Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Evening Standard
Evening Standard
Technology
Mary-Ann Russon

Online Safety Bill: Last chance for House of Lords to stop mass surveillance powers

Peers are gathering at the House of Lords for the final debate on the powers governing end-to-end encryption in the Online Safety Bill.

If voted into law, campaigners claim this part of the bill will give Ofcom the power to demand that tech companies use third-party software to scan every private online message, which would enable mass surveillance on an unprecendented scale.

The Government and children’s charities warn paedophiles are using private messaging apps to groom children and share illegal content, completely unnoticed by service providers.

Campaigners have urged peers not to waste their final chance on Wednesday July 19 to prevent the Government from having what they claim would be unchecked surveillance powers, due to “vague language” that contravenes the privacy of private citizens.

Once this debate is over, the bill will move to the final stages in September, at which point it will probably become law without any further discussion or amendments.

"We call on the peers to stop these mass surveillance powers, reject the government's amendment and vote to support amendments that will ensure the privacy of our chats are protected,” Dr Monica Horten, Open Rights Group’s policy manager for freedom of expression, told the Standard.

The key issue, she said, is the way the Government has drafted certain parts of the Online Safety Bill, which do not have anything to do with protecting children.

A Government spokeswoman told the Standard recently: “We are unambiguously pro-innovation and pro-privacy, however, we have made clear that companies should only implement end-to-end encryption if they can simultaneously prevent abhorrent child sexual abuse on their platforms.

“The Online Safety Bill does not give Ofcom or the Government any powers to monitor users’ private messages. As a last resort, and only when stringent privacy safeguards have been met, the Online Safety Bill will enable Ofcom to direct companies to either use, or make best efforts to develop or source, technology to identify and remove illegal child sexual abuse content.”

However, the Online Rights Group and other rights groups dispute the Government’s view.

"These laws have very little information, they're called skeleton laws. They have the bare bones of what they need in order to pass in Parliament but they leave a lot of stuff out to be decided later on,” Dr Horten stressed.

“The Government is doing again with the Online Safety Bill what they did with the illegal immigration bill – the same sorts of sly manoeuvres that they have done with other bills, but because it's so technical, the bill is getting past slowly because the peers and the public don’t understand it.”

Amendments up for debate on Ofcom’s powers

Whatsapp, Signal and many other tech firms have warned that backdoors cannot be built into their services without breaking encryption (Adem AY/Unsplash)

The controversy that has had the tech industry and privacy experts up in arms for more than two years surrounds Clause 111 of the Online Safety Bill, often known as the “spy clause”.

This clause gives Ofcom the power to write “technology notices” to tech firms that it believes are not complying with the rules to protect users on their platforms. These notices can demand that any encrypted messaging app or public social media platform scan all messages sent by users for child sexual abuse material (CSAM).

While the Government says that third-party software is able to do this without infringing users’ privacy, the tech industry – led by the likes of WhatsApp, Signal, Facebook and Apple – have repeatedly said publicly that it is impossible to put a backdoor into their technologies without breaking encryption, which means that both hackers and the authorities will have access to our private messages.

“There is no such thing as a safe backdoor to encryption. If a backdoor is known to exist, it will be found and exploited by criminals and malicious governments, making everyone less safe. Nor is client-side scanning is the answer,” said Robin Wilton, director of internet trust at the Internet Society.

“Even the Government’s own Home Office-funded prototypes weren’t effective [at scanning messages] and would face legal challenges if used. Sooner or later the Government must admit that its goals are counter-productive and its proposals don’t work.”

Today, several amendments seeking to limit the Government’s powers will be up for one final debate.

They include 255, an amendment to Clause 111, introduced by Lord Daniel Moylan and Baroness Claire Fox, which states that if what Ofcom is asking for would require the regulator to weaken or remove encryption, then it would not be allowed to do so.

While digital rights groups do not believe there is enough support for this amendment, they are hoping the Government’s powers will be restricted by two other amendments, 256 and 257, tabled by Lord Wilf Stevenson and Lord Timothy Clement-Jones.

These amendments state that Ofcom should not be allowed to decide when it issues technology notices, but that a senior judge should make the final decision. The judge would need to consider evidence from the tech company in question and apply the same principles of law as the courts do.

Due to the controversy and opposition to the Online Safety Bill’s surveillance powers, the Government has introduced its own amendment 256A to the draft legislation, which will also be debated on Wednesday.

Their amendment states that a “skilled person” should be appointed by Ofcom to write a report justifying the technology notice. But the question is, who should be defined as a “skilled person”, who picks them, and would they have ties to the Government?

Dr Horten is concerned that this amendment would put mass surveillance powers back in the Government’s hands.

“The Government has never come clean on what they want to do here. The skilled person could be any type of consultant but not necessarily someone who has the right qualifications to be looking at complex technologies or gross interference of privacy,” explained Dr Horten.

“The peers have the opportunity to make it a bit less bad.”

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.