Messaging apps could be forced to check all messages for child abuse content in online safety bill amendment

A new amendment tabled for the upcoming online safety bill would require companies to identify child sexual exploitation and abuse (CSEA) content and remove it.

Previous versions of the bill only required companies to use “accredited technology” to detect CSEA and terrorist content, but the Amendment of July 6 goes further by stating that companies should further seek to use “the best efforts to develop or procure the technology” to detect and remove CSEA content.

It’s unclear whether the government has undertaken research into what form this technology might take, or whether companies expect them to fall back on “accredited technologies” such as encryption backdoors.

The clarification in the bill that the requirement applies to messages “communicated publicly or privately” is intended to extend surveillance to messages currently protected by end-to-end encryption messaging, in which messages are encrypted before being transmitted. be transmitted and are therefore only accessible by the sender. and recipient.

Under powers already established in earlier versions of the bill, Ofcom would have the power to impose fines on non-compliant companies of up to £18million or 10% of their worldwide revenue over the period. most recent complete accountant.

The government argues that giving security and law enforcement services unfettered access to encrypted messages will improve security at home and abroad, but critics have argued that once the means to circumvent message encryption are established, no message can be properly considered private.

Companies such as Meta have pledged not only to keep WhatsApp direct messages encrypted, but also to deploy end-to-end encryption on Messenger and Instagram, a move that has increasingly put them at odds with government ideology. .

The later firms have been particularly vocal in their opposition to encryption. Last year, Home Secretary Priti Patel responded to Meta’s commitment to provide end-to-end encryption on its messaging platforms in harsh terms, saying:

“Delinquency will continue, images of abused children will proliferate – but the company intends to blind itself to this problem with end-to-end encryption that prevents all access to email content.”

The bill was first published in draft form in May 2021, and since then has faced widespread criticism for providing the government with what are considered excessive powers over life. private. Digital rights and freedoms organization The Open Rights Group has been a particularly vocal critic of the bill, which is described on its website as “an Orwellian censorship machine”.

“Abandoning encryption prohibition powers would be a big step forward if confirmed in the bill. Today, Ukrainians and Russian dissidents rely on encryption to protect themselves from real harm.

“We have repeatedly warned the government that attacks on encryption will only help blackmailers, scam artists and other criminals,” Open Rights Group executive director Jim Killock said in a statement. blog post.

WhatsApp was first launched in 2009, but it wasn’t until two years after the company was acquired by Facebook (now Meta) in 2014 that end-to-end encryption was fully implemented in the application. Whatsapp security product page currently promises “only you and the person you are communicating with can read or listen to what is sent, and no one in between, not even WhatsApp”.

IT professional approached Meta to comment on the bill.