By Bill Pan
Contributing Writer
The Federal Trade Commission is warning 13 major tech companies that they will be held accountable if they censor Americans or compromise privacy and data protections under pressure from foreign governments.
In letters sent on Thursday to some of the largest providers of cloud, social media, messaging and other online services, FTC Chairman Andrew Ferguson reminded them of their legal obligations to protect American consumers, regardless of what foreign regulators may demand.
“I am concerned that these actions by foreign powers to impose censorship and weaken end-to-end encryption will erode Americans’ freedoms and subject them to myriad harms, such as surveillance by foreign governments and an increased risk of identity theft and fraud,” Ferguson wrote in the letters.
Any company promising secure, encrypted communications, but weakening those protections under foreign pressure, could be prosecuted for deceiving consumers under the FTC Act, Ferguson said.
Censoring Americans to comply with overseas regulations or special demands would also be considered a deceptive and unfair practice, he said.
“The FTC has brought dozens of cases over the past two decades against companies that have failed to keep their promises to consumers to deploy reasonable safeguards to protect consumer data,” Ferguson noted.
The 13 companies receiving letters are Akamai, Alphabet, Amazon, Apple, Cloudflare, Discord, GoDaddy, Meta, Microsoft, Signal, Snap, Slack and X.
Ferguson asked each of them to contact his office by Aug. 28 to arrange a meeting on how they plan to “honor [their] privacy and security commitments to American consumers and meet [their] ongoing obligations under U.S. law.”
The warning comes as Europe and the UK advance sweeping digital regulations with implications far beyond their borders.
Ferguson pointed in particular to the European Union’s Digital Services Act, and the UK’s Online Safety Act and Investigatory Powers Act, all of which he said risk either promoting censorship or weakening data security.
The Digital Services Act, which applies to platforms that have more than 45 million monthly EU-based users, requires companies to remove “illegal” and “harmful” content or face fines of up to 6% of global revenue.
The UK’s Online Safety Act, meanwhile, compels tech companies to be proactive in identifying and removing material that is not unlawful but is deemed dangerous.
More troubling to U.S. regulators is the UK’s Investigatory Powers Act, which “can require companies to weaken their encryption measures to enable UK law enforcement to access data stored by users,” according to the FTC letter.
Earlier this year, the British Home Office cited the Investigatory Powers Act in ordering Apple to break its end-to-end encryption. For millions of Americans, that order threatened to create backdoors in Apple services they use every day, such as iMessage and iCloud.
Instead of granting backdoor access, Apple announced it would shut off end-to-end encryption in the UK, which technically complied with the mandate without creating a vulnerability that governments or hackers could exploit.
According to Director of National Intelligence Tulsi Gabbard, the UK has dropped the backdoor requirement for Apple following pressure from the Trump administration. The British government has not confirmed the policy change.
