FTC warns Apple it must not weaken data encryption at behest of rogue governments
No longer available in Surveillance Britain
The expression damned if you do and damned if you don’t comes to mind as Apple struggles against increasingly disharmonized governments worldwide. What one government is asking for, another declines, and in the background the US FTC is placing its own fresh new pressures against the company.
Bedtime for democracy
Only in the last week did we learn that the UK may have moderated its undemocratic demand that Apple weaken date encryption for all its users, this morning we learn that Russia will demand any iPhone users install its own state surveillance app, even as China shows the extent to which it has a hand in the means of production by removing 300 engineers from the task of setting up new factories in India.
Then came this letter from the US government’s Federal Trade Commission (FTC) Chairman Andrew Ferguson who warned a series of companies that they must resist pressure from foreign governments to weaken security protections for US consumers.
The letter makes particular reference to the rogue UK government in its ill-thought-through attempt to build its own version of a surveillance state.
UK is eroding freedom
“I am concerned that these actions by foreign powers to impose censorship and weaken end-to-end encryption will erode Americans’ freedoms and subject them to myriad harms, such as surveillance by foreign governments and an increased risk of identity theft and fraud,” Chairman Ferguson wrote.
The letters leave little doubt who the culprits of this rampant attempt to undermine online security are, and it’s not the suspects decades of Cold War conditioning may have led us to expect..
Pointing to the pressure companies might be under to censor and weaken data security protections for Americans in response to the laws, demands, or expected demands of foreign powers, it named the European Union’s Digital Services Act, the UK’s deeply flawed and censorious Online Safety Act, and the UK’s Investigatory Powers Act, which demands that companies weaken encryption so UK spies can access their data.
Apple must not deceptively weaken encryption
The letter warned that as companies consider how to comply with foreign laws and demands, they must still comply with the FTC Act’s prohibition against unfair and deceptive practices in the marketplace.
“For example, if a company promises consumers that it encrypts or secures online communications but then adopts weaker security in response to demands from a foreign government, such an action could be considered a deceptive practice under the FTC Act,” the letters said.
That’s an interesting approach as it implies that in the event Apple were to secretly weaken security protection in a way that impacted US users – including conceivably the security of communications between a US and a UK user – then it could be in breach.
The problem here being that if it does inform US users of a data encryption weakness put in place at the behest of a foreign power, then it may be in breach of the law of that foreign power. The UK, for example, seems to think it’s cool to demand weaker encryption without telling anyone at all, including its own subjects.
Might this imply that in any future litigation pertaining to these laws, the US would step in to defend its tech firms? It feels like it might.
Who is being targeted?
What’s interesting – and in light of the secretive manner in which the demands have been made, potentially revealing, is with whom the letter has been shared: Akamai, Alphabet, Amazon, Apple, Cloudflare, Discord, GoDaddy, Meta, Microsoft, Signal, Snap, Slack and X are all named.
This strongly suggests that part of the international attempt at creating a surveillance environment sees authorities demanding deep access to the key nodes of the internet itself. To some extent they’ve always had such access, but the fact they are demanding more is a concern in its own right.
You can follow me on social media! Join me on BlueSky, LinkedIn, and Mastodon.
