Electronic Frontier Foundation (EFF) has kicked off a new campaign calling on technology companies to offer better privacy protections to users. The Encrypt It Already campaign is practically begging for end-to-end encryption to be implemented across data and communication systems by default.
EFF points to the likes of WhatsApp and Signal – both of which already offer end-to-end encryption as being good examples of ensuring that only sender and recipient are able to access messages. Recognizing that the approach taken will be different depending on the product and the circumstances, EFF has a number of suggestions.
With WhatsApp and Signal being used as examples of how communication should be encrypted, it is Apple’s Advanced Data Protection that is singled out as an example of encrypting data.
In calling on technology firms to help protect the privacy of users, EFF is making a number of requests and suggestions:
- Keep your Promises: Features that the company has publicly stated they’re working on, but which haven’t launched yet.
- Facebook should use end-to-end encryption for group messages
- Apple and Google should deliver on their promise of interoperable end-to-end encryption of RCS
- Bluesky should launch its promised end-to-end encryption for DMs
- Defaults Matter: Features that are available on a service or in app already, but aren’t enabled by default.
- Telegram should default to end-to-end encryption for DMs
- WhatsApp should use end-to-end encryption for backups by default
- Ring should enable end-to-end encryption for its cameras by default
- Protect Our Data: New features that companies should launch, often because their competition is doing it already.
- Google should launch end-to-end encryption for Google Authenticator backups
- Google should offer end-to-end encryption for Android backup data
- Apple and Google should offer an AI permissions per app option to block AI access to secure chat apps
More than this, EFF is also looking for better communication and transparency from companies to let their customers know about the existence of such features, and calls for technical data about implementation to be made available so anyone who is interested is able to see it. The foundation suggests the following should be done by companies in addition to rolling out end-to-end encyption:
- A blog post written for a general audience that summarizes the technical details of the implementation, and when it makes sense, a technical white paper that goes into further detail for the technical crowd.
- Clear user-facing documentation around what data is and isn’t end-to-end encrypted, and robust and clear user controls when it makes sense to have them.
- Data minimization principles whenever feasible, storing as little metadata as possible.
You can find out more in EFF’s blog post about the campaign, and you can also check out the Encrypt It Already website
