Online Safety Bill Debate
Full Debate: Read Full DebateDepartment: Department for Digital, Culture, Media & Sport
Baroness Fox of Buckley
Main Page: Baroness Fox of Buckley (Non-affiliated - Life peer)Department Debates - View all Baroness Fox of Buckley's debates with the Department for Digital, Culture, Media & Sport
Online Safety Bill
Baroness Fox of Buckley ExcerptsWednesday 19th July 2023
(9 months, 2 weeks ago)
Lords ChamberRead Full debate Online Safety Act 2023 View all Online Safety Act 2023 Debates Read Hansard Text Watch Debate Read Debate Ministerial Extracts Amendment Paper: HL Bill 151-V Fifth marshalled list for Report - (17 Jul 2023)
Baroness Stowell of Beeston (Con)
My Lords, as the noble Lords, Lord Stevenson and Lord Clement-Jones, have already said, the Communications and Digital Select Committee did indeed recommend a new Joint Committee of both Houses to look specifically at the various different aspects of Ofcom’s implementation of what will be the Online Safety Act and ongoing regulation of digital matters. It is something I still have a lot of sympathy for. However, there has not been much appetite for such a Joint Committee at the other end of the Corridor. I do not necessarily think we should give up on that, and I will come back to that in a moment, but in place of that, I am not keen on what is proposed in Amendment 239, because my fear about how that is laid out is that it introduces something that appears a bit too burdensome and probably introduces too much delay in implementation.
To return to the bigger question, I think that we as parliamentarians need to reflect on our oversight of regulators, to which we are delegating significant new powers and requiring them to adopt a much more principles-based approach to regulation to cope with the fast pace of change in the technological world. We have to reflect on whether our current set-up is adequate for the way in which that is changing. What I have in mind is very much a strategic level of oversight, rather than scrutinising operational decisions, although, notwithstanding what the noble Lord has said, something specific in terms of implementation of the Bill and other new legislation is an area I would certainly wish to explore further.
The other aspect of this is making sure that our regulators keep pace too, not just with technology, and apply the new powers we give them in a way which meets our original intentions, but with the new political dynamics. Earlier today in your Lordships’ Chamber, there was a Question about how banks are dealing with political issues, and that raises questions about how the FCA is regulating the banking community. We must not forget that the Bill is about regulating content, and that makes it ever more sensitive. We need to keep reminding ourselves about this; it is very new and very different.
As has been acknowledged, there will continue to be a role for the Communications and Digital Select Committee, which I have the great privilege of chairing, in overseeing Ofcom. My noble friend Lord Grade and Dame Melanie Dawes appeared before us only a week ago. There is a role for the SIT Committee in the Commons; there is also probably some kind of ongoing role for the DCMS Select Committee in the Commons too, I am not sure. In a way, the fractured nature of that oversight makes it all the more critical that we join up a bit more. So I will take it upon myself to give this more thought and speak to the respective chairs of those committees in the other place, but I think that at some point we will need to consider, in some other fora, the way in which we are overseeing the work of regulators.
At some point, I think we will need to address the specific recommendations in the pre-legislative committee’s report, which were very much in line with what my own committee thought was right for the future of digital regulatory oversight, but on this occasion, I will not be supporting the specifics of Amendment 239.
Baroness Fox of Buckley (Non-Afl)
My Lords, very briefly, I was pleased to see this, in whatever form it takes, because as we finish off the Bill, one thing that has come up consistently is that some of us have raised problems of potential unintended consequences, such as whether age gating will lead to a huge invasion of the privacy of adults rather than just narrowly protecting children, or whether the powers given to Ofcom will turn it into the most important and powerful regulator in the country, if not in Europe. In a highly complex Bill, is it possible for us to keep our eye on it a bit more than just by whingeing on the sidelines?
The noble Baroness, Lady Stowell, makes a very important point about the issue in relation to the FCA and banking. Nobody intended that to be the outcome of PEPs, for example, and nobody intended when they suggested encouraging banks to have values such as ESG or EDI—equality, diversity and inclusion—that that would lead to ordinary citizens of this country being threatened with having their banking turned off. It is too late to then retrospectively say, “That wasn’t what we ever intended”.
Baroness Fox of Buckley (Non-Afl)
My Lords, I have put my name to and support Amendment 255, laid by the noble Lord, Lord Moylan, which straight- forwardly means that a notice may not impose a requirement relating to a service that would require that provider to weaken or remove end-to-end encryption. It is very clear. I understand that the other amendments introduce safeguards, which is better than nothing. It is not what I would like, but I will support them if they are pushed a vote. I think that the Government should really consider seriously not going anywhere near getting rid of encryption in this Bill and reconsider it by the time we get to Third Reading.
