The Online Safety Bill is due to make a come-back – Commons Leader Penny Mordaunt has confirmed that it is provisionally due to be debated on 5 December 2022. The Bill was introduced during the era of Boris Johnson, then delayed due to the Tory leadership race, survived Liz "Tornado" Truss, and has been trimmed and tweaked quite considerably by Rishi Sunak’s government.
The return of the Bill comes as more concerns have been raised about Ofcom’s powers under the draft Bill. In the current draft, Ofcom will have authority to require tech companies to deal with terrorism and child abuse content on private messaging apps such as WhatsApp, Facebook Messenger, Telegram and Signal.
Matthew Ryder KC was commissioned to write a report on behalf of Index for Censorship in which he points out that Ofcom would not need prior authorisation for issuing a demand for scanning messages and there is no independent oversight of such powers. The UK security services already have very broad surveillance powers under the (also highly controversial) Investigatory Powers Act 2016, but these powers are subject to legal checks and balances. Although Ofcom must consider if making such a demand would interfere with freedom of expression and privacy, Ryder believes that the law will breach human rights laws unless it is amended. The report also says that if enacted, journalists will not be properly protected from state surveillance risking source confidentiality and endangering human rights defenders and vulnerable communities.
Index for Censorship has also called on to the UN special rapporteurs to intervene in the legislation.
It is not the first time that these concerns have been raised, as the DCMS select committee scrutinising the Bill recommended that the government give more clarity to providers with encrypted services on how they should comply with the safety duties. The Open Rights Group has also raised concerns.
However, other commentators say that the powers would be used very infrequently and image scanning would be used without the underlying protocols being affected. The government has reportedly said that: “Strong encryption protects our privacy and our online economy but end-to-end encryption can be implemented in a way which is consistent with public safety. The Bill ensures that tech companies do not provide a safe space for the most dangerous predators online”.
In addition, the ICO and Ofgem recently published a statement about their shared regulatory aims and how they intend to work closely together to ensure coherence between the online safety and data protection regimes. The statement talks about encryption and mentions that the Digital Regulation Cooperation Forum met to consider issues earlier this year but there is as yet no further detail.
Similar concerns have been raised in Australia. In 2018, the heads of Australia’s law enforcement and intelligence agencies were given broad powers by the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 to gain access to encrypted communications. Key issues around Australia’s encryption laws are oversight and the scope of the laws. Those opposed to the laws want more oversight and a narrower scope.
When the Bill returns to Parliament, MPs and the Lords will need to consider these issues and hopefully find a compromise. The government has already announced fairly significant changes to the Bill, which we will cover separately.
“The provisions in the Online Safety Bill that would enable state-backed surveillance of private communications contain some of the broadest and powerful surveillance powers ever proposed in any Western democracy. It is our opinion that the powers conceived in the Bill would not be lawful under our common law and existing human rights legal framework.”