The UK Online Safety Bill Becomes Law, What Does It Mean?

We’ve previously reported from the UK about the Online Safety Bill, a piece of internet safety legislation that contains several concerning provisions relating to online privacy and encryption. UK laws enter the statutes by royal assent after being approved by Parliament, so with the signature of the King, it has now become the law of the land as the Online Safety Act 2023. Now that it’s beyond amendment, it’s time to take stock for a minute: what does it mean for internet users, both in the UK and beyond its shores?

The Act puts the onus on online platform owners to identify and remove illegal content and requires age verification for anything deemed unsuitable for sensitive young eyes. The concerning part is a provision allowing for service providers to be required to monitor communications, which would require strong encryption to be either removed or backdoored. Crucially, it’s a provision rather than a requirement, meaning that they can enact it in the future, but it’s not in force yet, but its mere existence has prompted some services to indicate that they’d leave the UK market if it came into force. Were that to happen, there would remain a concern for people not in the UK that backdoors introduced to satisfy UK law might compromise security for everyone.

A hackaday screenshot showing a story about an American firearm build published in 2017
When does coverage of a story about gunsmithing become illegal?

Though the legislation is now on the books, there remains a process of consultation during which the parameters of what constitutes illegal content would be decided, along with the mechanics of how it would be enforced. While some of the areas of its scope, such as child abuse or terrorist recruitment, might be obvious, we can see that there could be unexpected ramifications. As an example, close to home, making or owning a firearm is illegal in the UK. We’d expect a terrorist firearms training video to be also illegal under the new Act, but could it be argued that watching an American make a firearm through a site like Hackaday would also be illegal? We expect that the consultation process will throw up more stories as it grapples with this kind of question.

Though we think this is a concerning piece of legislation with plenty of possibilities for becoming infamous as a bad piece of law, we’d counsel readers to remember how incompetent governments usually turn out to be when dealing with anything involving technology. There’s a probably apocryphal story about the medieval Norse King of England Knut the Great, ordering the tide to stop as a demonstration of the limits of his powers, which we think might form an appropriate parallel.

King Canute header image: William Balfour Ker, Public domain.

64 thoughts on “The UK Online Safety Bill Becomes Law, What Does It Mean?

          1. So called ‘working class’…

            I recently got another bit of that joke. Apparently, the pythons were referencing a particular upper-class twit, who’s name escapes me.
            Lady Snootington or something. She was an undiplomatic old Braman, but right.

          2. It’s a curious fact that 60% of British people consider themselves to be “working class”, even though only 25% of people in the UK actually belong to that class.

    1. We should simply stop providing outside internet to the UK. They can have their own national bongernet that requires a loicense for everything and the bobbies come to nightstick you for posting misinformation in your DMs or whatever

    2. I have. My servers are not in the country I live in. This will have the opposite effect for the UK. Businesses will just move to foreign country servers and the UK will have none of the peoples data that they’re seeking. In fact it will be completely out of reach in another country.

      I can shift my server to another country in about 2 minutes after preparation! (the preparation being paying for the new service) TTL: 120

  1. It would be naive to assume that the Government would write a power into law without intending to use it.

    Once this kicks in, encryption like HTTPS will be preserved, but non-backdoored endpoint encryption will be effectively outlawed. Signal will withdraw from the UK at that point, and any apps that stay should be viewed with suspicion. Recall from the Snowden leaks that the UK gladly piped entire systems into warrantless wiretapping systems, and these were accessible to even small local non-police agencies. This is why we have endpoint encryption in the first place. Twitter employees used to read Beyoncé’s DMs as a rite of passage, and FBI agents spied on their ex-girlfriends without shame. Once all our private data is vulnerable to web corporations and XKEYSCORE, how trivial will it be for Russia or China to recruit some Facebook employees or a few corrupt British cops?

