As Age Verification Chaos Continues, UK Still Working on Breaking Encryption As Well

The UK wants to track your every movement on platforms through age verification. They also want to break into your private messages too.

It has become painfully obvious that governments around the world are using age verification to better track everything you do online – at least on large platforms anyway. Preventing minors from viewing “pornography” was little more than a cover story to accomplish this task. After all, there is a reason why governments are slowly dropping the idea that the type of content actually matters when determining whether or not platforms are required to implement age verification. So far, Australia and the US are moving towards requiring age verification on all major platform users. Such moves will no doubt prove to be highly tempting for other countries hoping to seek greater control on what is said or consumed online.

Of course, age verification isn’t the only major threat to internet users going around even if it is currently the most visible. For years, governments have also been working on laws that also break encryption as well. Canada did push for a crackdown on encryption through Bill C-26 in a previous government. More recently, the Canadian government also pushed Bill C-2 which is Canada’s “Lawful Access” bill that would bring about a higher degree of surveillance on citizens. The move reignites a multi-decade fight over Canadian right to privacy. Since government is currently on holidays, progress on the latter bill is, mercifully, at a standstill. While in countries like Canada, it is still being fought out in the political and digital rights front like here on Freezenet, in the UK, that debate is much further along then it should be.

Anti-encryption provisions have long been part of the UKs Online Safety Act. This has been something we’ve long warned about as well. Unfortunately, this is no longer just a political fight over legislation, but rather, the law of the land now. Already, the UK government has gone after Facebook and Apple, demanding that they “safely” break their encryption (which is basically asking the impossible). For those with long memories, this is the same law that Signal threatened to leave the UK over. We here at Freezenet have a tendency to call a spade a spade and call these efforts for what they really are: a ban on effective encryption.

Though, curiously, things went silent in recent months on this very issue. This has left room for speculation on what the heck is going on. TechRadar has published a good reminder that the anti-encryption effort is still a thing and offers speculation over what has been happening during this weird quiet time:

Deemed by critics as the “spy clause,” Section 122 of the Online Safety Bill introduced a requirement for tech companies to client-side-scan private and encrypted messages in the lookout for illegal content, such as terrorism or child sexual abuse material.

Client-side scanning, the process of analyzing data on a device before or after it’s encrypted/decrypted, is a practice that experts have long argued cannot happen without breaking the security infrastructure of encrypted services and violating people’s privacy.

Back in 2023, as the bill was about to become law, popular messaging apps like WhatsApp and Signal threatened to leave the UK if the legislation was implemented as it was.

Such a strong backlash brought the UK government to a bold decision – the scanning included in Article 122 would be halted until it is “technically feasible” to do so.

So, two years on, what happened to the spy clause?

According to the Internet Society’s Senior Director for Internet Trust, Robin Wilton, there are two possibilities authorities are looking at.

The first will be simply scanning the messages before being encrypted. This would mean preemptively looking at everyone’s communications, “and that should be unacceptable from the outset, certainly in the EU it would be interpreted as a general monitoring obligation,” Wilton told Techradar.

This may leave authorities with only one feasible option – forcing device manufacturers to create a technical switch that law enforcement can turn on to access suspects’ chats before being encrypted. A plan that seems to echo the push in the EU to make digital devices monitorable at all times.

Certainly more targeted, but “that’s putting the technology of mass surveillance onto every device that everyone has,” said Wilton. “I don’t think governments should be contemplating that either.”

So, things appear to still be in the works for hashing out the security concerns over a problem that cannot be solved – specifically, how to “safely” break encryption. In the context of age verification, whatever encryption is being employed to handle personal information will be required to be compromised for the governments benefit. This leads to the very real possibility that such communication would be easier to break into by unauthorized third parties.

This, of course, goes over top of the overarching problems such as the fact that the government is trying to spy on your encrypted private communications and what these laws mean for other forms of encryption (i.e. banking information) as well. After all, without encryption, the entire e-commerce industry simply wouldn’t be possible. No sane person is going to wire funds when they know that information can be intercepted. After all, in that scenario, if you are going to buy something with a credit card online, you might as well be handing it to every identity thief out there. This isn’t even getting into the conflict this has with the European General Data Protection Regulation (GDPR).

At any rate, we appear to be living on borrowed time as far as UK residents are concerned. After all, we are staring down the barrel of the same level of chaos that has rocked platforms over age verification. Hopefully, this stays in the halls of government before it ultimately gets overturned, but I think that might be little more than wishful thinking.

Drew Wilson on Mastodon, Twitter and Facebook.