Crypto Wars 2.0 Have Begun in Your Messengers: Who is Lying — States or IT Corporations?
Protecting user data is more important than the laws of other countries.
Protecting user data is more important than the laws of other countries.
The U.S. Federal Trade Commission (FTC) has issued a warning to major American IT companies, stating that it is unacceptable to concede to foreign governments' demands to weaken data protection, build encryption "backdoors," or introduce censorship on their platforms. The agency emphasized that such actions would be considered a violation of the FTC Act (the law on consumer protection) and would lead to legal consequences.
The letter was signed by the commission's chairman, Andrew N. Ferguson. It is addressed to Akamai, Alphabet (Google), Amazon, Apple, Cloudflare, Discord, GoDaddy, Meta, Microsoft, Signal, Snap, Slack, and X (formerly Twitter). The letter directly references new foreign laws, including the European Digital Services Act, the UK's Online Safety Act and Investigatory Powers Act, which are putting pressure on American companies.
Ferguson reminded them that conceding to such demands could lead to weakened data protection worldwide. As an example, he cited the situation with Apple, which this year was forced to disable end-to-end encryption support for iCloud in the UK due to government demands. This could have effectively impacted the security of users around the world; however, under pressure from U.S. diplomacy, London withdrew its demand.
According to Ferguson, attempts by foreign governments to impose censorship and dismantle the system of end-to-end encryption pose a threat to the freedom of American users, create conditions for foreign surveillance, and increase the risks of identity theft and financial fraud. He also expressed concern that the companies themselves might streamline procedures and apply these restrictions to U.S. citizens, even if foreign laws do not formally require it.
U.S. firms have direct legal obligations under Section 5 of the FTC Act (15 U.S.C. § 45). These include truthfully informing users about protection and privacy measures, implementing reasonable data security measures (including end-to-end encryption), and the obligation to disclose information about any requests from foreign entities that lead to censorship or weakened protection.
The letter separately mentions examples of past cases where companies were punished for encryption-related violations. For instance, in 2021, the FTC accused Zoom of misleading advertising regarding its end-to-end encryption system, and in 2023, Ring was held liable for failing to provide proper protection for users' video streams.
Ferguson concludes the letter by inviting company representatives to meet with him on August 28, 2025, to discuss pressure from foreign regulators and find solutions that would allow them to maintain customer data security without compromise.
