FTC Threatens to Bring Enforcement Powers to Bear on US Tech Companies if Encryption is Weakened

A set of letters sent to over a dozen big tech companies by the FTC indicates the agency wants to see encryption standards kept strong in the face of foreign pressure. The letters were sent out just days after an announcement that the UK government would no longer be pressuring Apple to fit iCloud with a law enforcement backdoor, something that was cited by the FTC as an example along with domestic cases it has pursued in recent years.

Chairman and Trump appointee Andrew N. Ferguson indicated that the FTC could directly use powers under Section 5 of the FTC Act to prosecute “deceptive” practices by tech companies, such as weakening encryption. Enforcement actions could also have an extra layer of penalties if such a move was made to placate a foreign government, and users are not told that this is why the change was made.

FTC response addresses UK encryption backdoor campaign

While the UK government retains the ability to issue “Technical Capability Notices” under the Investigatory Powers Act, it would seem unlikely US-based companies will be seeing any going forward. The reversal of the order to Apple came after lengthy reviews by US intelligence agencies and pressure from the highest levels of the Trump administration, and the FTC letters seem to have sealed the current government’s position.

The FTC letters were not just about the Apple incident, however. Tech companies were also warned more generally to implement end-to-end encryption wherever users might reasonably expect it, or face a possible case of deceptive practices. The letters cited recent cases brought by the FTC against Zoom and security camera manufacturer Ring, both of whom faced penalties for failing to properly encrypt user video.

The tech companies were also called on the carpet, asked to meet with Ferguson’s office by August 28 to elaborate on their privacy and security commitments to US consumers; this may be a closed-door inquiry into whether or not foreign powers have made any similar requests. The letters were sent out to Akamai, Alphabet, Amazon, Apple, Cloudflare, Discord, GoDaddy, Microsoft, Signal, Snap, Slack, and X.

Tech companies already under FTC scrutiny for speech issues

The Section 5 rule that the FTC is invoking centers on unfair and deceptive practices, but since the Trump administration took over the agency has been very active about examining tech companies for potential suppression of free speech as well. Ferguson was appointed in February shortly after the administration came into power and his first significant action was to issue a “Request For Information” (RFI) to a number of the big tech companies, asking for clarification on how user speech might be limited or blocked via algorithms or moderating techniques such as “shadow banning.”

The UK government’s general push to have law enforcement backdoors in all strong encryption appears to have been the definite focus of these letters, however. The tech companies were told by the FTC that the reason for any security changes they make must be disclosed to users if it involves cooperation with a foreign government’s demands. That was clearly directed at the UK’s use of a “Technical Capability Notice” to make its demands of Apple, the terms of which require the subject to keep quiet about what is being asked and forbids any media members with knowledge of the matter from reporting on it.

While the news looks good for an eventual return of Apple’s Advanced Protection Program to the UK, there has been no announcement as of yet. The company was slated to legally challenge the order in a UK court in early 2026, and it remains unclear if that will need to go forward as well.