As the noble Lord, Lord Moylan, explained, this is becoming widely known about now, and it is causing some concern. If passed, this Bill, as it is at the moment, gives Ofcom far-reaching powers to force services, such as WhatsApp, to install software that would scan all our private messages to see whether there is evidence of terrorism, child sexual exploitation or abusive content and would automatically send a report to third parties, such as law enforcement, if it suspects wrongdoing—all without the consent or control of the sender or the intended recipient.
I would just like to state that encryption is a wonderful innovation. That is why more than 40 million people in the UK use it every day. It ensures that our private messages cannot be viewed, compromised or altered by anyone else, not even providers of chat services. It really requires somebody handing them over to a journalist and saying, “You can have my WhatsApp messages for anyone to read them”: beyond that, you cannot read them.
One of the interesting things that we have discussed throughout the passage of the Bill is technologies, their design and functionality and making sure they are not harmful. Ironically, it is the design and function of encryption that actually helps to keep us safe online. That is why so many people talk about civil libertarians, journalists and brave dissenters using it. For the rest of us, it is a tool to protect our data and private communications in the digital realm. I just want to pose here that it is an irony that the technologies being proposed in terms of client-side scanning are the technologies that are potentially harmful because it is, as people have noted, the equivalent of putting video cameras in our homes to listening in to every conversation and send reports to the police if we discuss illicit topics. As I have said before, while child sexual abuse is horrendous and vile, we know that it happens largely in the home and, as yet, the Government have not advocated that we film in everybody’s home in order to stop child sexual abuse. We should do almost anything and everything that we can, but I think this is the wrong answer.
Focusing on encryption just makes no sense. The Government have made exemptions, recognising the importance, in a democracy, of private correspondence: so exempted in the Bill are text messages, MSN, Zoom, oral commentaries and email. It seems perverse to demonise encryption in this way. I also note that there are exemptions for anything sent on message apps by law enforcement or public sector or emergency responders. I appreciate that some government communications are said to be done over apps such as WhatsApp. It seems then that the target of this part of the Bill is UK private citizens and residents and that the public are seen as the people who must be spied on.
In consequence, I do not think it surprising that more than 80 national or international civil society organisations have said that this would make the UK the first liberal democracy to require the routine scanning of people’s private chat messages. What does the Minister say to the legal opinion from the technology barrister Matthew Ryder KC, commissioned by Index on Censorship precisely on this part of the Bill? He compares this to law enforcement wiretapping without a warrant and says that the Bill will grant Ofcom a wider remit of surveillance powers over the public than GCHQ has.
Even if the Minister is not interested in lawyers or civil libertarians, surely we should be listening to the advice of science and technology experts in relation to complex technological solutions. Which experts have been consulted? I noted that Matthew Hodgson, the boss of encrypting messaging app Element, has said wryly that
“the Government has not consulted with UK tech firms, only with huge multinational corporations and companies that want to sell software that scans messages, who are unsurprisingly telling lawmakers that it is possible to scan messages without breaking encryption”.
The problem is that it is not possible to scan those messages without breaking encryption. It is actually misinformation to say that. That is why whole swathes of leading scientists and technologists from across the globe have recently put out an open letter explaining why and how it is not true. They explained that it creates really dangerous side-effects that can be harmful in the way that the noble Lord, Lord Moylan, explained, in terms of security, and makes the online world less safe for many of us. Existing scanning technologies are flawed and ineffective and scanning will nullify the purpose of encryption. I refer noble Lords to the work of the Internet Society and the academic paper Bugs in Our Pockets: The Risks of Client-Side Scanning for more details on all the peer-reviewed work.
I understand that, given the horrific nature of child sexual abuse—and, of course, terrorism, but I shall concentrate on child sexual abuse because the Bill is so concerned with it—it can be tempting for the Government to hope that there is a technological silver bullet to eradicate it. But the evidence suggests otherwise. One warning from scientists is that scanning billions of pieces of content could lead to millions of false positives and that could not only frame innocent users but could mean that the police become overwhelmed, diverting valuable resources away from real investigations into child sexual abuse.
A study by the Max Planck Institute for the study of crime of a similar German law that lasted from 2008 to 2010 found that the German police having access to huge amounts of data did not have any deterrent effect, did not assist in cleaning up crimes or increase convictions, but did waste a lot of police time. So it is important that this draconian invasion of privacy is not stated as necessary for protecting children. I share the exasperation of Signal’s president Meredith Whittaker, who challenged the Secretary of State and pointed out that there were some double standards here: for example, slashing early intervention programmes over the past decade did not help protect children and chronically underfunding and underresourcing child social care does not help.
