Aletho News

UK Government Plans to Use Delegated Powers to Undermine Encryption and Expand Online Surveillance

Delegated powers mean the specific rules (what gets scanned, what gets flagged) get written by a minister, not Parliament.

By Ken Macon | Reclaim The Net | February 18, 2026

The UK government wants to scan people’s photos before they send them. Not just children’s photos. Everyone’s.

Technology Secretary Liz Kendall spelled it out on BBC Breakfast, floating a proposal to “block photographs being sent that are potentially nude photographs by anybody or block children from sending those.” That second clause is the tell. Blocking “anybody” from sending potentially nude images requires scanning everybody’s messages. There’s no technical path to that outcome that doesn’t involve reading content the sender assumed was private.

Kendall said the government is conducting a consultation on “whether we should have age limits on things like live streaming” and whether there should be “age limits on what’s called stranger pairing, for example, on games online.” The consultation, she said, will look at all of these. That list now covers messaging apps, photo sharing, gaming, and live streaming. Any feature that lets you share an image with another person potentially falls inside it.

This is how the mandate grows. The government announced a push for new delegated powers on February 16, framing them around age verification for social media and VPNs.

What Kendall described in broadcast interviews goes well beyond that framing. The official press release mentioned consulting on how companies might “safeguard children from sending or receiving” nude images. Kendall’s BBC comments dropped the qualifier about children entirely, proposing to block “potentially nude” images sent by anyone.

The mechanism matters here. The government plans to introduce these new authorities as amendments to the Children’s Wellbeing and Schools Bill, which has already cleared the House of Commons and the House of Lords and sits in its final stage. Amendments introduced this late receive less parliamentary scrutiny than standard legislation.

Delegated powers allow a minister or department to issue secondary legislation without returning to Parliament for a full vote. That secondary legislation isn’t subject to the same debate as the original Act. The government gets to decide the specific rules, on its own timeline, with limited opportunity for challenge. Kendall told Good Morning Britain that the government plans to push new “online safety rules” every year through this mechanism.

The bill already contains amendments requiring age verification for VPNs (amendment 92) and for “user-to-user” services (amendment 94a). User-to-user covers most online platforms where people share content: social media, messaging apps, forums, and gaming services. Email and SMS are exempt. Most everything else isn’t.

A charitable reading of why the government wants delegated powers: it needs flexibility to update technical standards for age verification as the technology changes, and only if Parliament first approves the underlying requirements. The less charitable reading, and the more plausible one: the government wants the ability to impose VPN and social media age verification even if those amendments fail. It’s building a back door to bypass the outcome of the parliamentary vote it’s currently trying to win.

The House of Lords previously considered and rejected an amendment that would have required constant client-side scanning on most smartphones and tablets to detect child sexual abuse material. The Lords declined to adopt it. That rejection happened through the full parliamentary process.

The government is now signaling it may pursue functionally identical surveillance through delegated powers, bypassing the scrutiny that killed the first attempt. Kendall’s photo-scanning proposal and the failed Lords amendment work the same way technically. Both require software installed on your device to examine content before it leaves. The Lords’ amendment targeted CSAM via client-side scanning. Kendall’s proposal targets “potentially nude” images via client-side scanning. The mechanism is identical. The content category is different.

End-to-end encryption means the service provider can’t read your messages. Client-side scanning, which has already proven to be a disaster in Germany, means your device reads them first, before encryption activates, and reports back. The encryption remains technically intact. The privacy it’s supposed to provide doesn’t. This is the same architecture that Apple proposed and then abandoned in 2021 after security researchers explained what it actually meant for private communication.

The government hasn’t acknowledged that its photo-scanning proposal requires dismantling the privacy guarantee that makes encrypted messaging meaningful. It’s describing the outcome it wants, not the infrastructure required to deliver it.

Photo scanning that flags “potentially nude” images requires training a model to identify what nudity looks like, running that model continuously on a device, and reporting matches somewhere. The system built for that purpose can be retrained or repurposed. A scanner that identifies nudity can be adjusted to flag political content, protest coordination, or anything else a future government decides warrants detection.

The delegated powers structure means those future decisions don’t require new primary legislation. They require a minister, a statutory instrument, and limited parliamentary review.

Prime Minister Keir Starmer’s February 16 Substack noted that “private chats” are supposedly harming children without proposing to target them specifically. The official press release didn’t mention messaging apps at all. What Kendall said on television this week went further than either document. The consultation hasn’t launched yet. The powers to act on its findings, at speed, with reduced oversight, are already being written into law.

February 18, 2026 - Posted by aletho | Civil Liberties, Full Spectrum Dominance | UK