Over the past several months, Congress has identified and prioritized the need to address what they see as unregulated behavior in large tech companies. By taking a look at two of the House bills which address antitrust regulation, this explainer analyzes sections which we believe will have detrimental, unintended, third-order effects on cybersecurity. Security at the pace of bureaucracy is anathema to the growth of a cybersecurity mindset and improved cybersecurity. Therefore, given the cybersecurity ramifications of these provisions, we recommend amending or removing existing language to address these concerns.
The analysis focuses squarely on the cybersecurity and data protection concerns of the identified provisions, and does not address the raging debate on the merits of the antitrust proposals more broadly, which R Street has come out against.
Rep. David Cicilline’s (D-R.I.) American Choice and Innovation Online Act (HR3816)
Introduced in the House of Representatives on June 11, 2021, the American Choice and Innovation Online Act aims to ban discriminatory conduct by covered platforms.
*Required as part of a report
Rep. Mary Gay Scanlon’s (D-Pa.) Augmenting Compatibility and Competition by Enabling Service Switching (ACCESS) Act of 2021 (HR3849)
Introduced in the House of Representatives on June 11, 2021, the Augmenting Compatibility and Competition by Enabling Service Switching (ACCESS) Act of 2021 aims to promote competition, lower entry barriers, and reduce switching costs for consumers and businesses online.
These two bills, among the other antitrust bills that have been introduced, have three of the same challenges. They try to address antitrust concerns, but by doing so, they undermine the security of the networks the covered platforms control. First, they require more data to be shared and interoperable, opening up new and undetermined avenues for security threats and data leaks through unverified third parties. Second, as they require interoperability with third parties, they restrict or reduce the ability of entities themselves to use data available across their own platforms to create cheaper, more effective solutions for their customers. Third, these provisions include unacceptable obstacles to security improvements through conditioning updates and patches on FTC approval prior to implementation. Lastly, provisions in these bills impinge on the work of data security and privacy experts who are making strides to improve security through comprehensive legislation, and may be counterproductive to overarching data security goals. Unfortunately, Sen. Amy Klobuchar (D-Minn.)’s American Innovation and Choice Online Act (S. 2992) takes a similar guilty-until-innocent approach, which mentions security in only one of seven prohibited practices and would have much the same chilling effect on security as the House bills.
Saying nothing of the debates on the merits of the antitrust arguments, these bills create significant challenges to improving the cybersecurity and data security and privacy of users and networks. At a minimum, these provisions should be amended or removed as the House debates these bills.
For more information on the subject, contact
Policy Director, Cybersecurity and Emerging Threats
Image credit: Skórzewiak