U.K. Online Safety Bill Becomes Law ⇥ bbc.com

Imran Rahman-Jones and Chris Vallance, BBC News:

Powers in the act that could be used to compel messaging services to examine the contents of encrypted messages for child abuse material have proved especially controversial.

Platforms like WhatsApp, Signal and iMessage say they cannot access or view anybody’s messages without destroying existing privacy protections for all users, and have threatened to leave the UK rather than compromise message security.

[…]

The government has said the regulator Ofcom would only ask tech firms to access messages once “feasible technology” had been developed.

Reassuring as that may seem, you should recall that Ofcom can — in the words of Lord Parkinson — “require companies to make best endeavours to develop or source a new solution” to working around encryption with “no intention by the Government to weaken the encryption technology used by platforms” and “ensur[ing] that users’ privacy is protected”.

The aims of this bill are noble — it makes sense to ask how industry giants can mitigate the criminal or dangerous misuse of their products and services. After all, there are plenty of consumer protection laws in other fields which work well. But expecting tech platforms to solve something they and a slew of independent experts have said is impossible is, frankly, ridiculous. If there is merely an expectation that platform operators will make their best efforts, that seems like it could be fine; however, if Ofcom will require operators to trade privacy and security for law enforcement’s ease, I expect businesses that have made privacy a part of their core identity to leave the market instead of compromising.