Today a dozen prominent former intelligence and defense officials wrote U.S. House leadership to raise concerns about the security implications of the controversial House ‘breakup bills,’ in a letter first reported by Axios. The letter, signed by multiple former Directors or Deputy Directors of National Intelligence and the Central Intelligence Agency, among other critical roles, explains that “[r]ecent congressional antitrust proposals that target specific American technology firms would degrade critical R&D priorities, allow foreign competitors to displace leaders in the U.S. tech sector both at home and abroad, and potentially put sensitive U.S. data and IP in the hands of Beijing.”
The former officials’ comments reinforce the severity of the threats that were apparent when the White House convened industry leaders to address cybersecurity risks in late August. Foreign threat actors pose a growing threat to U.S. national and economic security, and leading digital services are at the forefront of the U.S. response to that menace. Following high-profile attacks like the Solarwinds breach, President Biden labeled the issue a “core national security challenge” in remarks on August 25.
That challenge stands to be compounded at both an individual and national level if the wide-ranging bundle of tech regulatory proposals acted upon by the House Judiciary Committee earlier this year are enacted into law. As previously discussed here, these breakup bills threaten a panoply of collateral damage, including online trust & safety programs designed to keep Internet users safe, small business users of e-commerce services, and the ad-supported Internet writ large.
The most severe unanticipated consequences of the bills, however, could be the national and economic security consequences of hamstringing core U.S. technology providers at a critical inflection point for U.S. global competitiveness. The letter underscores this, arguing:
“At the very least, legislation intended to ban new acquisitions and force break-ups of some of the largest U.S. tech companies — and, in particular, those focused on consumer markets — deserves more study. Provisions in these bills that target a narrow group of U.S. companies without requiring similar oversight of Chinese tech giants such as Huawei, Tencent, Baidu, and Alibaba would place these already formidable competitors in a better position to assume global preeminence.”
User security implications
Today’s letter comes as a growing array of bad actors seek to exploit Internet users, increasingly by exploiting mobile devices, and policy changes promoted by the House bills could exacerbate these threats. This is not hypothetical: the FTC just took action against a mobile spyware vendor and its chief executive. The agency accused the company, Support King, of having left data on the open internet collected from “thousands of unsuspected users” with a “root” level application. The FTC acted in a similar case once before, in 2019. If digital services and app stores were prevented from taking precautions against companies with similarly shady practices, spyware developers would have greater access to unsuspecting consumers.
Today, many users affirmatively chose digital services based on their confidence about whether those products will protect them from security threats, and technology companies accordingly exercise caution about what software they distribute, what services they interoperate with, and where data is moved to. Digital services’ efforts to connect and enable users to move easily between services need to take user security into account. The fact that a U.S. platform could not refuse interoperating with a state-owned enterprise controlled by a foreign adversary demonstrates that, as the authors of today’s letter argue, the consequences of the bills require “more deliberate analysis.”
The breakup bills also contemplate mandating that U.S. products connect and port user data to rivals without exception — a requirement that may put users at risk. Software and hardware interoperability is a noble objective, fostering innovation and consumer choice. But if advancing interoperability were as simple as a government fiat, it would not have presented a persistent policy challenge since the 1990s. Markets, not bureaucrats, must provide interoperability. One such example is the Data Transfer Project, announced in 2018, which facilitates data portability between multiple online services.
When it comes to interoperability, the federal government must ensure misguided policy does not get in the way, not design products from Washington. Legislative efforts like the House breakup bills or the Open App Markets Act, which would place government regulators in the position of dictating product design, are bad policy. Overly prescriptive regulations would deter both investment and innovation in software design and distribution. Policymakers are better served allowing market competition between app stores and between ecosystems to advance consumers’ interests.
Economic security implications
The security ramifications of the breakup bills extend beyond risks to individual users. The bills quite intentionally propose to take a sledgehammer to leading U.S. services, which could result in displacing U.S.-led ecosystems in crucial market segments like app stores, search, cloud, and IoT. Even as U.S. companies would be compelled to give better treatment to products from competitors overseas, those competitors would not be obligated to provide similar treatment to their North American rivals. This would be a self-defeating result, contradicting the commitment that Congress has signaled regarding the need to bolster U.S. competitiveness in the Pacific.
At present, the U.S. economy is in a position of technology leadership, characterized by strong public and private sector investment in R&D and next-generation technologies. With serious individual and macroeconomic threats looming on the horizon, it is more important than ever that technology innovation be driven by Western-democracy innovators. In light of that imperative, broad sectoral regulations aimed at hobbling leading U.S. digital services don’t belong on the policy prescription menu.