The UK government’s recent concession on a controversial “spy clause” in the Online Safety Bill has tech companies and privacy activists breathing a sigh of relief. Initially, the clause would have made end-to-end encryption nearly impossible, as it demanded the ability to scan encrypted messages for child sexual abuse material (CSAM) without violating user privacy. But with no existing technology capable of achieving this complex task, secure messaging platforms like WhatsApp and Signal threatened to withdraw their services from the UK.
The most frequently suggested solution was client-side scanning, a method that would involve inspecting message content before it’s sent and comparing it to a database of CSAM. However, opponents argued that this approach is equivalent to “government-sanctioned spyware”, and could lead to increased surveillance. Tech giant Apple has also abandoned its plans to develop client-side scanning technology, citing violations to user privacy.
While the UK government appears to have retracted its pressure on tech companies to use unproven technology, the contentious clauses still exist within the legislation, which is expected to become law. Critics argue that these powers could still be leveraged in the future to introduce encryption-breaking surveillance, advocating for their complete removal from the bill.
The UK’s decision, albeit not a complete victory, is a significant move that could influence similar discussions worldwide. With security services globally advocating for measures to weaken end-to-end encryption, this instance may set a precedent for other jurisdictions, including the European Union.