Privacy in the UK: the Online Safety Bill

Privacy in the UK: the Online Safety Bill

Ben Thornton
Daniel Sobey-Harker
Ben Thornton, Daniel Sobey-Harker

As a Brit, embarrassment over the incompetence of our government is an all too common experience. They consistently demonstrate a frankly dire combination of callousness, arrogance, and ideological idiocy. I hear you say, “But Ben, people all around the world in all sorts of countries feel this way about their government!” and to that, I say “Yes, but have you seen the Online Safety Bill?”

The Latest Invasion

The Online Safety Bill (OSB) is the latest in a rising trend of “internet safety” laws, one that has been in the works for four years (and under four different Prime Ministers, but that's a whole other farce), has had countless amendments, and has swollen to a whopping 248 pages.

This bill follows in the footsteps of other government overreach bills, like the aptly nicknamed “Snoopers Charter” introduced in 2016.

The government’s intent with the OSB is to make the internet a safer place. Instead, they risk the privacy and safety of not just UK citizens but people the world over.

The Language of Manipulation

Like its peers across the pond, the OSB makes frequent use of an appeal to emotion that, throughout history, has been used to get people to switch off their brains and pick up their pitchforks: “Think of the children!”

By doing so, people are more likely to view the bill favorably, less likely to take a close look at the details, and anyone who criticizes it is one slanderous accusation away from having the mob at their door.

Now, before those same accusations get leveled at me, let me say that I am absolutely for protecting children; I have two myself, and I would literally and figuratively die to defend them. Being a parent is often a very scary task, with dangers seemingly lurking in every dark corner – both in the real and the digital world.

It's tempting to accept the reassurance of the law and, in fact, I'd happily support this bill if it did what it claims. But I've seen that kind of emotional appeal used to shut down discussion too many times and its use immediately raised a red flag.

The Inexperienced Regulator

The enforcement of this law has fallen to Ofcom, the UK government's regulatory and competition authority for UK broadcasting, telecoms, and postal service. They set requirements for these industries to follow – for example, drugs, smoking, and solvent and alcohol abuse must not be “condoned, encouraged, or glamorized” in programs aimed at under-18s, or shown before 9 p.m. – and fine companies found in breach. They also handle consumer complaints.

Ofcom is not, however, a tech company. While I believe they are a generally competent organization, their lack of understanding risks causing problems down the line. They have no experience, for example, with setting expectations that work with self-governing social platforms like Mastodon or Wikipedia, nor are they clued up on encryption systems. This lack of experience and knowledge is likely to lead to missteps from Ofcom when setting expectations and could lead to rulings that force companies to either break their own encryption or remove their service from the UK entirely.

The Murky Nature of “Priority Offences”

Considering laws like this can go for hundreds of pages, I've always found it incredible that they still somehow manage to be vague or open to interpretation. For the OSB, this vagueness is present in the “Priority Offences” definition, which outlines what kind of content platforms are expected to police.

There are pretty standard and expected ones that no one would bat an eye at – sexual exploitation, threats of violence, fraud, etc. There are some that more progressively minded folk might roll their eyes at, like drugs and psychoactive substances, or euthanasia.

Then, there are the alarming parts, like illegal immigration and public order offenses, that could easily be interpreted (or expanded, something the bill allows for) to penalize people for expressing favorable opinions of illegal immigrants or encouraging public protests. Most of the wording is aimed at curbing racism and other such bigotry, but, as with anything like this, its lack of ironclad specificity leaves the door open for abuse.

The Death of Encryption

However, the biggest problem with the bill is that it allows Ofcom to demand that a company scan all of their users for child abuse content. “But why is that a problem, Ben? Don't you want to catch the pedophiles?”

Of course I bloody do, but I don't want to trample over the rights of all the innocent people who could have the contents of all their private messages and files scanned without their knowledge or consent by a government body. And if I hear anyone else say, “Nothing to hide, nothing to fear!” I'll give them a Glaswegian kiss.

Worse than the blatant invasion of privacy is that many services use end-to-end encryption to protect their users’ privacy; with this bill, they could be forced to build a backdoor for them to be able to scan users for Ofcom. This backdoor would then introduce massive security risks, as malicious parties could use that to gain access and steal information.

Sucks for us Brits, amirite?

Well, adding backdoors and bypasses is something that will affect services the world over and put everyone at risk of security and privacy breaches. If they build a backdoor into WhatsApp, that backdoor will be a weakness for every WhatsApp user.

And here I thought we were past the days of the Empire, trying to impose our will on the rest of the world.

