- Ofcom seeks to extend CSAM monitoring to file-sharing and other providers
- Apps are recommended not to “break end-to-end encryption“
- Experts are concerned about the precedent it may set for users’ privacy
Having implemented one of the world’s strictest age verification regimes, the UK is now considering extending its obligations on cloud storage, file-sharing and other apps to help make the internet a safer place for children.
In its first report on the Online Safety Act’s impact, Ofcom pledged to “expand our focus to other service providers who present the highest risk of CSAM [child sexual abuse material] to ensure stronger protections” in 2026.
Some of this work has already begun, with Ofcom confirming that many large and medium-sized file-sharing platforms voluntarily implemented technology to detect this type of content, while others have decided to leave the market altogether.
After a four-month consultation period that ended in October, Ofcom is now assessing calls from industry and civil society to expand the law’s codes of practice. A report is expected next year.
However, Ofcom’s proposed increased monitoring has led experts to warn the agency could be setting a dangerous precedent while doing “little to protect children.”
While it’s not clear which other platforms will be affected, Ofcom told TechRadar that “our measures do not recommend that providers use proactive technology to analyze privately communicated content or metadata.”
The encryption conondrum
The push for CSAM monitoring in the UK echoes similar efforts in the EU, where the so-called Chat Control proposal has attracted strong criticism from technologists, privacy experts, and politicians alike due to its potential to lead to the surveillance of private communications.
Like in Europe, experts in the UK fear that encryption may become a casualty in the battle to keep children safe online.
Apple has already withdrawn its iCloud’s advanced encryption protection from the UK market after being served with a technical notice to create a backdoor. However, this order was issued under the Investigatory Powers Act, not the Online Safety Act.
Do you know?
Encryption is the tech that secure messaging apps, cloud storage, and VPN services use to prevent their users’ data from third-party monitoring – themselves included.
When we asked for clarification on its plans, an Ofcom spokesperson said the agency is considering measures that automatically detect illegal content and content harmful to children called ‘hash matching.’ However, “the proposals do not recommend services break end-to-end encryption,” Ofcom said.
According to Internet Society’s Senior Director for Internet Trust, Robin Wilton, this suggests that any scanning would have to occur before the file becomes encrypted. “That would mean the service would have to have a client-side component to do that scanning,” Wilton said.
Client-side scanning was previously halted under the Online Safety Act until it was “technically feasible to do so.” Experts in Europe have been very critical of this type of scanning, arguing that it will create a vulnerability in the system even when it occurs before the content gets encrypted, with Signal comparing client-side scanning to malware on your device.
Two providers leaving the UK market, Krakenfiles and Nippydrive, offer end-to-end encrypted services, which may suggest they had concerns for the integrity of their systems.
As of today, the likes of Proton Drive and NordVPN’s Meshnet are yet to be impacted by new requirements, the companies told TechRadar.
For Wilton, though, the stakes are even higher. “If Ofcom continues with this policy, UK users will no longer have access to cloud storage that technically prevents third-party access to their data,” he said.
In its report, Ofcom repeatedly states that 2026 will see CSAM monitoring duties strengthened on more cloud storage and file-sharing apps, while extending to other user-to-user services.
So there’s a chance that other applications we all use regularly could soon become targets of increased monitoring. We will continue to monitor the situation and assess its impact on people’s privacy.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
https://cdn.mos.cms.futurecdn.net/SUCdGoRRTrxwvCscJR3FRh-1920-80.jpg
Source link
chiara.castro@futurenet.com (Chiara Castro)
