Former tech minister warns Online Safety Bill could weaken apps’ cyber protection

Written by Sam Trendall on 21 April 2023 in News

Lord Kamall raises concerns over use of client-side scanning technology

Credit: StockSnap/Pixabay

A former government minister has expressed concerns that, if it passes into law in its present form, the Online Safety Bill could actually weaken the security of messaging applications used by millions of citizens.

The warning comes in the same week that senior executives of seven major apps – including representatives of WhatsApp, Signal, and Wire – jointly wrote an open letter to government which said the legislation “poses an unprecedented threat to the privacy, safety and security of every UK citizen”.

The main cause of such concerns is the provisions made in the bill for the use of so-called client-side scanning technology, which works in conjunction with the apps installed on a user’s device and is designed to scan the content of messages and other files. The intention of the measures put forward in the Online Safety Bill is that this could allow for the detection of unlawful activity – particularly the sharing of child abuse images – while offering greater security and privacy than server-side scanning, a model in which data is accessed directly from the systems of service providers such as Google, Microsoft, Apple or Facebook.

Related content

Many onlookers have expressed concern that client-side scanning could compromise apps’ use of end-to-end encryption and, thus, significantly weaken overall levels of cybersecurity for individuals and organisations.

In a piece written for PublicTechnology sister publication The House Live, Conservative peer and former minister Lord Syed Kamall said that “an unintended consequence of the bill may make apps more vulnerable to attack or interception by bad actors”.

Kamall referenced the work of the campaign group the Internet Society, which has warned that the use of client-side scanning could create a much bigger attack surface for cybercriminals to target – including communications platforms used by law-enforcement and security .

“Where criminals can go, there is no doubt that rogue and criminal states such as Russia, Iran and North Korea – all states that already pursue aggressive cyberwarfare policies – will follow,” he wrote. “Leading firms including Meta and Signal have already voiced their fears of enforced client-side scanning, even going as far to say they may be forced to withdraw services from the UK rather than weaken their platforms. As well as a risk to security, this part of the bill presents a potential threat to the UK’s leadership in tech. Can we really afford to alienate global tech firms, or put our own tech start-ups at risk by compromising their security?”

The bill is currently going through the committee stage of its passage through the House of Lords. Parliamentarians have already proposed hundreds of amendments, including changes designed to safeguard end-to-end encryption. 


About the author

Sam Trendall is editor of PublicTechnology. He can be reached on


Share this page




Please login to post a comment or register for a free account.

Related Articles

UKCloud collapse caused ‘no unexpected service disruptions or cost to public purse’
30 May 2023

Minister says that all public-sector customers have now moved to alternative provider

Interview: CDDO chief Lee Devlin on the ‘move from being disruptive to collaborative’
23 May 2023

In the first of a series of exclusive interviews, the head of government’s ‘Digital HQ’ talks to PublicTechnology about the Central Digital and Data Office’s work to unlock £8bn...

Government urged to update product safety standards for internet age
15 May 2023

Parliamentary committee laments pace of progress so far in changing rules

Government formally unveils annual independent cyber audits for all departments
24 April 2023

Ministerial announcement follows initial examinations of Home Office and business department earlier this year

Related Sponsored Articles

Proactive defence: A new take on cyber security
16 May 2023

The traditional reactive approach to cybersecurity, which involves responding to attacks after they have occurred, is no longer sufficient. Murielle Gonzalez reports on a webinar looking at...