Government-favoured child safety app warned it could violate the UK's Investigatory Powers Act with message-scanning tech

Redesigned SafeToNet feature highlights tech law mess

A company repeatedly endorsed by ministers backing the UK's Online Safety Bill was warned by its lawyers that its technology could breach the Investigatory Powers Act's ban on unlawful interception of communications, The Register can reveal.

SafeToNet, a content-scanning startup whose product is aimed at parents and uses AI to monitor messages sent to and from children's online accounts, had to change its product after being warned that a feature developed for the government-approved app would break the law.

SafeToNet was hailed this week by senior politicians as an example of "new tech in the fight against online child abuse," having previously featured in announcements from the Department for Digital, Culture, Media and Sport over the past 12 months.

Chief exec Richard Pursey recounted, during an online seminar at the CogX conference in March this year, how his company's lawyers warned SafeToNet its technology was unlawful.

"I don't think I've ever broken out in such a sweat in all my life," Pursey told the seminar.

I'll never forget our CFO and I, we were called into a meeting with our lawyers – we've got some pretty heavyweight lawyers in London – and we told them about how our technology worked and one of the things we were doing, is we were intercepting incoming messages, without the authority of the person that had sent it in the first place.

Intercepting data without the permission of the sender is a civil offence under section 3 of the Investigatory Powers Act 2016 (aka the Snoopers' Charter). Breaches are investigated and judged by the Investigatory Powers Commissioner.

Pursey continued: "We were doing it for good, you know, it's a social impact, we were doing it to safeguard children, until the lawyers said... 'you realise you could go to prison for doing that'. And so what seemed a pretty obvious thing to do – why wouldn't you be allowed to do that – you know, it just put the fear of God in me."

Such interception may also breach section 1 of the Computer Misuse Act 1990, which criminalises accessing data without authorisation.

Pursey told The Register "development of that particular feature" had stopped when the company was told of the legal compliance problem, adding:

We consider ourselves pioneers of safety tech and were concerned about existing and future data protection legislation (GDPR) and so asked for a legal review of our proposed tech architecture to ensure we would be fully compliant. The review led to a detailed analysis against a range of legislation from the Computer Misuse Act, the Defamation Act, RIPA, Data Protection etc. It became clear that our plans for interception could have been challenged as illegal – albeit there would have been a defence that related to the way spam emails are filtered before the user sees them.

This is a reference to section 3((2)(b) of the Snoopers' Charter, which allows message interception with the "express or implied consent" of a system owner or manager.

SafeToNet's website says today: "For legal reasons, SafeToNet does not analyze incoming messages before a child has read them."

Pursey added that Britain's unique tech law environment throws this problem up regularly, telling us: "We were a very young startup then but it worries me that those that don't have the finance to get professional advice will cut corners and innocently/naively breach laws like [the Computer Misuse Act] etc. We see that all the time, especially with international safety tech providers entering the UK market. They often have no idea these laws exist."

The revelation that a government-approved company's product fell foul of Britain's laws highlights the ongoing campaign to reform the Computer Misuse Act, and may well prompt further reforms of Britain's convoluted surveillance legislation.

Civil servants and government ministers are engaged in a bitter war against social media platforms' moves towards end-to-end encryption (E2EE) for user messages. Law enforcement bodies such as the National Crime Agency claim that wider adoption of E2EE will stop them from detecting paedophiles preying on children through messaging apps. Tech platforms and privacy advocates say E2EE is a vital tool to prevent and deter unlawful surveillance.

Avoiding the E2EE problem by scanning messages on children's devices after delivery seems like it might help preserve adults' internet privacy while allowing police agencies to focus on actual harms instead of indiscriminate platform surveillance.

Part of the government war on social media platforms is the Online Safety Bill, renamed from Online Harms Bill at the last moment perhaps in a crude attempt to disassociate it from mountains of well-informed criticism.

While Britain's current surveillance laws were designed to place GCHQ and other spy agencies above and beyond the criminal law (following former NSA sysadmin Edward Snowden 2013's revelations about the extent of nation-states' spying and public revulsion at unchecked domestic mass surveillance), their authors may not have intended to cause difficulties for people making child safety apps. ®

Similar topics

Broader topics

Other stories you might like

  • North Korea pulled in $400m in cryptocurrency heists last year – report

    Plus: FIFA 22 players lose their identity and Texas gets phony QR codes

    In brief Thieves operating for the North Korean government made off with almost $400m in digicash last year in a concerted attack to steal and launder as much currency as they could.

    A report from blockchain biz Chainalysis found that attackers were going after investment houses and currency exchanges in a bid to purloin funds and send them back to the Glorious Leader's coffers. They then use mixing software to make masses of micropayments to new wallets, before consolidating them all again into a new account and moving the funds.

    Bitcoin used to be a top target but Ether is now the most stolen currency, say the researchers, accounting for 58 per cent of the funds filched. Bitcoin accounted for just 20 per cent, a fall of more than 50 per cent since 2019 - although part of the reason might be that they are now so valuable people are taking more care with them.

    Continue reading
  • Tesla Full Self-Driving videos prompt California's DMV to rethink policy on accidents

    Plus: AI systems can identify different chess players by their moves and more

    In brief California’s Department of Motor Vehicles said it’s “revisiting” its opinion of whether Tesla’s so-called Full Self-Driving feature needs more oversight after a series of videos demonstrate how the technology can be dangerous.

    “Recent software updates, videos showing dangerous use of that technology, open investigations by the National Highway Traffic Safety Administration, and the opinions of other experts in this space,” have made the DMV think twice about Tesla, according to a letter sent to California’s Senator Lena Gonzalez (D-Long Beach), chair of the Senate’s transportation committee, and first reported by the LA Times.

    Tesla isn’t required to report the number of crashes to California’s DMV unlike other self-driving car companies like Waymo or Cruise because it operates at lower levels of autonomy and requires human supervision. But that may change after videos like drivers having to take over to avoid accidentally swerving into pedestrians crossing the road or failing to detect a truck in the middle of the road continue circulating.

    Continue reading
  • Alien life on Super-Earth can survive longer than us due to long-lasting protection from cosmic rays

    Laser experiments show their magnetic fields shielding their surfaces from radiation last longer

    Life on Super-Earths may have more time to develop and evolve, thanks to their long-lasting magnetic fields protecting them against harmful cosmic rays, according to new research published in Science.

    Space is a hazardous environment. Streams of charged particles traveling at very close to the speed of light, ejected from stars and distant galaxies, bombard planets. The intense radiation can strip atmospheres and cause oceans on planetary surfaces to dry up over time, leaving them arid and incapable of supporting habitable life. Cosmic rays, however, are deflected away from Earth, however, since it’s shielded by its magnetic field.

    Now, a team of researchers led by the Lawrence Livermore National Laboratory (LLNL) believe that Super-Earths - planets that are more massive than Earth but less than Neptune - may have magnetic fields too. Their defensive bubbles, in fact, are estimated to stay intact for longer than the one around Earth, meaning life on their surfaces will have more time to develop and survive.

    Continue reading

Biting the hand that feeds IT © 1998–2022