The Federal Trade Commission (FTC) has sent letters to major tech companies in the United States, urging them to resist foreign governments’ demands to weaken encryption.
The letters were sent by FTC Chairman Andrew Ferguson to Akamai, Alphabet (Google), Amazon, Apple, Cloudflare, Discord, GoDaddy, Meta, Microsoft, Signal, Snap, Slack, and X.
Ferguson told the companies that they might feel pressured to weaken data security and privacy protections at the request of foreign governments, or in response to their laws. The EU’s Digital Services Act and the UK’s Online Safety Act and Investigatory Powers Act were given as examples by the FTC chairman.
The Investigatory Powers Act was recently cited by the British government as an argument for requesting that Apple provide backdoor access to encrypted data. The US announced last week that the UK had abandoned this demand.
However, the FTC wants to ensure that American tech companies don’t give in to such demands in the future.
“I am concerned that these actions by foreign powers to impose censorship and weaken end-to-end encryption will erode Americans’ freedoms and subject them to myriad harms, such as surveillance by foreign governments and an increased risk of identity theft and fraud,” Ferguson said.
“I am also concerned that companies such as your own might attempt to simplify compliance with the laws, demands, or expected demands of foreign governments by censoring Americans or subjecting them to increased foreign surveillance even when the foreign government’s requests do not technically require that,” he added.
The FTC official said global companies might be tempted to accept the demands made by foreign governments to simplify operations and compliance by using the same policies across jurisdictions.
However, Ferguson highlighted that companies have “independent obligations to American consumers under Section 5 of the Federal Trade Commission Act, which prohibits unfair or deceptive acts or practices in or affecting commerce”.
Specifically, if a company advertises secure communications but then uses weak encryption to comply with a foreign government’s demands, it can represent a violation of the FTC Act.
The agency pointed out that it has brought dozens of cases against companies that failed to keep promises to protect consumer data.
Governments regularly call for the introduction of encryption backdoors, mainly arguing that they are needed to facilitate criminal investigations. The current Trump administration appears to oppose encryption backdoors, but the previous Trump administration did make such demands.
However, privacy advocates and the cybersecurity industry have raised concerns that encryption backdoors implemented for good purposes can also be leveraged by criminals and foreign intelligence agencies, undermining the very security they are designed to protect.
Related: Encryption Backdoors: The Security Practitioners’ View
Related: Fraud Losses Reached $12.5 Billion in 2024: FTC
Related: Order Out of Chaos – Using Chaos Theory Encryption to Protect OT and IoT
