With high-profile attacks disrupting food and fuel supplies in the last few weeks, cybersecurity is justifiably front and center in the minds of Americans. In fact, cyber attacks were a main point raised by President Joe Biden in the recent summit with Russian President Vladimir Putin. Officials at the Federal Communications Commission (FCC) are actively working to get Chinese-made telecommunication equipment out of our domestic networks and encouraging our allies to do the same. House Intelligence Committee Chairman Peter Schiff (D-Calif.) just recently called on the United States to “go more on offense” in response to cyber threats.
But, in another classic Washington case of the federal government’s left hand having no idea what the right hand is doing, a bipartisan antitrust push against “big tech” threatens to undermine any progress made under this new cybersecurity zeal. And, in a weird twist of hypocrisy, some conservatives who have been vocal supporters of punishing China’s and Russia’s cyberattacks are willing to expose the personal information of millions of Americans because of their vendetta against “big tech.”
This week, the House Judiciary Committee marked-up six bipartisan antitrust bills aimed squarely at Amazon, Apple, Facebook and Google. Four of the six bills pose serious questions for cybersecurity.
The most problematic bill in this regard is the Augmenting Compatibility and Competition by Enabling Service Switching Act (ACCESS) Act. The ACCESS Act mandates that the covered tech giants establish interoperability interfaces where competitors can access user data, while leaving most of the details of how this will work to the Federal Trade Commission (FTC). Thus, it remains to be seen which kinds of entities may suddenly find themselves gifted access to Americans’ data, and what kind of data they may be entitled to. However, there’s a very real possibility that Facebook, YouTube, and Amazon users could suddenly find their data shared with China-based TikTok, WeChat, and Alibaba without their approval. At that point, it’s safe to assume that data will find its way into the hands of the Chinese government. For instance, Alibaba is currently in talks with the Chinese government to turn over their consumer data to state-owned firms as part of China’s nationwide social credit system. What’s to stop other nefarious actors from standing up “competitors” to America’s tech sector and demanding access to this data as well?
This all echoes of the dangers cybersecurity experts warn of in regards to data encryption and so-called “backdoors.” While some believe that law enforcement agencies need backdoors to encrypted data, the fact is that when any kind of vulnerability is built into the system for the good guys, it will still be there for the bad guys. An interoperability interface is exactly that. Firms that place consumer privacy and security at the center of their business model shouldn’t be forced into this one-size-fits-all tradeoff.
Three of the other bills would dramatically curb the ability of the covered tech companies to develop or adopt new and innovative cybersecurity tools and practices. For example, the Platform Competition and Opportunity Act amounts to an effective ban on the major tech companies’ ability to acquire new firms. New and innovative cybersecurity firms could see their investment potential quickly dry up with major buyers forced out of the market. Mergers and acquisitions are significant drivers of venture capital investment in Silicon Valley. Closing off this avenue for investors to eventually exit will have predictable and deleterious effects on innovation and competition, not to mention cybersecurity.
The Ending Platform Monopolies Act and the Platform Anti-Monopoly Act are similar bills that, at the end of the day, seek to force the major tech companies to spin off or shut down many of their vertically integrated assets. A good example is forcing Facebook to divest from Instagram. The bills go so far as to likely ban Apple from preloading applications onto iPhones.
The vulnerabilities created by this kind of artificial downsizing and these restrictions are practically endless. Limiting the ability for companies to provide applications and software consumers know they can trust from the get go is more than a bit of a security nightmare. It puts the average consumer in greater danger of installing all kinds of malware and is akin to selling the average consumer a car missing most of its parts and safety features.
Overall, downsizing firms means downsizing the resources they’re each able to dedicate to cybersecurity. Best practices would no longer be seamlessly shared and applied across different products and services. After all, under this new approach to antitrust, such coordination and communication between firms could be deemed anticompetitive, even if it benefits consumers.
Cutting firms down also means cutting their ability to fund research and development into the technologies America needs to stay ahead of rival powers like China in the fields of artificial intelligence and quantum computing. America cannot pretend that localizing all the funding for such efforts within the bureaucratic structures of government is the best that can be done. It’s not putting all of the eggs in one basket, it’s putting them in a torn plastic bag.
Perhaps the greatest danger this antitrust effort poses for cybersecurity, however, is the slapdash nature of it all. Politicians on both sides of the aisle are putting a greater value on the appearance of doing “something” about the tech sector before the next election versus considering all of the potential unintended consequences of upending companies and their products and services that most Americans use on a daily basis. And with the recent, undeniable uptick in cybersecurity threats and incidents, the timing couldn’t be worse.
Patrick Hedger is vice president of Policy at the Taxpayers Protection Alliance.