Prime Minister Rishi Sunak has backed the UK government’s Online Safety Bill despite widespread criticism of the far-reaching legislation from across the tech industry. Many believe the bill poses a threat to end-to-end encryption and could be a major security and privacy risk for businesses and consumers, but Sunak told Tech Monitor the bill is a vital step to keep internet users safe from harmful material, and insists the government has consulted with business on the cybersecurity implications of the act.
The Online Safety Bill, which is currently being debated in the House of Lords, is designed to stop people, particularly children, from accessing harmful content by imposing controls on social media platforms and other tech companies around how they assess and delete illegal material.
But provisions in the bill which would compel tech companies to build “back door” access to their systems to allow law enforcement agencies to access child sex abuse material (CSAM) and other prohibited content have raised concerns, with critics saying this would break end-to-end encryption in the UK and have far-reaching consequences for the security of online services.
Rishi Sunak backs Online Safety Bill
Speaking to Tech Monitor at the government’s Business Connect event on Monday, Sunak said the bill was a proportionate response to the problems internet users face.
“I think everyone wants to make sure their privacy is protected online, but people also want to know that law enforcement agencies are able to keep them safe and have reasonable ways to be able to do that, and that’s what we’re trying to do with the Online Safety Bill,” he said.
Sunak insists the government is listening to the voice of the tech industry on this issue, and that extensive consultation has been undertaken around the cybersecurity aspects of the bill, but stopped short of saying his government would revisit the make-up of the bill.
“We work in a spirit of constructive engagement, and this bill is a novel piece of legislation,” he said. “We’re one of the first countries to do this, it’s a new area, and because of that it’s important to do a lot of consultation.”
Tech industry big names raise Online Safety Bill fears
The Online Safety Bill has been in development for several years, but work on it was paused last year following opposition from Tory MPs who voiced concerns would impinge on free speech by forcing platforms to suppress “legal but harmful” content. An amended version was subsequently agreed which passed its first reading in the House of Commons earlier this year.
As part of the legislation, end-to-end encrypted messaging services will be required to put functions in place which automatically scan for child sex abuse material (CSAM) so it can be reported to authorities.
The only way to do this effectively is through client-side scanning, where companies will monitor the contents of a message before it is encrypted to ensure that it contains nothing illegal. Apple tried to introduce this to its iMessage service last year to scan for CSAM, and was forced to withdraw the system almost immediately due to a privacy backlash. Apple subsequently introduced new levels of encryption on its services, which could put it at odds with the government when the Online Safety Bill becomes law.
Last week, WhatsApp became the latest company to oppose the Online Safety Bill, when it signed an open letter from a group of encrypted messaging services including Signal and UK-based Element. The companies said the government should “urgently rethink” the bill, stating: “As currently drafted, the bill could break end-to-end encryption, opening the door to routine, general and indiscriminate surveillance of personal messages of friends, family members, employees, executives, journalists, human rights activists and even politicians themselves, which would fundamentally undermine everyone’s ability to communicate securely.”
Other IT professionals have also voiced concerns about the Online Safety Bill. More than half of those surveyed by BCS, the Chartered Institute for IT, last year said the legislation would not make the internet safer, with only 14% of those polled deeming it “fit for purpose”.