Government denies U-turn on encrypted messaging row

Cyber correspondent Joe Tidy explains how end-to-end encryption works

The government has denied it is changing plans to force messaging apps to access users' private messages if requested by the regulator Ofcom.

There has been a stand-off between the UK government and tech firms over a clause in the Online Safety Bill relating to encrypted messages.

These are messages that can only be seen by the sender and recipient.

The Bill states that if there are concerns about child abuse content, tech companies might have to access it.

But platforms like WhatsApp, Signal and iMessage say they cannot access or view anybody's messages without destroying existing privacy protections for all users, and have threatened to leave the UK rather than compromise message security.

The debate had raged for several months and for some had turned into an argument about privacy versus security. The government insists it wants both.

The Online Safety Bill is due to be passed in autumn and is back in the House of Lords for its final reading on Wednesday.

A new statement concedes that the tech to access messaging without breaking security protocols does not exist. The government announced it in the House of Lords this afternoon, but it denied its position had changed.

Indeed, earlier versions of the Bill do state that the regulator Ofcom would only ask tech firms to access messages once "feasible technology" had been developed which would specifically only target child abuse content and not break encryption.

It has tasked tech firms with inventing these tools.

"As has always been the case, as a last resort, on a case-by-case basis and only when stringent privacy safeguards have been met, [the Bill] will enable Ofcom to direct companies to either use, or make best efforts to develop or source, technology to identify and remove illegal child sexual abuse content - which we know can be developed," said a government spokesperson.

Some security experts suggest such tech may never exist, and the tech firms themselves say it is not possible.

"Hope this brings pause to the global wave of proposals premised on similar magical thinking," posted Amber Kak, who sits on the board of the secure messaging app Signal.

But Matthew Hodgkinson, who runs the British-based messaging platform Elements, said the latest version of the bill was "kicking the can down the road".

"All 'until it's technically feasible' means is opening the door to scanning in future rather than scanning today," he said.

Another view is that this is an attempt at a last-minute diplomatic resolution in which neither the tech firms nor the government lose face: the government says it knew all along that the tech did not exist and removes immediate pressure from the tech firms to invent it, and the tech firms claim a victory for privacy.

Currently, the two most viable tech solutions are to either break the encryption - which would leave a backdoor open to any bad actors who found it - or introduce software which scans content on a device. It is called client-side scanning and has been dubbed "the spy in your pocket" by critics.

Children's charities like the NSPCC have described encrypted messaging as the "front line" of child abuse because of privacy settings.

But privacy campaigners say everybody has a right to privacy protection.

Additional reporting by Liv McMahon and Philippa Wain