The Electronic Frontier Foundation has opened a new chapter in its ongoing fight for digital privacy with the launch of “Encrypt It Already,” a targeted campaign demanding that major technology companies implement end-to-end encryption features they’ve either promised, offered incompletely, or ignored altogether. Announced in January 2026, the initiative represents a strategic evolution in privacy advocacy—moving beyond defensive resistance to government surveillance and toward proactive demands for corporate accountability in protecting user data.
The campaign arrives at a critical inflection point for digital privacy. While end-to-end encryption has become standard in some messaging applications, vast swaths of digital communication and data storage remain vulnerable to corporate surveillance, government access, and security breaches. By naming specific companies and articulating concrete demands, EFF is attempting to transform encryption from a niche technical feature into an expected baseline for consumer technology.
Three Categories of Accountability
EFF has organized its demands into three distinct categories, each targeting different aspects of corporate behavior around encryption implementation.
The first category, “Keep Your Promises,” holds companies accountable for encryption features they’ve publicly committed to building but haven’t delivered. This includes Facebook’s long-delayed end-to-end encryption for group messages, the interoperable encrypted messaging standard that Apple and Google jointly promised for Rich Communication Services, and Bluesky’s announced but undelivered encrypted direct messages. These demands leverage companies’ own public statements, making it harder for them to dismiss privacy advocates as unreasonable or uninformed about technical constraints.
The second category, “Defaults Matter,” addresses a subtler but equally important privacy failure: offering encryption features that users must manually enable. Telegram’s lack of default encryption for direct messages, WhatsApp’s optional backup encryption, and Ring’s opt-in camera encryption all fall into this category. From a privacy perspective, these represent particularly insidious failures. By making encryption optional rather than automatic, companies create a tiered system where only privacy-conscious users who navigate complex settings menus receive meaningful protection. The vast majority of users, who reasonably expect their communications to be private by default, remain exposed.
The third category, “Protect Our Data,” pushes for new encryption features that companies should implement because competitors have already demonstrated technical feasibility. EFF specifically calls for Google to encrypt Google Authenticator backups and Android backup data, while urging both Apple and Google to provide per-app controls that prevent AI systems from accessing content in encrypted messaging applications.
This final demand deserves particular attention. As technology companies rush to integrate AI features throughout their operating systems and services, they’re creating new pathways for data exposure that undermine encryption protections. If an AI assistant can read your encrypted messages to summarize conversations or suggest responses, the practical privacy benefit of encryption diminishes significantly. The demand for granular controls over AI access to encrypted apps represents forward-thinking advocacy that anticipates how emerging technologies might subvert existing privacy protections.
Implementation Matters as Much as Existence
EFF’s campaign goes beyond simply demanding that companies flip a switch to enable encryption. The organization articulates clear expectations for how companies should implement and communicate about encryption features, recognizing that poor implementation or opaque practices can undermine even technically sound encryption.
The campaign calls for companies to publish both general-audience blog posts explaining new encryption features and technical white papers that provide detailed implementation information for security researchers and privacy advocates. This dual approach acknowledges that different stakeholders need different levels of detail to evaluate whether encryption implementations genuinely protect privacy.
Equally important, EFF emphasizes the need for clear user-facing documentation that explains exactly what data receives encryption protection and what remains accessible to the service provider. This transparency requirement addresses a common source of user confusion and false security assumptions. Many people who use services with partial encryption wrongly believe all their data enjoys protection, when in reality only specific categories receive end-to-end encryption while metadata, backups, or other information remains accessible to the company.
The campaign also advocates for data minimization—storing as little metadata as possible—as a complementary privacy protection. Even when message content receives robust encryption, metadata about who communicates with whom, when, and how frequently can reveal sensitive information about relationships, activities, and patterns of behavior. Companies that collect minimal metadata limit the privacy risks even if encryption protections fail or get compromised.
The Broader Context of Encryption Under Pressure
“Encrypt It Already” emerges against a backdrop of intensifying government pressure to weaken or bypass encryption protections. Throughout 2025, EFF documented numerous attempts by governments worldwide to mandate backdoors, require client-side scanning, or otherwise undermine the mathematical certainty that makes end-to-end encryption effective.
The European Union’s controversial Chat Control proposal, which would mandate scanning of encrypted messages for child abuse material, represents one of the most significant threats to encryption in recent years. Despite sustained opposition from privacy advocates, technical experts, and civil liberties organizations, the proposal has repeatedly resurfaced with minor modifications, demonstrating how persistent government pressure on encryption remains.
The United Kingdom has similarly demanded that Apple create backdoors into its encrypted backup services, albeit limited to British users. These government demands create enormous pressure on companies to weaken security for everyone, as creating targeted vulnerabilities almost inevitably creates exploitable weaknesses that malicious actors can discover and abuse.
In this context, EFF’s campaign serves dual purposes. First, it pushes companies to strengthen encryption protections before governments can mandate weakening them. Second, it builds public awareness and support for encryption as a fundamental privacy protection, creating political pressure that makes it harder for governments to justify anti-encryption mandates.
What Users Can Do
EFF provides concrete actions for individuals who want to support stronger encryption adoption. The most immediate step involves enabling any available end-to-end encryption features on services like Telegram, WhatsApp, and Ring. By demonstrating user demand for encryption through adoption rates, individuals signal to companies that privacy protections influence their technology choices.
The campaign also encourages direct communication with companies through social media, feature request forms, and support channels. EFF provides shareable messages for social platforms and directs supporters to company-specific feedback mechanisms where they can request the encryption features outlined in the campaign.
For Telegram and Ring specifically, EFF has created or identified existing feature requests that supporters can upvote to demonstrate demand. These centralized requests consolidate user voices and make it easier for companies to quantify interest in specific privacy features.
The Road Ahead for Privacy-Protective Technology
“Encrypt It Already” represents more than a campaign focused on nine specific demands across six companies. It articulates a vision for digital privacy where end-to-end encryption becomes the expected standard across a much broader range of products and services.
EFF explicitly frames its current demands as “just the start,” arguing that encryption protections should extend to fitness wearables, note-taking applications, and countless other categories of digital services that currently store sensitive personal information in unencrypted or weakly encrypted formats. This expansive vision recognizes that as more aspects of daily life become mediated by digital technologies, the scope of data that deserves robust encryption protection continues to grow.
The campaign also implicitly challenges the technology industry’s tendency to treat privacy as a premium feature reserved for users willing to navigate complex settings or pay for upgraded service tiers. By demanding that encryption become the default rather than an option, EFF pushes for a democratization of privacy protections where everyone benefits from strong security regardless of their technical sophistication or willingness to pay.
Whether “Encrypt It Already” succeeds in compelling companies to implement these specific features remains to be seen. However, the campaign has already succeeded in articulating a clear, actionable agenda for what stronger consumer privacy protection looks like in practice. By naming specific companies, features, and implementation standards, EFF has created a framework for evaluating corporate privacy commitments that goes beyond vague promises and focuses on concrete, measurable outcomes.
In an era where data breaches, government surveillance, and corporate data exploitation have become routine, campaigns like “Encrypt It Already” offer a path forward that empowers users without requiring they become security experts. The question now is whether technology companies will respond to advocacy and user demand, or whether stronger privacy protections will require regulatory mandates that force their implementation.
