The Revised American Innovation and Choice Online Act (AICOA) is Still Fundamentally Flawed
Late on Wednesday evening, Sen. Amy Klobuchar’s (D-Minn.) office quietly posted the text of a new manager’s substitute amendment to the American Innovation and Choice Online Act, S. 2992, her bill to expand antitrust enforcement against Big Tech by banning an assortment of ostensibly anti-competitive business practices. While the changes to the bill are presumably intended to allay some of concerns that senators of both parties expressed during its markup in the Judiciary Committee, in practice the edits seem merely tactical rather than substantive.
Unsurprisingly, the amendment makes no substantive changes to its core provisions targeted at vertical integration, which would massively decrease the usefulness of services like Amazon Prime, Google Search and iPhones, among many other products. A good example is Google’s search engine, which could be accused of bias by directing users to its own products by integrating Google Maps (and not Apple’s) into its search results, or for integrating its customer reviews (and not Yelp’s) into Maps. Similarly, Amazon would be prohibited from selling its Basics line of products, while other retailers routinely sell their own branded products along those of their competitors.
While new language in the enforcement section of the bill makes explicit that the Department of Justice and the Federal Trade Commission need only have a “preponderance of the evidence” to prosecute accusations against the covered platforms, companies would still bear the burden of proving that they are not causing “material harm” to competition. Shifting the burden of proof in this manner violates the principle of due process, in that companies are functionally guilty until proven innocent of any accusation of anticompetitive conduct—whether levied by the government or by their rival companies.
This also creates an incentive for the covered companies to essentially over-enforce against themselves lest they risk the massive financial penalties that can be incurred for any violations. In other words, companies might be hesitant to offer new, useful features (in addition to breaking existing ones) for fear of lawsuits. Even the American Bar Association felt compelled to weigh in against the impossible level of uncertainty this bill creates in how its provisions would actually be enforced, and the amendment adds very little clarity.
The most concrete and bipartisan concern expressed about S. 2992 during markup was that its interoperability and sideloading mandates could endanger consumer privacy and even national security. For example, the open-ended data interoperability and data access mandates in Section 3(a)(4) and (a)(7) contain only vague exceptions to who can access the companies’ data and for what purposes it can be used. Essentially, any “similarly situated” rival company could demand that Facebook share its user data if they claim that it’s needed for business purposes. Without a national data privacy framework to govern how that data must be secured, this creates massive potential for data breaches. Similarly, the nondiscrimination and interoperability provisions would force app stores to be much more cautious in removing apps from their stores that could pose threats, likely opening the door for more apps that may abuse user data or even contain malware.
The manager’s amendment glosses over the cybersecurity side of these concerns by simply inserting into section 3(a)(4) “except where such access would lead to a significant cybersecurity risk.” Without defining what qualifies as a significant risk, and with the burden to prove such a threat exists weighted against the companies, this line is functionally useless. Similarly, while there is an affirmative defense offered in Section 3(b) for protecting users’ data, companies would still be required to prove that any restriction of access to the data was “reasonably tailored and reasonably necessary, such that the conduct could not be achieved through materially less discriminatory means,” which is easier said than done. Under these requirements, companies that attempt to restrict potential bad actors from accessing data still do so at their own peril.
Many of the changes also appear tailored to exempt certain businesses that could have been included in the bill’s new enforcement regime. For example, credit card and payment companies like Visa benefit from the word “payment” being struck from the definition of “online platform.” Likewise, a newly added sub-paragraph specifically exempts telecommunications providers. These sort of tactical edits only further underline that the bill is inappropriately targeted at a specific handful of politically disfavored companies (Google, Meta, Apple, Facebook, Microsoft) rather than targeting something objective like measures of market concentration or genuine anti-competitive harm to consumers.
To be clear, the original bill as a whole was economically unsound, and it is difficult to conceive of an amendment that would make it supportable from a free market point of view. But for someone who wants this kind of open-ended antitrust assault upon Big Tech, S. 2992—even as amended—does so in a way that would cause a multitude of presumably unintended harms. Rushing such a bill into law would likely become a source of regret for lawmakers foolish enough to support it, once those side-effects start to become apparent to consumers.