US regulator reminds tech companies of data protection abroad

If a company does not use secure end-to-end encryption, this could mislead its customers and also constitute unfair competition. Both would be illegal under US federal law. The head of the US Federal Trade Commission (FTC), Andrew Ferguson, reminds us of this. Censorship of American statements at the request of foreign authorities can also violate US law.

In an open letter to 13 US companies, Ferguson particularly opposes the enforcement of legal acts of the United Kingdom and the European Union outside their territories. The FTC Chairman summons the companies addressed to report. They are each to explain how they intend to defend themselves against regulatory pressure from abroad in order to fulfill their obligations to US consumers with regard to data protection and security. Those summoned include Akamai, Google holding company Alphabet, Amazon.com, Apple, Cloudflare, Discord, Godaddy, Meta Platforms, Microsoft, Snap, Slack, X and, as the only non-commercial provider, Signal.

"There have recently been numerous attempts by foreign governments to pressure our companies to censor content or weaken the security of users of our services," writes Ferguson. As examples, he cites the European Union's Digital Services Act (DSA), the UK's Online Safety Act, and its attempts to force Apple (and arguably Google) to undermine their security measures by installing backdoors for UK authorities. (In the latter case, an agreement has reportedly just been reached, note.) For example, the letter does not mention Russian regulations on censorship and surveillance.

Tech companies should clearly point out backdoors and censorship

"I am concerned that these actions by foreign powers to censor and weaken end-to-end encryption are eroding Americans' freedoms and harming them in multiple ways, including through surveillance by foreign governments and increased risk of impersonation and fraud," the head of the agency said. He is also concerned that US companies could make themselves comfortable and help censor and monitor Americans, even if foreign laws do not require this in individual cases.

"Foreign governments that want to restrict freedom of speech or weaken data security in the US are counting on companies having the incentive to simplify their operations and compliance measures by acting uniformly across different states," says the American. He would like to put a stop to such anticipatory obedience, referring several times to Section [5] of the US Federal Trade Commission Act.

The renunciation of end-to-end encryption, its weakening, even the omission of clear indications ("prominent disclosure") of weaker encryption at the request of foreign governments could be illegal as misleading and/or unfair competition. The same applies to censorship of American statements in order to comply with foreign laws, demands or expected demands. Clear warnings are also necessary in such cases.

The problem: surveillance laws regularly prohibit the disclosure of backdoors or court surveillance orders. This puts the companies concerned in a dilemma. The 13 addressees are to explain to the FTC how they are dealing with this. The head of the authority is asking the companies to make an appointment within a week.

• The FTC letter to the 13 US companies

(ds)