My own bugbears are that when I, having talked to social workers and colleagues, raised the dangers to child protection when we closed down schools in lockdown, they were brushed to one side. When I and others raised the horrors of the young girls who had been systematically raped by grooming gangs whom the authorities had ignored for many, many years, I was told to stop talking about it. There are real threats to children that we ignore. I do not want us in this instance to use that very emotive discussion to attack privacy.
I also want to stress that there is no complacency here. Law enforcement agencies in the UK already possess a wide range of powers to seize devices and compel passwords and even covertly to monitor and hack accounts to identify criminal activity. That is good. Crucially, private messaging services can and do— I am sure they could do more—work in a wide range of ways to tackle abuse and keep people safe without the need to scan or read people’s messages.
Lord Parkinson of Whitley Bay (Con)
To answer my noble friend Lady Stowell first, it depends on the type of service. It is difficult to give a short answer that covers the range of services that we want to ensure are covered here, but we are seeking to keep this and all other parts of the Bill technology neutral so that, as services develop, technology changes and criminals, unfortunately, seek to exploit that, technology companies can continue to innovate to keep children safe while protecting the privacy of their users. That is a long-winded answer to my noble friend’s short question, but necessarily so. Ofcom will need to make its assessments on a case- by-case basis and can require a company to use its best endeavours to innovate if no effective and accurate technology is currently available.
While I am directing my remarks towards my noble friend, I will also answer a question she raised earlier on general monitoring. General monitoring is not a legally defined concept in UK law; it is a term in European Union law that refers to the generalised monitoring of user activity online, although its parameters are not clearly defined. The use of automated technologies is already fundamental to how many companies protect their users from the most abhorrent harms, including child sexual abuse. It is therefore important that we empower Ofcom to require the use of such technology where it is necessary and proportionate and ensure that the use of these tools is transparent and properly regulated, with clear and appropriate safeguards in place for users’ rights. The UK’s existing intermediary liability regime remains in place.
Amendment 255 from my noble friend Lord Moylan seeks to prevent Ofcom imposing any requirement in a notice that would weaken or remove end-to-end encryption. He is right that end-to-end encryption should not be weakened or removed. The powers in the Bill will not do that. These powers are underpinned by proportionality and technical feasibility; if it is not proportionate or technically feasible for companies to identify child sexual exploitation abuse content on their platform while upholding users’ right to privacy, Ofcom cannot require it.
I agree with my noble friend and the noble Baroness, Lady Fox, that encryption is a very important and popular feature today. However, with technology evolving at a rapid rate, we cannot accept amendments that would risk this legislation quickly becoming out of date. Naming encryption in the Bill would risk that happening. We firmly believe that the best approach is to focus on strong safeguards for upholding users’ rights and ensuring that measures are proportionate to the specific situation, rather than on general features such as encryption.
The Bill already requires Ofcom to consider the risk that technology could result in a breach of any statutory provision or rule of law concerning privacy and whether any alternative measures would significantly reduce the amount of illegal content on a service. As I have said in previous debates, Ofcom is also bound by the Human Rights Act not to act inconsistently with users’ rights.
Baroness Fox of Buckley (Non-Afl)
Will the Minister write to noble Lords who have been here in Committee and on Report in response to the fact that it is not just encryption companies saying that the demands of this clause will lead to the breaching of encryption, even though the Minister and the Government keep saying that it will not? As I have indicated, a wide range of scientists and technologists are saying that, whatever is said, demanding that Ofcom insists that technology notices are used in this way will inadvertently lead to the breaking of encryption. It would be useful if the Government at least explained scientifically and technologically why those experts are wrong and they are right.
Lord Parkinson of Whitley Bay (Con)
I am very happy to put in writing what I have said from the Dispatch Box. The noble Baroness may find that it is the same, but I will happily set it out in further detail.
I should make it clear that the Bill does not permit law enforcement agencies to access information held on platforms, including access to private channels. The National Crime Agency will be responsible for receiving reports from in-scope services via secure transmission, processing these reports and, where appropriate, disseminating them to other UK law enforcement bodies and our international counterparts. The National Crime Agency will process only information provided to it by the company; where it determines that the content is child sexual abuse content and meets the threshold for criminality, it can request further information from the company using existing powers.
I am glad to hear that my noble friend Lord Moylan does not intend to divide on his amendment. The restrictions it sets out are not ones we should impose on the Bill.
