Lord Kamall raises concerns over use of client-side scanning technology
A former government minister has expressed concerns that, if it passes into law in its present form, the Online Safety Bill could actually weaken the security of messaging applications used by millions of citizens.
The warning comes in the same week that senior executives of seven major apps – including representatives of WhatsApp, Signal, and Wire – jointly wrote an open letter to government which said the legislation “poses an unprecedented threat to the privacy, safety and security of every UK citizen”.
The main cause of such concerns is the provisions made in the bill for the use of so-called client-side scanning technology, which works in conjunction with the apps installed on a user’s device and is designed to scan the content of messages and other files. The intention of the measures put forward in the Online Safety Bill is that this could allow for the detection of unlawful activity – particularly the sharing of child abuse images – while offering greater security and privacy than server-side scanning, a model in which data is accessed directly from the systems of service providers such as Google, Microsoft, Apple or Facebook.
Many onlookers have expressed concern that client-side scanning could compromise apps’ use of end-to-end encryption and, thus, significantly weaken overall levels of cybersecurity for individuals and organisations.
In a piece written for PublicTechnology sister publication The House Live, Conservative peer and former minister Lord Syed Kamall said that “an unintended consequence of the bill may make apps more vulnerable to attack or interception by bad actors”.
Kamall referenced the work of the campaign group the Internet Society, which has warned that the use of client-side scanning could create a much bigger attack surface for cybercriminals to target – including communications platforms used by law-enforcement and security .
“Where criminals can go, there is no doubt that rogue and criminal states such as Russia, Iran and North Korea – all states that already pursue aggressive cyberwarfare policies – will follow,” he wrote. “Leading firms including Meta and Signal have already voiced their fears of enforced client-side scanning, even going as far to say they may be forced to withdraw services from the UK rather than weaken their platforms. As well as a risk to security, this part of the bill presents a potential threat to the UK’s leadership in tech. Can we really afford to alienate global tech firms, or put our own tech start-ups at risk by compromising their security?”
The bill is currently going through the committee stage of its passage through the House of Lords. Parliamentarians have already proposed hundreds of amendments, including changes designed to safeguard end-to-end encryption.