Tech firms get short shrift in UK legal onslaught

Wide ranging legislative programme continues to alarm tech companies and privacy campaigners alike

Tech firms were left feeling the pressure this week, as the UK proceeded with a wide-ranging legislative programme to police, filter and restrict illegal and "harmful" content.

The Kings Speech to Parliament contained proposals to amend the Investigatory Powers Act to the extent that messaging providers would have to notify the Home Office of any new security or privacy features in advance. The Investigatory Powers (Amendments) Bill is shortly scheduled for its second reading in the House of Lords.

UK IT industry trade association TechUK says of the proposed legislation that it is "monitoring this closely," having already raised concerns that it has not been consulted adequately on the proposed changes. Meredith Whittaker, privacy campaigner and CEO of encrypted messaging app Signal, said to The Financial Times that more clarity was required because of what looks like "technically confused government over-reach."

Whittaker recently reaffirmed her commitment to pull Signal services from the UK if the government assumed legal powers to break open the encrypted messages users send on its platform.

The Home Office said it had consulted industry, and that the amendment did not concern encryption. It merely updated existing powers security services had to request access to metadata describing the who, what, where when and how of communications, when required for a criminal investigation. It would require tech firms to notify the Home Office when they implemented software security tools that might effect systems they have in place to comply with police access to such data.

"To be clear, these changes do not directly relate to end-to-end encryption," it said in a policy paper yesterday.

As the Kings Speech sunk in, Ofcom was taking its first action as the UK Online Safety regulator. The regulator has set out detailed plans and draft Codes of Practice that social media, gaming, pornography and search and sharing sites can follow to ensure that they stay within the boundaries of the new Online Safety Act. The programme is so vast that Ofcom will go on releasing consultations, drafting powers and petitioning Parliament to approve them for the next four years.

The draft plans look as if they are designed to create a digital walled garden for children. They include instructions for social networks to filter child abuse images by mathematically deriving unique hash codes from individual images that people have shared on their platforms, and comparing those against a database of known images of child abuse. It also proposed curtailing search results that included content that might encourage suicide, or facilitate the purchase of illegal drugs, stalking, sexual exploitation or illegal immigration.

Whilst the consultation puts child protection at the heart of its proposals, it also proposes requiring platforms to read people's messages using keyword searches designed to detect terms that might be related to fraud, for example. There is guidance on corporate governance for tech firms and guidance on implementing facilities to help users block and report content they believe may be illegal or harmful.

Computing reached out to the firms expressing concerns about the ongoing legislative programme - Signal, Meta, Apple, and TechUK for comment.

An Apple spokesperson said it was prepared to say no more on the matter of the Investigatory Powers amendment than it submitted to the Home Office consultation in July, and no more on the Online Safety Act than it commented to the BBC in June.

Press reports had claimed multiple platforms, including Apple, had threatened to pull their services from the UK. The only public statements Apple has made on the matter included no such threats at all.