- Ofcom is looking to extend CSAM monitoring to file sharing and other providers
- Apps are not recommended to “break end-to-end encryption“
- Experts are concerned about the precedent it could set for user privacy
After implementing one of the world’s strictest age verification regimes, the UK is now considering expanding its obligations on cloud storage, file sharing and other apps to help make the internet a safer place for children.
In its first report on the impact of the Online Safety Act, Ofcom pledged to “broaden our focus to other service providers who are at the highest risk of CSAM [child sexual abuse material] to ensure stronger protection” in 2026.
Some of this work has already begun, with Ofcom confirming that many large and medium-sized file-sharing platforms voluntarily implemented technology to detect this type of content, while others have decided to exit the market altogether.
After a four-month consultation period that ended in October, Ofcom is now assessing calls from industry and civil society to extend the Act’s codes of practice. A report is expected next year.
However, Ofcom’s proposed increased surveillance has prompted experts to warn that the agency could set a dangerous precedent while doing “little to protect children.”
While it is not clear which other platforms will be affected, Ofcom told TechRadar that “our measures do not recommend that providers use proactive technology to analyze privately communicated content or metadata.”
The encryption problem
The push for CSAM surveillance in the UK echoes similar efforts in the EU, where the so-called Chat Control proposal has drawn strong criticism from technologists, privacy experts and politicians alike because of its potential to lead to surveillance of private communications.
As in Europe, experts in Britain fear that encryption could become a casualty in the fight to keep children safe online.
Apple has already withdrawn its iCloud advanced encryption protection from the UK market after receiving a technical notice to create a backdoor. However, this order was issued under the Investigatory Powers Act, not the Online Safety Act.
Do you know that?
Encryption is the technology that secure messaging apps, cloud storage and VPN services use to prevent their users’ data from third-party surveillance – themselves included.
When we asked for clarification on its plans, an Ofcom spokesman said the agency is considering measures that automatically detect illegal content and content harmful to children, called ‘hash-matching’. But “the proposals do not recommend that services break end-to-end encryption,” Ofcom said.
According to the Internet Society’s Senior Director of the Internet Trust, Robin Wilton, this suggests that any scanning must take place before the file is encrypted. “That would mean the service would have to have a client-side component to do that scanning,” Wilton said.
Client-side scanning was previously stopped under the Online Security Act until it was “technically feasible to do so.” Experts in Europe have been highly critical of this type of scanning, claiming it will create a vulnerability in the system even when it occurs before the content is encrypted, with Signal comparing client-side scanning to malware on your device.
Two providers exiting the UK market, Krakenfiles and Nippydrive, offer end-to-end encrypted services, which may indicate that they were concerned about the integrity of their systems.
As of today, the likes of Proton Drive and NordVPN’s Meshnet are not yet affected by the new requirements, the companies told TechRadar.
For Wilton, however, the stakes are even higher. “If Ofcom continues with this policy, UK users will no longer have access to cloud storage that technically prevents third-party access to their data,” he said.
In its report, Ofcom repeatedly states that by 2026 CSAM monitoring duties will be strengthened on more cloud storage and file sharing apps, while expanding to other user-to-user services.
So there’s a chance that other applications that we all use regularly could soon become targets of increased surveillance. We will continue to monitor the situation and assess its impact on people’s privacy.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
