The UK's disgraceful Online Safety Bill has passed through Parliament and will soon become law. The wide-ranging legislation, which is likely to affect every internet user in the UK and any service they access, and generate mountains of onerous red tape
for any internet business stupid enough to be based in Britain. Potential impacts are still unclear and some of the new regulations are technologically impossible to comply with.
A key sticking point is what the legislation means for end-to-end
encryption, a security technique used by services like WhatsApp that mathematically guarantees that no one, not even the service provider, can read messages sent between two users. The new law gives regulator Ofcom the power to intercept and check this
encrypted data for illegal or harmful content.
Using this power would require service providers to create a backdoor in their software, allowing Ofcom to bypass the mathematically secure encryption. But this same backdoor would be abused by
hackers, thieves, scammers and malicious states to snoop, steal and hack. Beyond encryption, the bill also brings in mandatory age checks on pornography websites and requires that websites have policies in place to protect people from harmful or
illegal content. What counts as illegal and exactly which websites will fall under the scope of the bill is unclear, however.
Neil Brown at law firm decoded.legal says Ofcom still has a huge amount of work to do. The new law could plausibly affect any
company that allows comments on its website, publishes user-generated content, transmits encrypted data or hosts anything that the government deems may be harmful to children, says Brown:
What I'm fearful of is that
there are going to be an awful lot of people, small organisations - not these big tech giants -- who are going to face pretty chunky legal bills trying to work out if they are in scope and, if so, what they need to do.