    Strict age verification for adult content will be disastrous. When I was a teenager in the late 90s, adult content was difficult to get legitimately since it required a credit card. Our generation turned to pirate systems, which gladly also shared all manner of illegal content. The best case scenario here is that VPNs become ubiquitous like in China; at worst, all UK ISPs are ordered to block VPNs. The earlier proposed porn ban law was never popular with the public, and I dare say if even companies like Yahoo, password managers, and even the US government are occasionally compromised, it’s only a matter of time before someone manages to snag Pornhub’s database of British people’s passport photos and exactly what type of porn they’re into.

    Regardless, the bad guys they told us this law was needed for will be unaffected, since they use their own strong encryption, and even if that were outlawed, serious criminals will still use it since of course they’re already committing much more serious crimes. Abuse rings use PGP and Tor, Islamic terrorists have Mujahadeen Secrets, drug gangs have custom encrypted smartphones, and foreign governments have their own encryption.

    I also learned recently from a short that the UK police now have the right to stop and search citizens’ smartphones without a warrant, ostensibly to see if someone is talking about drugs, so that they can be arrested for it. Not too long ago they also weakened the right to remain silent (Britain’s equivalent of pleading the Fifth).

    1. I agree with everything you said, I just wanted to comment because I found this part funny:

      > to recruit some Facebook employees or a few corrupt British cops?

      I find it funny (and probably a little too true to be comfortable) that the cops need to be corrupt to engage in illegal wiretapping, but for Facebook employees it’s just another day at the office. :D

      1. There are people who get all butthurt when you assume all cops are corrupt.

        Facebook serfs get no such presumptions.

        In fact: Corrupt cop is more redundant that corrupt facebooker. But there you are.

    1. Don’t neglect the influence of top-level reality. If punishments are draconian enough, then the number of people willing to take the risk will drop to insignificant levels. And while you can use any service as a tunnel, it’s another matter to do so in a way which makes it hard to detect that you are tunneling.

    1. Direct links again?
      hmm, might be nice it meant not to be needing to futz about in addblocker settings or script blockers just to chase out that grainy jpeg of your new soldering pen from the roiling mess of CDNs.

  2. “It would be naive to assume that the Government would write a power into law without intending to use it.”

    I foresee this “law”, as expected, sticking its tentacles into many other non-related activities, like DRM, etc. simply via government (re)”interpretation”. I think the UK can pretty much kiss hacking (as defined in a proper 80’s dictionary, not the media narrative) goodbye.

    …and yeah, the rest of us are not far behind. Fourty years ago if someone told me that Russia will be the last democracy on the planet, I would have laughed. Today?…not so much.

  3. I think there is a reasonable argument to be made correlating gun laws in America and internet laws elsewhere.
    Both firearms in US and internet everywhere else are so far out of the bag that regulations on their use only impact and inconvenience otherwise law abiding citizens.
    To the point that putting onerous restrictions on formerly law-abiders will make them criminals overnight. Then those that respect laws have a very difficult choice to make.

    1. Are you arguing that people in the US who want to do bad things with guns aren’t effected by gun laws…because there are too many guns to reasonably control access to them?

      Because there is a solution to that problem too.

      Look. I probably know more about firearms than 99.9% of 2nd amendment champions.
      I worked at a gun range.
      I taught military firearms classes.
      I’m certainly not afraid of them. They are fascinating feats of engineering.

      But they need to go.

      Most (not all) gun owners I know today aren’t responsible enough to own one. They shouldn’t be allowed to own a machine that exists solely to kill.

      The 2nd amendment was a decent idea when it was written.
      Citizens keep the same weapons as the government to “protect” themselves from “tyranny”.
      Cool.
      Are people stockpiling multi-billion dollar air superiority jets, realtime satellite imaging, and nuclear submarines?
      Because that’s what it would take to fight a state.

      A closet full of pre-ban ar-15s isn’t going to protect anyone from a drone strike. But millions of easily accessible firearms do result in accidental and intentional shootings.

      Even if I was still shooting regularly, a hobby is a small price to pay to cut back on thousands of preventable deaths a year.

      Guns aren’t like lockpicks.
      They are like planes.

      You should NEED to prove you are knowledgeable and responsible enough to use one before you are allowed to, because mistakesmor negligence is likely to kill someone.

