After months of pushback from Big Tech and privacy advocates, UK lawmakers have dropped a controversial clause in their Online Safety Bill that would have allowed regulators access to private messages sent using end-to-end encryption – all because the technology is not currently feasible.
“It remains undeniably true that it is not possible to create a technological system that can scan the contents of private electronic communication while preserving the right to privacy,” said Amnesty International’s director of tech Rasha Abdul Rahim in a statement about the 'spy bill' provision released Tuesday.
Clause 122, which was added to the Online Safety Bill by British parliamentarians last September, was set to enter its final stages in the House of Lords on Wednesday, but in a 180° turn, lawmakers announced they have ditched the provision, at least for now.
“This is huge. Absolutely huge. Government has conceded that the Online Safety Bill's spy clause on end-to-end encryption was built on magical thinking... I'm speechless," said tech policy insider and privacy advocate Heather Burns on X (formally known as Twitter).
The main premise of the Online Safety Bill will require the owners of social media platforms, such as Meta’s Facebook and Instagram, to remove all illegal content, such as that relating to terrorism and incitement to violence, and protect children from pornography and material relating to suicide and self-harm.
By failing to do so, tech companies could face financial penalties of up to £18 million (about $22.5 million) or 10% of annual revenue, whichever is greater.
Critics of the Bill have been especially vocal about a provision, Clause 122, that would force social media and messaging platforms to scan users' encrypted private communications for this type of prohibited content.
Additionally, the clause would empower the UK Office of Communications (Ofcom) to issue notices to the providers of these messaging services, requiring them to develop and deploy software that can carry out the scans, said Rahim.
“It would leave everybody in the UK – including human rights organizations and activists – vulnerable to malicious hacking attacks and targeted surveillance campaigns. It also sets a dangerous precedent,” Rahim added.
In June, Apple had said removing critical end-to-end encryption could put UK citizens at "greater risk,” leaving journalists, human rights activists, diplomats, and everyday citizens vulnerable to “surveillance, identity theft, fraud, and data breaches.”
Encrypted messaging apps like WhatsApp, Signal, and others have also threatened to pull services from the UK if the bill moves forward.
It's not over yet
The big caveat here is that there are no guarantees that Clause 122 will not find its way back to the UK lawmakers' strategy table.
In a statement about the decision, UK officials said the government's position on the issue “has not changed.”
They also said that under certain circumstances, the government could still “enable Ofcom to direct companies to either use, or make best efforts to develop or source, technology to identify and remove illegal child sexual abuse content — which we know can be developed.”
UK policy and regulation specialist Richard Collard, head of child safety online policy at the National Society for the Prevention of Cruelty to Children, said: “Our polling shows the UK public overwhelmingly support measures to tackle child abuse in end-to-end encrypted environments.”
More from Cybernews:
Subscribe to our newsletter