House of Lords Passes U.K. Online Safety Bill, Which Is Still Very Bad

Chris Vallance, BBC News:

Peers have passed a controversial new law aimed at making social media firms more responsible for users’ safety on their platforms.

The Online Safety Bill has taken years to agree and will force firms to remove illegal content and protect children from some legal but harmful material.


Lawyer Graham Smith, author of a book on internet law, said the bill had well-meaning aims, but in the end it contained much that was problematic.

“If the road to hell is paved with good intentions, this is a motorway,” he told the BBC.

Remember how, a couple of weeks ago, there was lots of press coverage celebrating an apparent withdrawal of provisions in the bill which required encryption to be broken, largely based on a Financial Times report? You may recall my subtly different interpretation based on the actual words of Lord Parkinson promoting the bill’s passage, and an actual reading of the text of the bill, which indicated that regulators would be granted the power to build something impossible.

Well, I do not mean to gloat — this is a very serious issue — but it seems I was right. Did that sound like gloating? Sorry.

The Electronic Frontier Foundation:

A clause of the bill allows Ofcom, the British telecom regulator, to serve a notice requiring tech companies to scan their users–all of them–for child abuse content.This would affect even messages and files that are end-to-end encrypted to protect user privacy. As enacted, the OSB allows the government to force companies to build technology that can scan regardless of encryption–in other words, build a backdoor.

Glyn Moody, Techdirt:

So it seems the UK government’s idea is that Internet companies will be ordered to come up with ways to break end-to-end encryption while maintaining privacy. But don’t worry, because that magic encryption backdoor will only be there as a “safety net”, not as something that will ever be used routinely. Of course.

It seems plausible to me for regulators to avoid making any immediate orders that providers of encrypted messaging services should do the impossible. But one day a model case will come along — and we will be having this discussion all over again.

By the way, it is not just encrypted messaging which has been put at risk in the U.K. because of this bill. The resources of the Wikimedia Foundation will probably be blocked in the U.K. because those sites — wisely — do not engage in mass data collection or user profiling, so they cannot effectively verify users’ ages.