Encryption concept

Lords amend Ofcom's powers to scan encrypted messages

Image credit: Mr Than Akorn / Shutterstock

The new rules would require a 'skilled' person to a write a report for Ofcom before the regulator can require tech firms to scan encrypted messages.

The House of Lords has passed a series of amendments to the Online Safety Bill that aim to impose safeguards to Ofcom's powers to use “accredited technology” to scan encrypted messages for child sexual abuse material. 

Companies that provide encrypted messaging services - including Signal, WhatsApp and Apple - have opposed these powers, with some of them stating they would rather leave the UK than provide a less-secure service to users. 

However, the government has maintained the powers are necessary to prevent the distribution of child pornography and protect children from being exposed to harmful content.

Government minister Lord Parkinson told peers he acknowledged "the concerns which have been aired about how these powers work with encrypted services" but he said strong safeguards had been built in to protect privacy.

The amendments to the legislation would require a “skilled person” to write a report for Ofcom before it can use its new powers to force tech firms to scan encrypted messages. 

This report must detail the impact of scanning messages on people’s privacy as well as their freedom of expression, and will also need to consider the use of technology on journalism and the protection of journalistic sources.

The much-delayed Online Safety Bill has been presented by the government as a ground-breaking law that will target online racism, sexual abuse, bullying, fraud and other harmful material often found on the internet.

The bill is set to require tech giants like Facebook and Google to protect users from harmful content for the first time, with penalties for breaching the new rules including fines of up to 10 per cent of their annual turnover and even criminal charges.

Although the legislation has been celebrated by children’s charities, free speech advocates and IT experts have criticised the requirement for companies to use “accredited technology” to scan users’ messages to identify and remove child sexual abuse material. 

Even with the new amendments, some campaigners still feel that the bill fails to protect privacy and have called the powers a "spy clause". They argue that a judge should have to authorise the scanning of user messages before Ofcom can make use of its powers.

"Judicial oversight is a bare minimum for a government appointed body to be able to break encryption and access private messages" said Index on Censorship.

The Open Rights Group added: "Given that this 'skilled person' could be a political appointee, and they would be overseeing decisions about free speech and privacy rights, this would not be effective oversight", the group wrote.

Conservative peer Lord Moylan had proposed an amendment that would exempt encrypted services from scanning altogether. He argued the government’s plans “opened a hole” in encryption, saying the powers were a “major assault on privacy”, but he did not move his proposal to a vote. 

The children’s charity NSPCC has supported the bill, saying it is in favour of “a balanced settlement that should encourage companies to mitigate the risks of child sexual abuse when designing and rolling out features like end-to-end encryption”.

Sign up to the E&T News e-mail to get great stories like this delivered to your inbox every day.

Recent articles