Back

Probably the best externally-visible example of that pressure campaign is this 2019 open letter to Facebook signed by US AG William Barr and UK Home Secretary Priti Patel. Along with some dude from Australia whose name I’ve already forgotten. https://www.justice.gov/opa/press-release/file/1207081/download

These campaigns don’t explicitly threaten consequences, but with all pressure campaigns there are always (implicitly) consequences if tech firms don’t comply voluntarily. The biggest consequence is the threat of weird, ambiguous and badly-written legislation.

The problem, of course, is that in the US we have a First Amendment; our Congress is disfunctional at even passing basic laws to keep the country operating: also Americans don’t love weird speech laws. Some legislation was proposed, but it died. https://www.judiciary.senate.gov/press/rep/releases/graham-cotton-blackburn-introduce-balanced-solution-to-bolster-national-security-end-use-of-warrant-proof-encryption-that-shields-criminal-activity

Nobody gives a crap about Australia. I mean this in the kindest way.

So with US legislation off the table, fundamentally the big legislative threats here come from the UK, the EU and maybe India.

And these threats very nearly worked. In 2021 Apple voluntarily introduced a client-side content scanning system that would have worked on photo backup. People wrote articles like this.

No, Apple’s photo backup wasn’t end-to-end encrypted at the time. (It is now, if you turn on ADP.) Their proposal was limited to the US. But these were details. Apple’s system would have been the first domino in terms of voluntary client-side scanning. It nearly happened.

What’s important to note here is that *Apple’s system did not get rolled out.* It very publicly failed. Apple eventually delayed and then canceled the proposal entirely.

And they even rolled out end-to-end encryption for iCloud. https://www.wired.com/story/apple-photo-scanning-csam-communication-safety-messages/

My view is that this is very significant. Apple is an industry leader. If they publicly wrestled with these plans, received pushback, and then abandoned them: that will encourage other firms across the tech industry. Voluntary compliance isn’t dead, but it isn’t happening soon.

Anyway the nature of threats is that if people don’t voluntarily comply under threat, sometimes you have to follow through with the promised consequences. This is the frame through which I view the UK Online Safety bill.

The point here is that when you threaten someone and they *don’t* comply, that is good evidence you’re not fighting from a strong position. The UK badly wanted to get what they wanted from tech firms without passing stupid, draconian laws that might hurt them. They failed.

And worse: right now the UK is entirely on its own. The EU Commission has some vague proposals like “chat control” that might someday incorporate similar scanning requirements. The US is out of the game legislatively. (I’m not sure about India. Australia is irrelevant.)

So now tech firms are going to be forced to decide whether to comply with a weird, badly written law *just in the UK*. Last I checked the bill was so nuts even its advocates have got to be ashamed of it. Eg:

So sorry for this thread. The TL;DR here is that a timeline with things like the Online Safety Bill is a bad timeline. But if we must live in a bad timeline, I’d rather live in one where the UK is losing the war for (tech CEO) hearts and minds and putting its economy on the line.