Amendments 256, 257 and 259 in the name of the noble Lord, Lord Stevenson of Balmacara, require a notice to be approved by a judicial commissioner appointed under the Investigatory Powers Act 2016 and remove Ofcom’s power to require companies to make best endeavours to develop or source new technology to address child sexual exploitation and abuse content.
Lord Allan of Hallam (LD)
My Lords, I just want to make some brief comments in support of the principle of what the noble Lord, Lord Knight, is aiming at in this amendment.
The Bill is going to have a profound impact on children in the United Kingdom. We hope that the most profound impact will be that it will significantly advance their interests in terms of safety online. But it will also potentially have a significant impact on what they can access online and the functionality of different services. They are going to experience new forms of age assurance, about which they may have very strong views. For example, the use of their biometric data to estimate their age will be there to protect them, but they may still have strong views about that.
I have said many times that there may be some measures in the Bill that will encourage services to become 18-plus only. That is not adult in the sense of adult content. Ordinary user-to-user social media services may look at the obligations and say, “Frankly, we would much rather restrict ourselves to users from the UK who identify as being 18-plus, rather than have to take on board all the associated liabilities in respect of children”—not because they are irresponsible, but precisely because they are responsible, and they can see that there is a lot of work to do in order to be legally and safely available to those under 18. For all those reasons, it is really important that the child advocacy body looks at things such as the United Nations Convention on the Rights of the Child and the rights of children to access information, and that it is able to take a view on them.
The reason I think that is important—as will any politician who has been out and spoken in schools—is that very often children are surprising in terms of what they see as their priorities. We make assumptions about their priorities, which can often be entirely wrong. There has been some really good work done on this. There was a project called EU Kids Online, back in the days of the EU, which used to look at children right across the European Union and ask them what their experience of being online was like and what was important to them. There are groups such as Childnet International, which for years has been convening groups of children and taking them to places such as the Internet Governance Forum. That always generates a lot of information that we here would not have thought of, about what children feel is really important to them about their online experience.
For all those reasons, it really would be helpful to institutionalise this in the new regime as some kind of body that looks in the round at children’s interests—their interests to stay safe, but also their interests to be able to access a wide variety of online services and to use the internet as they want to use it. I hope that that strengthens the case the noble Lord, Lord Knight, has made for such a body to exist in some kind of coalition-like format.
Baroness Fox of Buckley (Non-Afl)
My Lords, I am afraid that I have some reservations about this amendment. I was trying not to, but I have. The way that the noble Lord, Lord Allan of Hallam, explained the importance of listening to young people is essential—in general, not being dictated to by them, but to understand the particular ways that they live their lives; the lived experience, to use the jargon. Particularly in relation to a Bill that spends its whole time saying it is designed to protect young people from harm, it might be worth having a word with them and seeing what they say. I mean in an ongoing way—I am not being glib. That seems very sensible.
I suppose my concern is that this becomes a quango. We have to ask who is on it, whether it becomes just another NGO of some kind. I am always concerned about these kinds of organisations when they speak “on behalf of”. If you have an advocacy body for children that says, “We speak on behalf of children”, that makes me very anxious. You can see that that can be a politically very powerful role, because it seems to have the authority of representing the young, whereas actually it can be entirely fictitious and certainly not democratic or accountable.
The key thing we discussed in Committee, which the noble Lord, Lord Knight of Weymouth, is very keen on—and I am too—is that we do not inadvertently deny young people important access rights to the internet in our attempt to protect them. That is why some of these points are here. The noble Baroness, Lady Kidron, was very keen on that. She wants to protect them but does not want to end up with them being denied access to important parts of the internet. That is all good, but I just think this body is wrong.
The only other thing to draw noble Lords’ attention to—I am not trying to be controversial, but it is worth nothing—is that child advocacy is currently in a very toxic state because of some of the issues around who represents children. As we speak, there is a debate about, for example, whether the NSPCC has been captured by Stonewall. I make no comment because I do not know; I am just noting it. We have had situations where a child advocacy group such as Mermaids is now discredited because it is seen to have been promoting chest binders for young people, to have gone down the gender ideology route, which some people would argue is child abuse of a sort, advocating that young women remove their breasts—have double mastectomies. This is all online, by the way.
I know that some people would say, “Oh, you’re always going on about that”, but I raise it because it is a very real and current discussion. I know a lot of people who work in education, with young people or in children’s rights organisations, and they keep telling me that they are tearing themselves apart. I just wondered whether the noble Lord, Lord Knight, might note that there is a danger of walking into a minefield here—which I know he does not mean to walk into—by setting up an organisation that could end up being the subject of major culture wars rows or, even worse, one of those dreaded quangos that pretends it is representing people but does not.