UK pulls back from clash with Big Tech over private messaging

Receive free Internet privacy updates

We’ll send you a myFT Daily Digest email rounding up the latest Internet privacy news every morning.

The UK government has conceded it will not use controversial powers in the online safety bill to scan messaging apps for harmful content until it is “technically feasible” to do so, postponing measures that critics say threaten users’ privacy.

In a statement to the House of Lords on Wednesday afternoon, junior arts and heritage minister Lord Stephen Parkinson sought to mark an eleventh-hour effort to end a stand-off with tech companies, including WhatsApp, that have threatened to pull their services from the UK over what they claimed was an intolerable threat to millions of users’ privacy and security.

Parkinson said that Ofcom, the tech regulator, would only require companies to scan their networks when a technology was developed that was capable of doing so. Many security experts believe it could be years before any such technology is developed, if ever.

“A notice can only be issued where technically feasible and where technology has been accredited as meeting minimum standards of accuracy in detecting only child sexual abuse and exploitation content,” he said.

The online safety bill, which has been in development for several years and is now in its final stages in parliament, is one of the toughest attempts by any government to make Big Tech companies responsible for the content that is shared on their networks.

Social media platforms have railed against provisions in the bill that would allow the UK regulator to force them to allow their encrypted messages to be monitored for harmful content, including child sexual exploitation material.

WhatsApp, owned by Facebook’s parent Meta, and Signal, another popular encrypted messaging app, are among those that have threatened to exit the UK market should they be ordered to weaken encryption, a widely used security technology that allows only the sender and recipient of messages to view a message’s contents.

Meredith Whittaker, the president of Signal, described the government’s move as “a victory, not a defeat” for the tech companies.

“Of course, this isn’t a total victory,” she wrote on X, formerly known as Twitter. “We would have loved to see this in the text of the law itself. But this is nonetheless huge, and insofar as the guidance for implementation will have the force to shape Ofcom’s implementation framework, this is, again, very big and very good.”

Officials have privately acknowledged to tech companies that there is no current technology able to scan end-to-end encrypted messages that would not also undermine users’ privacy, according to several people briefed on the government’s thinking.

Critics have long argued such a technology does not exist and that current scanning technologies have been found to make errors, wrongly identifying safe content as harmful, and requiring flagged material to be checked by human monitors, therefore exposing private content.

The government said on Wednesday that its position on the issue “has not changed”.

“As has always been the case, as a last resort, on a case-by-case basis and only when stringent privacy safeguards have been met, [the legislation] will enable Ofcom to direct companies to either use, or make best efforts to develop or source, technology to identify and remove illegal child sexual abuse content — which we know can be developed,” the government said.

Parkinson added in the Lords: “It is right that Ofcom should be able to require technology companies to use their considerable resources and their expertise to develop the best possible protections for children in encrypted environments.” But he did not give any details.

Child safety campaigners have spent years pushing the government to be tougher on tech companies over abuse material that is shared on their apps.

Richard Collard, head of child safety online policy at the National Society for the Prevention of Cruelty to Children, said: “Our polling shows the UK public overwhelmingly support measures to tackle child abuse in end-to-end encrypted environments. Tech firms can show industry leadership by listening to the public and investing in technology that protects both the safety and privacy rights of all users.”

Additional reporting by John Thornhill