FTC Warns Tech Giants Against Foreign Encryption Demands
▼ Summary
– The FTC warns major U.S. tech companies against complying with foreign government demands that weaken data security, compromise encryption, or impose censorship.
– FTC Chairman Andrew Ferguson states that such actions could violate the FTC Act and expose companies to legal consequences, especially if users are not alerted.
– The letter specifically cites foreign laws like the EU’s Digital Services Act and UK’s Online Safety and Investigatory Powers Acts as undermining American users’ freedoms.
– Ferguson expresses concern that companies might simplify compliance by censoring Americans or subjecting them to increased foreign surveillance even when not technically required.
– The FTC cites prior enforcement cases, such as against Zoom and Ring, and invites companies to a meeting in 2025 to discuss navigating foreign pressure without compromising security.
The Federal Trade Commission has issued a stern warning to leading U.S. technology firms, cautioning them against complying with foreign government mandates that could undermine encryption standards, compromise user data security, or impose censorship on digital platforms. This move highlights growing regulatory concern over global pressures that may erode privacy protections for American users.
In a letter signed by FTC Chairman Andrew N. Ferguson, major companies including Akamai, Alphabet, Amazon, Apple, Cloudflare, Discord, GoDaddy, Meta, Microsoft, Signal, Snap, Slack, and X were explicitly addressed. Ferguson emphasized that acceding to foreign requests to weaken security measures, particularly without transparent user notification, could violate the FTC Act and lead to significant legal repercussions.
The communication specifically references recent legislative measures abroad, such as the European Union’s Digital Services Act and the United Kingdom’s Online Safety and Investigatory Powers Acts. These laws have raised alarms about their potential to force technology providers to dilute encryption or enable government access to private communications.
A recent example involved Apple, which faced pressure in the UK to introduce a backdoor into its iCloud encryption, a demand the company resisted by instead limiting certain privacy features in that region. That request was later withdrawn following diplomatic engagement from U.S. officials, but the incident underscored the persistent tension between national security demands and user privacy.
Ferguson expressed deep concern that foreign regulations could compromise Americans’ digital freedoms, exposing them to heightened risks including surveillance, identity theft, and fraud. He also warned that companies might over-comply with foreign directives, applying censorship or weakened security even where not explicitly required, a practice that could still breach U.S. consumer protection laws.
Central to the FTC’s position is Section 5 of the FTC Act, which prohibits unfair or deceptive practices in commerce. The agency insists that companies must uphold truthful claims about data security, implement robust protective measures such as end-to-end encryption, and disclose any foreign requests that could impact user privacy or content accessibility.
The letter points to previous enforcement actions as precedent, including cases against Zoom in 2021 for misrepresenting its encryption capabilities and against Ring in 2023 for failing to encrypt user video feeds. These examples reinforce the FTC’s expectation that firms prioritize consumer protection amid complex international legal landscapes.
Ferguson has invited recipient companies to a meeting scheduled for August 28, 2025, to discuss strategies for resisting foreign pressure without sacrificing data integrity or user trust. This gathering aims to foster dialogue on balancing compliance with unwavering commitment to security and free expression.
(Source: Bleeping Computer)