      1. “But they need to go.”

        Or people like you can go. Go live in a different country. If you don’t agree with fundamental principles that will never change of the country you live in, then move to a different country. There are plenty of countries without the right of self defense and where criminals have more rights. If you kill a burglar there, you will go to prison.

        “Are people stockpiling multi-billion dollar air superiority jets, realtime satellite imaging, and nuclear submarines? Because that’s what it would take to fight a state.”
        Guns certainly provide a barrier for a tyrannical government. Governments can arrest a few wrongthinkers and try to make an example of them, but they cannot arrest everyone. They won’t risk it. It can also stop certain invasions.

        “Even if I was still shooting regularly, a hobby is a small price to pay to cut back on thousands of preventable deaths a year.”
        you are free to sacrifice your hobby if you think that will save lives.

        “Guns aren’t like lockpicks. They are like planes.”
        They are neither. They are tools for hunting, home defense.

      2. You’re fighting symptoms instead of the disease. (A very profitable disease looking at the prisons in America).
        Before freedom of thought comes freedom of body, as history has shown over and over. Please don’t erode this foundation. I’m not american myself, you severly underestimate the selfempowering responsability of owning your own body and the right to defend it.

        Anyway:
        The war of establishment vs the citizens rights has shifted to internet and manipulation of information. It is somewhat natural for a state to try and erode the rights of their citizens if that means more control for them, it is the responsability of the individual to stand up to this and claim ownership. Sadly many societies have already become a bunch of addicted drones with little knowledge of what’s going on, such as this kind of legislation.

      3. Your first sentence asked for clarification so I’ll address that. Please note I carefully and intentionally avoided taking a position on the issue.
        Yes. I’m saying there are so many firearms in the United States now that any meaningful regulations, bans, or anything else will make criminals out of formerly law-abiding people. A quick google shows there are 290 million cars on the US roads, and a (staggering) 350 or so *million* firearms.
        Related to this article, the argument is the same. I think. The internet is obviously ubiquitous around the world, and this regulation in question requires government backdoors etc. Therefore, overnight, joe-schmo using the internet has become a criminal without even trying. To me, debating if the internet is overall “good” or “bad” is secondary and beyond the scope of this comments section just like the age old guns debate.
        There are a lot of similarities.
        .
        cheers

        1. A Bren gun is ridiculously easy to make. Some sheet metal (an old shovel will work) a pipe, something useable as an anvil (a piece of old rail works), a hammer, a few cold cutting chisels, a few files, a drill press maybe a propane torch and you’re a free person, not a subject. AKs similar, but pipe not suggested as barrel. Bonus points for having a chamber reamer and a rifling button, but optional.

          As much as the gun grabbers want to believe. Guns are ‘available’ to all people. Ammo can be a problem, but pick your pipe based on ammo available to local cops and no problem…Compound interest.

          The skills should be picked up in youth though. A few tubes of BBs and bricks of 22LR and that person is ‘ruined’ as far as the gun grabbers are concerned. Over and done at 10 years old. Do this.

          It just becomes a question of when. I presume some Brits have their ducks in a row…Not currently armed. Like Japan and atom bombs. They don’t have one, but they have all the parts, but wouldn’t consider putting them together…That would be ‘wrong’.

          ‘We’re at that awkward phase. Too late to work within the system. Too early to kill the bastards.’ (Para) A wise person.

          We should take Britian as a warning. Canada too. Perhaps they can VPN to behind China’s great firewall, to get some uncensored information.

      4. Ian: Can I ask *you* to clarify an argument that I hear a lot please because it doesn’t make sense to me.
        “They shouldn’t be allowed to own a machine that exists solely to kill” By quick google there are 290 million cars on the roads in the US and annually about 40,000 traffic deaths. Also that there are 390 million guns and 48,000 gun deaths. So 0.02% of firearms are responsible for a death.
        .
        I know this is a false equivalency and this is some seriously sketch math- just because idiots drive cars doesn’t mean idiots should (or shouldn’t) have firearms, but still. For something “solely designed to kill,” guns do a worse job of it than cars, about which no one has ever said are solely designed to murder its occupants. It seems the vast, vast majority of firearms are used for non-killing purposes.
        thanks

      5. >Citizens keep the same weapons as the government to “protect” themselves from “tyranny”. Because that’s what it would take to fight a state.

