UK pushing for on-device scanning for child abuse materials

Britain's government is proposing legislation that would require WhatsApp, Facebook Messenger, and Apple's Messages to adopt automatic scanning for child sexual abuse material.

Also known in the UK as child sexual abuse and exploitation content (CSAE), the proposal from controversial Home Secretary Priti Patel wants to amend the country's digital safety legislation.

It follows Patel's praising of Apple's child sexual abuse material (CSAM) moves that she published after the company had instead delayed the technology. According to The Guardian, it also follows Patel's criticism of Mark Zuckerberg's plans to add end-to-end encryption to Instagram and Messenger.

"Child sexual abuse is a sickening crime," Patel said. "We must all work to ensure criminals are not allowed to run rampant online and technology companies must play their part and take responsibility for keeping our children safe."

"Privacy and security are not mutually exclusive," she continued, "we need both, and we can have both and that is what this amendment delivers."

The proposal would affect Big Tech firms such as Apple and Google. It does not, however, come under the aegis of the UK's big tech regulator — because that has been formed without any powers.

Instead, Patel's proposal is for a legislative amendment that would see the country's Ofcom communications regulator gain further powers. The proposal is expected to become law after it returns to parliament later in July.

If it does, then Ofcom would have the ability to impose fines of up to either 10% of a company's global turnover or $21.4 million, whichever is higher.

Ofcom already has the authority to require companies to deploy what it calls "accredited technology." The change would step that up to require firms to use "best endeavours" to use or to develop new technology to do this job.

That previous Ofcom regulation applied to how the UK requires cloud services to scan for CSAM content. The most significant element of the amendment is that it would now require them to also scan secure messages.

Consequently, companies would either have to produce an on-device scanning system, or introduce scanning for messages in-flight. The latter would therefore break end-to-end encryption.

The UK has previously objected to end-to-end encryption, and has used the issue of child abuse materials as part of that.

Apple delayed its CSAM technology following criticism from security experts, including those who developed a CSAM scanning system.