety Bill at the last minute, but the decision’s only temporary until the technology behind scanning encrypted messages becomes accurate enough, The Register wrote on Thursday, September 7th.
“If the appropriate technology does not exist that meets [certain] requirements, then [the regulators] will not be able to use Clause 122 to require its use,” Stephen Parkinson, a Digital, Culture, Media, and Sport minister said in Westminster on Wednesday. “A notice can be issued only where technically feasible and where technology has been accredited as meeting minimum standards of accuracy.”
Clause 122, aka the ‘spy clause’ of the Online Safety Bill (OSB), is designed to force service providers to scan every message—including those using end-to-end encryption, such as on WhatsApp and Telegram—for certain keywords and media files that would indicate online terrorism or child exploitation material.
The proposal is almost identical to the EU’s upcoming Child Sexual Abuse Regulation (CSAR)—dubbed as ‘Chat Control’—that will be voted on by the European Parliament’s plenary in October and expected to become law by the end of the year. The similarity is not surprising, given that the OSB itself is mirroring the EU’s recently introduced Digital Services Act (DSA), which has been called by critics an “Orwellian censorship regime.”
While technological firms—some of which were ready to leave the UK if the bill passed—already began to celebrate the ditching of the spy clause, others warned that it might be premature. Clause 122 is still in the legislation, only its implementation has been postponed for the time being—as a bare minimum to get the bill past the finish line.
“The government saying ‘no scanning until it’s technically feasible’ is nonsense. Scanning is fundamentally incompatible with end-to-end encrypted messaging apps,” Element CEO Matthew Hodgson commented, adding:
It’s terrible because the law still says that scanning can be obligated on encrypted messaging providers, it would still undermine end-to-end encryption. And all it is [doing] is pushing it slightly down the line until somebody decides it’s technically feasible, which is a completely subjective thing.
Chat Control and spy clause critics raised many issues beyond the obvious violation of the fundamental right to basic privacy and the technical problem of the system inaccurately flagging legal content, such as the possibility of malign actors (hackers or outside governments) putting their hands on citizens’ personal data or that of a future government, abusing the system for political purposes.
Furthermore, relevant watchdogs frequently point out that scanning private correspondence is not even an effective way to combat the spread of child sexual exploitation material (CSEM), since the vast majority of such content is being disseminated through alternative channels that fall out of the scope of the proposals, via external hard drives or through the dark web for example.
“The debate should not be about protecting children versus protecting privacy. We can have both, and we should have both,” said Project Liberty CEO Martina Larkin about the British spy clause.
Trying to protect children by building backdoors into encryption will have unprecedented negative consequences for online privacy, the use of people’s data as well as the protection of free speech and democratic values.
No one would ever willingly let a complete stranger read all of your mail, put cameras in their house, and follow their every move. So why do it online?
