Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
The US Federal Trade Commission has warned tech companies against lowering their encryption levels at the request of governments.
In a letter to major US tech companies, including “Akamai, Alphabet, Amazon, Apple, Cloudflare, Discord, GoDaddy, Meta, Microsoft, Signal, Snap, Slack and X”, US Federal Trade Commission (FTC) chairman Andrew N Ferguson said the push to lower encryption levels are a threat to privacy and freedom.
“I am concerned that these actions by foreign powers to impose censorship and weaken end-to-end encryption will erode Americans’ freedoms and subject them to myriad harms, such as surveillance by foreign governments and an increased risk of identity theft and fraud,” Ferguson said.
The letter also highlighted that while companies may feel the need to comply with the laws of foreign governments, they must also comply with the Federal Trade Commission Act’s “prohibition of unfair and deceptive practices in the marketplace”, the FTC wrote.
“For example, if a company promises consumers that it encrypts or secures online communications but then adopts weaker security in response to demands from a foreign government, such an action could be considered a deceptive practice under the FTC Act.”
US lawmakers took issue with the UK earlier this year after they demanded a backdoor be created in Apple’s Advanced Data Protection (ADP) encryption.
While Apple’s standard level of encryption allows access with a warrant, ADP is its most secure privacy measure and prevents even Apple from accessing using the opt-in security feature for encryption.
The UK demanded access to the data of Apple users for cases of national security threats.
Rather than comply with the order, Apple created a “backdoor” tool to allow the UK to access it. The tech giant said it was disappointed in having to remove ADP for the UK and that it maintains it is against compromising user security. However, at the beginning of March, Apple appealed the UK order with the nation’s Investigatory Powers Tribunal.
Five US federal lawmakers, including Senator Ron Wyden, wrote to the head of the British Investigatory Powers Tribunal, requesting that the hearing between the UK government and Apple be made public.
“Given the significant technical complexity of this issue, as well as the important national security harms that will result from weakening cyber security defences, it is imperative that the UK’s technical demands of Apple – and of any other US companies – be subjected to robust, public analysis and debate by cyber security experts,” the members said.
“Secret court hearings featuring intelligence agencies and a handful of individuals approved by them do not enable robust challenges on highly technical matters.”
Despite this, the hearing was held in private.
Lawmakers also suggested that the backdoor could breach a data privacy agreement between the US and the UK.
Congressman Jim Jordan, US House Judiciary chair, and Congressman Brian Mast, Foreign Affairs chair, warned in a joint letter that the backdoor could create security risks.
“Creating a backdoor into end-to-end encrypted systems, as the [UK backdoor order] does, introduces systemic vulnerabilities that can be exploited by malicious actors, including cyber criminals and authoritarian regimes,” the two wrote to UK Home Secretary Yvette Cooper.
“These vulnerabilities would not only affect UK users but also American citizens and others worldwide, given the global nature of Apple’s services.”
Jordan and Mast also requested that the US Department of Justice be made privy to the order so that they can determine whether it breaches a CLOUD Act agreement between the two nations that blocks the two nations from requesting data be decrypted. This would mean that Apple would be committing a criminal offence by following the order.
“We urge the Home Office to reconsider the issuance of TCNs that require the weakening of encryption, as such measures conflict with international human rights standards, including the European Court of Human Rights’ ruling that undermining encryption violates privacy rights,” Jordan and Mast said.
Be the first to hear the latest developments in the cyber industry.
