UK could force messaging apps to scan for child sexual abuse images

WhatsApp already uses end-to-end encryption but Meta has delayed the rollout of similar technology on Facebook Messenger and Instagram. Photograph: Phil Noble/Reuters

Encryption

Home secretary says new powers could require tech firms to remove encrypted abuse material would bring privacy and security

Heavily encrypted messaging services such as WhatsApp could be required to adopt cutting-edge technology to spot child sexual abuse material or face the threat of significant fines, under new changes to UK digital safety legislation.

The amendment to the online safety bill would require tech firms to use their “best endeavours” to deploy new technology that identifies and removes child sexual abuse and exploitation content (CSAE).

It comes as Mark Zuckerberg’s Facebook Messenger and Instagram apps prepare to introduce end-to-end encryption, amid strong opposition from the UK government, which has described the plans as “not acceptable”.

Priti Patel, a longstanding critic of Zuckerberg’s plans, said the change in the law balanced the need to protect children while providing privacy for online users.

The home secretary said: “Child sexual abuse is a sickening crime. We must all work to ensure criminals are not allowed to run rampant online and technology companies must play their part and take responsibility for keeping our children safe.

“Privacy and security are not mutually exclusive – we need both, and we can have both and that is what this amendment delivers.”

Child safety campaigners have warned that heavy encryption would prevent law enforcement, and tech platforms, from seeing illegal messages by ensuring that only the sender and recipient can view their content – a process known as end-to-end encryption. However, officials said the amendment is not an attempt to stop the rollout of more such services and that any technology deployed would have to be effective and proportionate.

Zuckerberg’s Meta business, which also owns the encrypted WhatsApp messaging service, is delaying introducing its Messenger and Instagram plans until 2023.

Vetting private messages for child abuse material has proved controversial, with campaigners warning of negative consequences for user privacy. One controversial method that could be considered by the communications watchdog, which is overseeing implementation of the bill, is client-side scanning. Apple has delayed plans to introduce the technology, which would involve scanning user images for child sexual abuse material before uploading them to the cloud. The company has proposed deploying a technique which would compare photos with known images of child abuse when users opted to upload them to the cloud.

Under the proposed amendment the Ofcom watchdog will be able to demand that tech firms deploy or develop new technology that can help find abuse material as well as stopping its spread. The amendment tightens an existing clause in the bill which already gives Ofcom the power to require deployment of “accredited technology”. The change will now require companies to use their “best endeavours” to deploy or develop “new” technology if the existing technology is not suitable for their platform.

If a company fails to adopt that technology, Ofcom has the power to impose fines of up to £18m or 10% of a company’s global annual turnover – whichever is higher. The online safety bill returns to parliament next week after being scrutinised by a committee of MPs and is expected to become law around the year end or early 2023.

There are between 550,000 and 850,000 people in the UK who pose a sexual risk to children, according to the National Crime Agency. “We need tech companies to be there on the frontline with us and these new measures will ensure that,” said Rob Jones, NCA director general for child sexual abuse.

Read More

Dan Milmo Global technology editor