The Federal Trade Commission (FTC) has issued a strong warning to leading U.S. tech companies, urging them not to comply with foreign governments’ demands that could weaken encryption, compromise user data security, or enforce censorship. The letter, signed by FTC Chairman Andrew N. Ferguson, was sent to major firms including Google, Apple, Amazon, Meta, Microsoft, Signal, Cloudflare, and X (Twitter), among others.
Ferguson emphasized that if U.S. tech giants yield to international pressure to water down encryption without informing users, they could be in violation of the FTC Act. Under this law, companies are prohibited from engaging in unfair or deceptive practices, which includes misrepresenting data security commitments or failing to disclose crucial changes in user privacy protections.
The letter specifically referenced recent international regulations such as the EU’s Digital Services Act and the UK’s Online Safety and Investigatory Powers Acts. These foreign laws have introduced significant compliance challenges, sometimes pressuring companies to add government backdoors to encrypted services or censor content accessible to users.
The stakes became clear earlier this year when Apple was forced to remove support for iCloud end-to-end encryption in the UK after being pushed to implement backdoors for government access. The controversial demand would have weakened Apple’s encryption worldwide, potentially exposing millions of users to surveillance and fraud. However, the decision was ultimately reversed following U.S. diplomatic pressure, highlighting the power struggle between data privacy advocates and government authorities.
In his letter, Ferguson voiced deep concerns that yielding to such demands would erode Americans’ digital freedoms, making them vulnerable to foreign surveillance, identity theft, and fraud. He cautioned companies against over-compliance, where firms might censor American users or degrade their security to simplify regulatory obligations abroad, even when foreign laws don’t explicitly require it.
The FTC underlined that U.S. tech firms have clear legal responsibilities. They must:
- Provide truthful representations about data privacy and encryption.
- Maintain reasonable security measures, including robust end-to-end encryption.
- Disclose when foreign governments demand content censorship or security compromises.
The letter also cited past enforcement cases, such as the 2021 action against Zoom for deceptive encryption claims and the 2023 case against Ring for failing to properly secure customer video feeds. These examples reinforce the FTC’s willingness to take legal action against firms that mislead consumers about their security protections.
Next Steps for Tech Companies
The FTC invited the recipients to meet with Ferguson on August 28, 2025, to discuss how they can resist foreign regulatory pressure while continuing to protect user privacy. This meeting is expected to set the tone for how American tech companies balance global compliance demands with domestic legal obligations and the need to maintain public trust.
Conclusion
The FTC’s warning sends a clear message: data security and encryption are non-negotiable when it comes to protecting American consumers. As international governments attempt to assert more control over digital platforms, the U.S. is drawing a firm line—its tech companies must not sacrifice user privacy, security, or freedom of information for the sake of compliance. This pivotal moment could shape the future of encryption, global tech governance, and digital rights for years to come.