The UK government has made a statement attempting to appease anyone worried about the encryption implications, claiming that they will not be requiring these kinds of deep scans on services reliant on end-to-end encryption. Except, that's only a damage control statement (lip service, if you will), and does not accurately reflect what is actually outlined in the bill,

What Can You Do?

Honestly? Not too much. The bill has passed. But that doesn't mean we can't make ourselves heard!

If you're a Brit, tell people about it, complain about it, write to your MP, write to any MP, anyone that will listen. If you're in another country, put pressure on your political figures to put pressure on the UK government to ensure this law does not invalidate the privacy and security of non-Brits.

Beyond that, you need to protect yourself. Here, at Windscribe, we take your privacy very seriously. We have an ironclad “No Logs” policy that means even if someone comes knocking for data, we don't have any. We also have excellent security features, like our VPN Firewall, that all help to keep you safe, secure, and private.

Now that you're clued up on the absolute joke that is the Online Safety Bill, I'm going to pass you over to Daniel, who's going to give a brief history of the UK's war on digital privacy - take it away, Daniel!

Cheers, Ben!

Ben has helpfully laid out the crux of the issue and I’m taking over to just remind people why we feel so negatively about this ruling. Fellow Brits need to pay attention to these creeping extensions of power the government frequently grants itself.

A Brief History Lesson of the UK’s Poor Privacy Policies, Practices, and Protocols Perpetuate Perplexing Problems for Its Populace.

Through the power of alliteration let me guide you through various issues the UK has had with privacy over the past decade or so. Only the big ones - because we’d be here all day otherwise.

  • 2008: The Phorm Fuck-up

ISPs decided to buddy up with Phorm for some digital peeping. It's like having a bloke with binoculars outside your window but in a digital trench coat. More pixels, but just as pervy.

  • 2014: DRIPA Disaster

A year-long data retention party? Sounds fun, right? But wait, there's more! Critics were up in arms about its dodgy oversight, potential for Big Brother antics, and the invasion of our digital living rooms. It got so heated that by 2016, even the courts were calling foul on parts of it. And the speed it zipped through Parliament? Suspiciously quick, if you ask me.

  • 2016: "Snooper's Charter" Shitshow

I was on the front lines, rallying the troops against this one. It unfortunately didn't work out. Protests in the UK rarely seem to. Why, you ask? Because the government fancied a sneak peek into our DMs. And not just the police, but almost every Tom, Dick, and Harry in the government departments. I’m not sure why the DWP or Food Standards agency needs access to citizen’s internet history - but they got it anyway.

  • 2017: Encryption Evisceration

The government's bright idea? A sneaky backdoor into WhatsApp. Because nothing says "trustworthy" like lurking in the shadows. Do one, mate. Do you see a pattern here regarding encryption? That’s because the British government simply does not understand its importance, or that it’s a double-edged sword they’d be wielding.

  • 2018: Porn Passport Piss-take

Age checks for online adult fun? The Porn Passport in the UK was a flawed idea; it risked user privacy, was technologically challenging to implement, and frankly, even your nan could've seen the potential pitfalls from a mile away.

  • 2019: 'Online Harms' Horseshit

Their grand plan to police the web was, quite frankly, insane. Honestly, I've heard more sense spoken down the Liverpool Street McDonalds at 3 a.m. Truly a haphazard mashup of overreaching surveillance, threats to human rights, and rushed legislation, making it a masterclass in how not to regulate the internet

  • 2020: COVID App Clusterfuck

A sprinkle of pandemic panic, a dash of data drama. It's like trying to sober up by downing more shots. Pure brilliance.

  • 2022: Facial Recognition Fiasco

Suddenly, public spaces became the set of 'Britain's Got Surveillance'. Attempting to leapfrog ahead of even the CCP for lack of consideration for individual privacy.

In a nutshell, the UK's digital decisions over the last 15 years have been a masterclass in how to royally fuck things up. It's like watching a dog chase its tail: amusing, but utterly pointless.

Well some of you may actually be stuck in the UK, but this way you can at least avoid British servers and the UK government's invasion of your privacy

[email protected] - We're looking for passionate writers who want to get paid to pursue real investigations within our industry and fields of interest - if you think that's you, then drop me a line!

[email protected] - Email me if you're an NGO, charity, or journalist and we'll hook you up with complementary Windscribe access. You can also get in touch if you wish to collaborate with Windscribe or simply share some feedback. Cheers!

Ben Thornton
Daniel Sobey-Harker
Ben Thornton, Daniel Sobey-Harker