Introduced to make the UK “the safest place to be online,” the Online Safety Act has sparked controversy around digital privacy, cybersecurity, and the responsibilities of governing bodies and tech companies.
What is the Online Safety Bill
Originally introduced under past Prime Minister Theresa May, the Online Safety Bill aimed to address the challenges of “legal but harmful content.” This term refers to online material that, while not explicitly illegal, poses risks to the well-being of individuals. This includes:
- Healthcare misinformation
- Political misinformation
- Child sexual abuse
- Cyberflashing (unsolicited sexual imagery)
- Deepfake Pornography
- Promoting or facilitating suicide
- Promoting self-harm
- Animal Cruelty; and
The Online Safety Act aims to provide a framework for managing such content, balancing the need for safety with freedom of expression.
Understanding the Online Safety Act’s Implications
After years of revisions, the Act has taken a key focus on ‘protecting the children,’ from such harmful content online. Under the Online Safety Act tech companies like user-to-user services (such as TikTok, Meta, and Twitter) and search services (like Google) are required to prevent and remove content from their platforms if deemed inappropriate. This move is part of a broader initiative to enforce stricter cybersecurity measures and demand greater accountability from service providers. However, the effectiveness of this legislation in protecting vulnerable users, while also respecting online privacy and freedom continues to be a topic of debate.
The Debate: Does ‘Protecting the Children’ Cost Others Their Online Privacy?
A significant concern regarding the newly passed Online Safety Act is the potential increase in third-party monitoring and surveillance, which can easily undermine user privacy and data encryption. Enforced by OFCOM, tech companies will need to follow any requests made to scan their users’ activity to ensure they adhere to this legislation. However, OFCOM is the UK’s main regulatory authority, not tech experts. While their role has expanded to include oversight of these digital platforms, concerns have been raised regarding whether complex issues like encryption and protecting user privacy are within their expertise.
The Encryption Dilemma
What is Encryption?
End-to-end encryption underscores the secure exchange of communication by ensuring that only communicating users can read these messages. The data (message, file or email), on the sender’s device is encrypted while it travels across any network to the recipient’s device, who will be the only person that can decrypt and read this information. This is vital for any communication service as protects user privacy by preventing unwanted third parties from reading these messages.
Section 122: A Closer Look
Chapter 5, Section 122 of the Act focuses on dealing with terrorism and child sexual exploitation and abuse (CSEA) content. Companies are required to use “accredited technology,” to identify and prevent this content from being seen or posted.
Section 126 (12), defines this term, whereby ‘technology is “accredited” if it is accredited (by OFCOM or another person appointed by OFCOM) as meeting minimum standards of accuracy in the detection of terrorism content or CSEA content as the case may be.’
However, the lack of clarity in the guidelines set out raises significant concerns about the potential for mass surveillance and the risk to individual privacy rights:
- OFCOM’s traditional role in regulating broadcasting, telecommunications and other services in the UK brings into question whether they are well equipped to understand and accredit such advanced technology.
- Chapter 5’s requirements of using “accredited technology” for detecting harmful content raises questions regarding the integrity of end-to-end encryption and whether user privacy rights will be protected.
- The vagueness in the Act about “accredited technology standards” and how they align with privacy concerns poses a crucial point as to whether the British Government has established a balance between protecting vulnerable individuals and protecting online privacy.
What’s the UK Doing About It?
The real question is whether a technology currently exists that can effectively balance ‘invasive scanning’ and ‘end-to-end encryption.’
Lord Stephen Parkinson of Whitley Bay seems to think so, writing in a letter to the House of Lords: “We have seen companies develop such solutions for platforms with end-to-end encryption before,” wrote Parkinson. And yet, UK news outlets have reported that the British government has privately acknowledged that no technology could examine end-to-end encrypted messages without invading user privacy.
Platforms like WhatsApp, Signal and iMessage, have also come forward confirming that they cannot access or view anybody’s messages without destroying existing privacy protections for all users, even threatening to leave the UK rather than compromise message security.
As such, scanning messages for harmful content requires breaking end-to-end encryption, potentially creating backdoors that malicious third parties could exploit to access these messages.
Therefore, not only do tech companies need to either create or find new solutions that meet the vaguely defined “accredited technology” standard, but the Online Safety Act creates a broader issue about protecting online safety by shielding them from inappropriate content, while potentially harming their privacy in the process.
What Should You Do?
With the Online Safety Act being passed, it’s nearly impossible for the law to be reversed. As active users in our ever-evolving digital landscape, it is important to remain proactive in protecting your online activities. Where end-to-end encryption is at risk of being undermined, we must take proactive steps in building a digital toolkit to keep ourselves protected online.
Just as we use curtains to protect our home privacy from the outside world, isn’t it equally important to show the same respect for our online privacy?
Use a VPN
A VPN shields your online behaviours and personal data from invasive surveillance and external threats:
- Want to stop your internet service provider from viewing your browsing activity? Use a VPN.
- Don’t want your activity to be traced while surfing the net? use a VPN.
- Added bonus: Want to access content outside of your country? Use a VPN.
At Arresti VPN, we prioritise your privacy. Our strict no-logs policy and robust security features, including 256-bit encryption and IP masking, are designed to offer secure connections for all your online activities. With simple, affordable pricing, Arresti VPN stands out as a fast, reliable and affordable choice for protecting your online activities. Join the Arresti VPN Community today for comprehensive online protection at just $6.99, with a 30-day risk-free trial.
Stay informed, stay safe, and navigate the digital world with confidence.