        Consider the opposite: civilians get to keep no weapons, so they won’t even have a chance to fight. A state turned malicious has no opposition – they can just walk over everyone without considering losses.

        The question isn’t about who’s got the bigger guns, but about the fact that the state doesn’t have the right to monopolize armaments, against its own citizens. The fact that civilians can’t have nuclear weapons for obvious reasons doesn’t detract from the basic point of the argument. It’s just a concession we have to make for practical reasons.

        The USA is one of the few places in the world that still somewhat recognizes the difference between the government and the people, namely that they are not the same thing, and therefore the powers and rights of the government are restricted and limited by the constitution to serve the people. In other places, the pretense is that the government IS the people and therefore has all the rights to serve itself, even though in reality the government is just an oligarchy that does everything in its power to ignore its people.

        1. It’s always good to remember that any system, especially a system of government, has a first priority in maintaining itself in order to perform its officially stated functions.

          What follows is, once a system of government has secured its own continuation, it no longer matters whether it does perform its officially stated functions, since it cannot be deposed. What prevents this is a credible threat of civil war – regardless of whether such wars would be ultimately won or lost – because winning the war would mean bombing your own society to the stone age.

      6. While the second amendment may have originally been intended to forcefully disuade a central governing group of people from exercising obnoxious laws against those they’re entrusted to serve, it seems reasonable these days to have defense mechanisms available in the household to combat the threat of increasing crime. Dialing 911 is not useful. Getting rid of all the guns in the USA also is probably not practical. What would be your recommendation? To keep, as many liberals are suggesting, allowing only the criminals to possess guns? Really, I’m not trying to be obtuse, but what would you say? Are you personally willing to give up your fire arms?

  4. Defy the UK’s corrupt regime. If they block you, we’ll use VPNs or Tor. If the crooks who call themselves our cabinet get their way we’d be expected to enter a trace-able digital ID under the guise of “age verification” to access anything, that is a total violation of privacy rights. It is NOT for the state to make these kinds of rules, and the body, OFCOM, to whom they’ve delegated day-to-day decision making has a repuation of being very biased. Ignore them, be a hero.

  5. “making or owning a firearm is illegal in the UK.”
    …without a license. Well, you need a license to own a gun, so I assume there’s (a lot of) regulation around gunsmithing.
    It is entirely possible to legally own a gun here though, and it’s easier and cheaper than getting a pilot’s license (for example). It’s only in contrast to US laws (or the lack thereof) that the requirements seem draconian. It’s even legal to to own a fully functional artillery piece or tank, with the caveat that you are only allowed to fire it at army firing ranges.

  6. As usual, all ‘feel good’ legislation will have unintended consequences down the road…. And it always the law abiding citizen that takes it on the chin… Whether guns, climate, social, etc….

  7. Who cares, I don’t live in the UK and I’m already being watched by a handful of three letter US agencies, big tech and China.

    Laws are like software. As soon as its released people find loopholes.

    1. Reading the Bill I can already see the first loophole.
      The definition of “user” is a legal person (either human, or a legal entity such as a company or partnership.)

      In the case of an autonomous computer, that isn’t a “user”. So you could easily have an autonomous server that generated content, and it’s not covered by the Act. (As long as no human instructs it what to do.)

  8. Well, at least if you can’t support terrorism online you can still get 99999 mates and support it unhindered all over London up to downingstreet eh.

    (note this isn’t a political content reference perse but rather sarcasm towards how seemingly people can do all kinds of things IRL without issues that they can’t even discuss online. Thereby giving an inkling what such laws are really all about.)

    Alos: ‘Suella Braverman’, Really? Seems you can use totally fake names in politics :) Or maybe I DO live in a simulation..

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.