Can the Government Have Its Cake and Eat It? UK Online Safety Bill Is Live.

Kindus has discussed the progress of the UK Online Safety Bill before in March 2023 and September 2022.  The law is designed to protect vulnerable users, not just children, from exploitation on-line or exposure to harmful content.  On 19th September 2023 the Bill finally became law but without conclusively resolving the conflict between privacy and protection.  A late change was an amendment to remove animal cruelty activity from social media platforms.   The debate between protecting vulnerable users and end to end encryption still stands unresolved.

Official UK guidance that just happens to coincide with publication of the bill stresses a noble stance in favour of child safety online.  Facebook and Instagram are noted to be accounting for 85% of global referrals of child sexual abuse from tech companies.  Under the new law social media platforms are now expected to:

  • Remove illegal content quickly or prevent it from appearing in the first place, including content promoting self-harm.
  • Prevent children from accessing harmful and age-inappropriate content.
  • Enforce age limits and age-checking measures.
  • Ensure the risks and dangers posed to children on the largest social media platforms are more transparent, to include publishing risk assessments.
  • Provide parents and children with clear and accessible ways to report problems online when they do arise.

Ofcom could impose fines of up to £18 million or 10% of global avenue revenue (whichever is the greatest) for non-compliance.

The UK government has specifically noted the existing methods used by Meta to provide safety online.  These include AI detection of incidents, age verification, privacy and blocking features.  The new legal responsibilities apply irrespective of the technologies in use; this includes services using E2EE (End To End Encryption).  Meta still plan to roll out E2EE on its Messenger service before the end of 2023.  Other providers including Signal are already using this technology.

The official UK stance is that technologies do exist to track data within E2EE, citing a study by Levy and Robinson.  One example being client-side scanning of content before it is encrypted.   This technology had been proposed by Apple but has was quietly dropped in 2021.

Ciaran Martin, former head of the UK’s National Cyber Security Centre published a paper in 2021 arguing that a compromise within E2EE was not possible.  The problem was labelled as ‘cakeism’ (having your cake and eating it).  How could E2EE provide strong security yet still allow that security to be broken when strictly necessary?

It appears that the UK has a law which although noble and improving protection for the vulnerable online will not be able to applied in all cases.  The official word is that the government ‘where appropriate encourages firms to use their vast engineering and technical resources to develop solutions that work for their own platforms.’  It is usual for legislation to avoid any technical prescription of how they might be implemented.  This allows some flexibility in how they might be implemented and prevents their being overtaken by changes in technology.  At present the required technologies do not appear to exist but on a positive note waiting for an ideal solution has not postponed an important development in protecting individuals online.

More from Security

13/05/2024

eCommerce Shop Scams

Data from Security Research Labs has revealed a China based fake shopping network that they have named ‘BogusBazaar.’  They claim that: ‘As of April …

Read post

08/05/2024

Lockbit Ransomware Takedown

In February 2024 the UK National Crime Agency released details of how the NCA and other international policing agencies had disrupted the actions of …

Read post

23/04/2024

UK Cyber security breaches survey 2024

Lies, damned lies, and statistics (attributed to Disraeli) The UK Cyber Security Breaches Survey 2024 was published on 9th April 2024.  Not surprisingly it …

Read post

25/03/2024

Digital Gift Card Issues

Both Apple and Google offer gift card services for use on their App stores.  Just as it states on the tin the card can …

Read post

Sign Up

Sign up to our newsletter list here.

    Successful sign up

    Thank you for signing up to our newsletter list.

    Check your inbox for all the latest information from Kindus

    Categories