The Federal Trade Commission (FTC) has cautioned major tech firms against compromising the privacy, data security, or free speech rights of Americans in response to pressure from foreign governments.
In letters sent to those entities on August 21, 2025, Chairman Andrew N. Ferguson reminded firms that complying with international demands such as weakening encryption or censoring lawful speech may violate US law and the FTC Act’s prohibition on unfair or deceptive practices.
The letters were addressed to executives at over a dozen technology firms operating in sectors including cloud computing, messaging apps, social media, and cybersecurity. Recipients include Alphabet, Amazon, Apple, Meta, Microsoft, Cloudflare, Akamai, Signal, Snap, X (formerly Twitter), GoDaddy, Slack, and Discord.
The warning stems from growing international regulatory pressure that could indirectly erode protections for US users. Specific concerns include Europe’s Digital Services Act (DSA), the UK’s Online Safety Act, and the UK’s Investigatory Powers Act, all of which either encourage broad content moderation mandates or enable government access to user data by undermining encryption standards. Ferguson emphasized that while firms may seek to comply with such laws to continue operating abroad, they must not do so in a manner that exposes American users to censorship or surveillance.
The letter frames these foreign policies as fundamentally at odds with American legal and cultural values, invoking the First Amendment and past abuses of federal authority. Ferguson expressed concern that companies may be tempted to apply uniform global policies such as content filtering or encryption backdoors across all regions, rather than tailoring compliance to specific jurisdictions. This, he warned, could result in US consumers facing surveillance risks or content suppression without legal necessity.
The FTC reminded companies that any departure from their stated data security and privacy commitments, especially in response to foreign pressure, could constitute deception under Section 5 of the FTC Act. Past enforcement actions cited in the letter include cases against Microsoft, Zoom, and Ring, where the Commission penalized firms for failing to deliver promised levels of encryption or data protection.
The FTC's letter also makes clear that failing to notify users about weakened encryption or foreign-mandated censorship could itself be considered deceptive. Additionally, applying foreign legal standards to American users, especially without disclosure, could be deemed “unfair” under the law, even if those foreign mandates were never intended to apply within the US.
The companies addressed in the FTC’s letter represent some of the most widely used digital services in the US, many of which have staked their reputations on offering secure communication and data protection. Apple and Signal, for instance, have long marketed their use of strong encryption as a core feature. Any backsliding, particularly in secret, could trigger regulatory penalties and undermine consumer trust.
Chairman Ferguson’s letter closes by inviting company leadership to engage directly with the Commission before August 28, offering a venue to discuss how they plan to balance international legal compliance with obligations under US law and their own consumer-facing promises.
Leave a Reply