Published Apr 06, 2023 by Xiph
The United Kingdom’s Online Safety Bill has some genuinely good intentions to better protect children and others online, but as it stands, it also threatens basic privacy and introduces the prospect of ever-creeping censorship and blanket surveillance.
What is the Online Safety Bill?
Billed as a world-first, the UK’s Online Safety Bill aims to introduce a new regulatory regime to address illegal and harmful content online. It’s been drafted under the guise of preventing the spread of harmful content, in particular child exploitation content, and cyberbullying. Provisions in the legislation require companies to actively scan private conversations and user interactions for abusive/hateful content, child abuse images, or terroristic material. The law applies to messaging apps, social media sites including Facebook, YouTube, and Twitter, and search engines like Google and Bing.
Signal and WhatsApp fight back
Some of the provisions in the Online Safety Bill would require secure messaging apps to monitor (and therefore read) communications content within their respective platforms on the lookout for harmful content. This would essentially undermine the end-to-end encryption protocols we rely on for privacy. Encrypted messaging apps like Signal, WhatsApp and Element have threatened a boycott if the Bill is passed in its current form.
Read more: What is encryption & how does it protect your data?
On a broader scale, privacy and civil liberty advocates argue the Bill undermines internet freedom and legitimises censorship under the guise of curbing child sexual exploitation and online abuse. Experts also raised concerns it could be used as a precedent for other countries in the European Union (EU) and outside.
What does the Online Safety Bill do?
In a nutshell, the Online Safety Bill will make companies who deal with user-generated content legally responsible for what’s published and shared on their sites and platforms.
Social media sites and other organisations will be required to remove harmful content as soon as they become aware of it, or prevent it from appearing in the first place, although the definition of what constitutes ‘harmful content’ is still loose. This will include removing images related to children’s sexual abuse, cyber flashing (obscene pictures shared by/to strangers online), and content promoting self-harm, and terrorism. News organisations and users delivering journalistic material online will be exempt from these obligations under the Bill.
The largest platforms, including Facebook, Instagram, and TikTok, will have to provide adult users with ‘tools’ to help reduce the likelihood of certain types of content appearing in their feeds. This may include content that promotes or encourages eating disorders or self-harm, or racist, antisemitic, or misogynistic content.
Moreover, social media companies will have to keep underage children off their platforms by enforcing stricter age-verification processes. This will especially apply to pornography sites and dating apps and anywhere online where children are likely to be groomed. In some cases, it may include monitoring private chats for child sexual abuse material.
The Bill will require social media and search engine platforms to be more transparent in their terms and conditions, and clearly state what type of legal content is allowed and what isn't. This is meant to empower users to make more informed decisions before joining a platform. Companies will also need to be more transparent on how and when they’ll enforce these conditions.
The Online Safety Bill will also force online platforms to act against scam adverts published or hosted on their services and other user-generated scams.
Companies who fail to comply could face fines of up to £18 million (AUD $33 million), or 10% of their global annual turnover, whichever is greater.
A revised version of the Bill is currently undergoing review, pending a clearer legal framework on how to treat various types of content posted online and shared between people.
What precedent is the Online Safety Bill setting?
The UK’s Online Safety Bill is a good first step to make companies more accountable for the abuse, fraud and other nefarious activities happening on their platforms, and to make them legally more transparent with their users. However, some of its provisions hinge slightly on state surveillance and censorship. It also threatens to eradicate secure messaging apps and people’s right to have private conversations. The proposed legislation is more akin to laws we’ve seen from authoritarian regimes like Russia and China. Yet, the EU has already introduced a similar wide-ranging content regulation legislation under the Digital Services Act (DSA) and Australia was even ahead of the curve with its murky metadata retention laws with the Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015 currently undergoing review.
Privacy concerns
It can be argued the Online Safety Bill curtails our right to privacy and freedom of expression. Provisions that require companies to actively scan private chats for child abuse or terroristic material are the biggest red flag − and could spell the end of end-to-end encryption technology as we know it. End-to-end encryption ensures governments, companies, and third parties can’t view or access private messages, pictures, or our bank account details. Weakening encryption may open the door to a new class of hacking should private conversations get leaked and tampered with. There’s also no clear definition of what constitutes ‘legal but harmful’ content, which means it’s very much open to manipulation by media and state players.
A final word
The UK’s Online Safety Bill will impose a duty of care on social media platforms and search engines to regulate the content posted and shared on their platforms, with the overarching aim to protect users, especially children. While this aim is noble in theory, the Bill fails to strike the right balance between protecting online users from harm and not curtailing their privacy and freedom of expression. For more information, contact us via email: enquiries@xiphcyber.com.
Posted in: Security