Cybersecurity & Tech

The Cyberlaw Podcast: The U.K. Adopts an Online Safety Bill that Allows Regulation of Encrypted Messaging

Stewart Baker
Tuesday, September 26, 2023, 1:20 PM

Published by The Lawfare Institute
in Cooperation With

Our headline story for this episode of the Cyberlaw Podcast is the U.K.’s sweeping new Online Safety Act, which regulates social media in a host of ways. Mark MacCarthy spells some of them out, but the big surprise is encryption. U.S. encrypted messaging companies used up all the oxygen in the room hyperventilating about the risk that end-to-end encryption would be regulated. Journalists paid little attention in the past year or two to all the other regulatory provisions. And even then, they got it wrong, gleefully claiming that the U.K. backed down and took the authority to regulate encrypted apps out of the bill. Mark and I explain just how wrong they are. It was the messaging companies who blinked and are now pretending they won

In cybersecurity news, David Kris and I have kind words for the Department of Homeland Security’s report on how to coordinate cyber incident reporting. Unfortunately, there is a vast gulf between writing a report on coordinating incident reporting and actually coordinating incident reporting. David also offers a generous view of the conservative catfight between former Congressman Bob Goodlatte on one side and Michael Ellis and me on the other. The latest installment in that conflict is here.

If you need to catch up on the raft of antitrust litigation launched by the Biden administration, Gus Hurwitz has you covered. First, he explains what’s at stake in the Justice Department’s case against Google – and why we don’t know more about it. Then he previews the imminent Federal Trade Commission (FTC) case against Amazon. Followed by his criticism of Lina Khan’s decision to name three Amazon execs as targets in the FTC’s other big Amazon case – over Prime membership. Amazon is clearly Lina Khan’s White Whale, but that doesn’t mean that everyone who works there is sushi.

Mark picks up the competition law theme, explaining the U.K. competition watchdog’s principles for AI regulation. Along the way, he shows that whether AI is regulated by one entity or several could have a profound impact on what kind of regulation AI gets.

I update listeners on the litigation over the Biden administration’s pressure on social media companies to ban misinformation and use it to plug the latest Cybertoonz commentary on the case. I also note the Commerce Department claim that its controls on chip technology have not failed, arguing that there’s no evidence that China can make advanced chips “at scale.”  But the Commerce Department would say that, wouldn’t they? Finally, for This Week in Anticlimactic Privacy News, I note that the U.K. has decided, following the EU ruling, that U.S. law is “adequate” for transatlantic data transfers.


Download 473rd Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

Stewart A. Baker is a partner in the Washington office of Steptoe & Johnson LLP. He returned to the firm following 3½ years at the Department of Homeland Security as its first Assistant Secretary for Policy. He earlier served as general counsel of the National Security Agency.

Subscribe to Lawfare