The 'Encrypt It Already' campaign, spearheaded by the Electronic Frontier Foundation (EFF), is making a strong call to major technology companies to fulfill their commitments to user data protection through the implementation of end-to-end encryption (E2EE) across their services. As privacy concerns grow due to the increasing use of artificial intelligence (AI), the EFF emphasizes the importance of prioritizing encryption to safeguard user conversations and data.

The campaign revolves around three main objectives: urging companies to release promised features, enabling existing E2EE features by default, and launching data protection capabilities that have been successfully adopted by other firms. Notable examples include Bluesky's long-awaited rollout of E2EE for direct messages, Ring's transition to default E2EE for its cameras, and Google's introduction of E2EE for Android backup data.

“E2EE is the best way to protect our conversations and data,” the EFF stated in a recent blog post, highlighting the critical role that encryption plays in maintaining user privacy.

As users of popular social media and messaging platforms like Facebook, Bluesky, Telegram, and Signal expect their communications to remain confidential, the risks escalate when service providers have access to this data. This concern intensifies when such information is shared with third parties, including law enforcement and government agencies, without user consent. E2EE effectively prevents unauthorized access by ensuring that only the communicating parties can view the content.

Some Broken Promises

The EFF’s initiative is not aimed at shaming companies for past failures but rather empowering individuals to take control of their privacy and data security. Thorin Klosowski, a security and privacy activist at EFF, noted that while companies should strive for improved privacy measures, E2EE seems to be deprioritized in favor of more appealing features.

For instance, when Bluesky launched its direct messaging feature in 2024, it cited the need for additional time to implement E2EE due to usability, security, and privacy considerations. As of January 2025, there has been no significant advancement reported on this front. Furthermore, Apple’s adoption of the Rich Communication Services (RCS) messaging protocol in 2024 has not yet led to full E2EE encryption between iOS and Android devices, which still requires collaborative efforts from both companies.

In 2023, Meta introduced E2EE by default for one-on-one conversations on Facebook Messenger, but the rollout remains optional for group chats and other features, indicating that while some progress has been made, full implementation is still lacking.

Demands to Turn on E2EE By Default

A central demand of the 'Encrypt It Already' campaign is for companies to enable E2EE features by default. While it is essential to offer E2EE, it is far more secure for users to have these features activated automatically rather than necessitating manual activation. Companies often prefer opt-out systems for usability reasons, which inadvertently places the burden of security on the users to be informed and proactive.

Research shows that most users do not alter default settings, underscoring the importance of making E2EE readily available. The EFF targets major companies for this campaign as many have either stated their intention to implement E2EE or are already offering it without default activation. Although implementing E2EE may take time, the EFF aims to initiate a critical conversation on the matter.

AI Ups the Ante on Privacy Concerns

With the rise of AI, the urgency for companies to address security and privacy concerns has intensified. Namrata Maheshwari, a senior policy counsel and encryption policy lead at Access Now, emphasized that it is crucial to provide encrypted communication channels that are secure from intrusive AI agents, which often have sensitive access to user information with limited human oversight.

The 'Encrypt It Already' initiative articulates specific demands for achieving this goal, reflecting the needs of civil society and privacy advocates, and underscores that companies must deliver on their promises.

When Is it Time to Celebrate?

Discussions surrounding the implementation of E2EE for communication and data storage are complex. While users deserve privacy, concerns arise in scenarios where individuals may be accused of serious crimes. Law enforcement may have valid reasons to access communications; however, the potential for misuse remains high.

Companies that adopt E2EE for their services cannot access user data, even if compelled by law. For example, Ring's previous partnerships with law enforcement faced backlash, leading to the removal of their Request for Assistance tool. However, a recent partnership with Axon allows law enforcement to request footage directly from users, raising further questions about privacy.

Despite the challenges, the EFF continues to advocate for default E2EE across platforms, emphasizing that it should be user-friendly and accessible. As the landscape evolves, the foundation remains hopeful that many companies will enable these features in the coming year, and Klosowski expresses optimism, stating, “We will celebrate it when it does.”

Source: Dark Reading News