The Senate Judiciary Committee has dispatched a blitzkrieg on consumer security and privacy in the tech sector. It has in the last month rubber-stamped the American Innovation and Choice Online Act and the Open App Markets Act, justifying reckless market interventions as nominally “pro-competition.” In reality, these bills are nothing more than neo-Brandeisian knee-jerkery, and, unsurprisingly, are economically foolhardy and repressive towards innovation. To boot, they will limit the ability of tech companies to protect their customers from nefarious online actors, cracking down on a number of safeguards that have developed organically in the free market and are essential to the digital privacy and security of users. In short, these bills will force the average American to buy and use unsafe devices.
First off, both AICOA and OAMA will severely curtail the ability of operating systems to control sideloading (the downloading of apps from unvetted, third-party app stores or the open web). Mobile devices currently disallow (on iOS devices) or highly discourage (on Android devices) sideloading due to the high likelihood of unvetted apps jeopardizing user security. Instead, platforms curate app stores (i.e. the App Store, Google Play, etc.), in which users can be reasonably certain that any app they download is vetted and safe. Moreover, the desire to access large consumer bases through these app stores incentivizes individual app developers to take user security more seriously.
These bills will force the average American to buy and use unsafe devices.
Although restrictive to user choice, the system of curated app stores is popular with and beneficial to consumers, the vast majority of whom are unable to personally vet apps for security risks. In fact, users who sideload may never realize that they have installed malware, as malicious software often “spoofs” credible apps or skulks invisibly in the background of the operating system. Android users, who have the ability to manipulate their settings to allow sideloading, are 15 times more likely to be infected by malware than iOS users, who do not. In the name of increasing competition among app developers — a goal which will by no means be achieved should they become law, — the AICOA and OAMA place millions of unwilling users in harm’s way. And, while consumers should be able to engage in risky online behavior if they so choose, they should have safer options, as well.
The AICOA further threatens user security by mandating data sharing and portability. Essentially, individual apps will be able to demand the user’s information from the operating system and dispose of that data as they see fit. To illustrate, consider status quo protections of user payment information, which the AICOA seeks to ban. Users currently give their payment information to the platform, which serves as a middleman and data shield in purchases, preventing individual apps from actually viewing sensitive personal data such as credit card information.
Users’ embrace of Apple’s recent privacy innovations proves that there is considerable demand for data protection, as droves have chosen to block apps from tracking and sharing their data. Users took to these new protections as eagerly as Minnesota Sen. Amy Klobuchar (chief sponsor of the AICOA) took to chucking office supplies in staff meetings. So eagerly, in fact, that notorious data-grabber Meta has projected a $10 billion loss in 2022 as it is no longer able to pilfer users’ information for advertising purposes. Notably, Google announced last week that it, too, will roll out similar user protections.
The potential threat of mandatory data portability under the AICOA is especially worrisome given that the bill forbids platforms from “…establishing contractual or technical restrictions that prevent the portability of the business user’s data by the business user to other systems or applications.” So, once a given app has customer information, it is free to dispose of that data in a variety of dodgy ways. Furthermore, in addition to threats posed by hackers and amoral tech entrepreneurs, America must account for the snooping of Chinese cyberspies; mandatory data portability makes the unsavory work of all three groups far easier.
Americans should have no faith that this FTC won’t immediately abuse any new antitrust powers entrusted to it by Congress.
Both the AICOA and the OAMA are worded in an overly broad manner which spells doom for tech companies’ future legal defenses. To make matters worse, the interpretation and enforcement of both bills largely falls to an increasingly aggressive Federal Trade Commission, headed by Lina Khan, a regressively radical antitrust inquisitor. Americans should have no faith that this FTC won’t immediately abuse any new antitrust powers entrusted to it by Congress. And, as both bills also provide for enforcement by state attorneys general, tech companies will be beset from all sides with little hope of legal relief.
Private actors, who have all the benefits of specialization, often hem in the consumer’s range of choices in response to market demands for security. Legislators would do well to reflect on the utility of such tradeoffs before recklessly endangering their constituents’ security and privacy.
David B. McGarry is a contributor with Young Voices from sunny Los Angeles. He’s a staunch defender of liberty and American institutions. Follow him on Twitter @davidbmcgarry.