In 2021, Washington D.C. had the country’s highest rate of identity theft, with over 1,700 reports per 100,000 residents. This ranking should make Congress more sensitive to the risks of consumer data. However, some lawmakers on Capitol Hill are still willing to risk data safety in their attempts to rein in big tech companies.
One example is the American Innovation and Choice Online Act (AICOA), introduced by Senator Amy Klobuchar (D-MN). This radical rewrite of America’s antitrust laws designates a few targeted big tech firms as covered platforms, requiring them to conform to interoperability and data sharing requirements. Unfortunately, while the bill would purportedly ban “unfair” practices of platform gatekeepers, it jeopardizes online consumer safety, making it easier for sensitive information to fall into the hands of cybercriminals.
The legislation is in direct opposition to consumer concerns. According to a recent poll by NetChoice, three out of four people reported being most concerned with online privacy and data. Additionally, the top tech issues that voters want Congress to address are cyberattacks, child predation, and user privacy. Only 12 percent of respondents believed breaking up big tech companies should be a priority.
Despite significant consumer concern over data privacy, lawmakers not only fail to address the problem, but they are also exacerbating it.
Section 2(b) of AICOA states that it would be illegal for specific covered platforms “to restrict or impede the capacity of a business user to access or interoperate with the same platform.” In practice, this requirement would prohibit platforms from implementing consumer protections against harmful apps or malware by requiring them to allow sideloading.
Sideloading is when companies permit software installation outside of approved channels–such as an App Store. The requirement would also leave little flexibility for platforms to remove harmful applications such as those that steal data and spread malware.
According to the Federal Trade Commission (FTC), malware “can monitor or control your computer use.” For example, malware may send consumers pop-up ads, redirect their computers to unwanted websites, monitor their Internet surfing, or record their keystrokes, which, in turn, could lead to identity theft.”
Malware risks from sideloading—a function of interoperability—are demonstrated by comparing Apple and Android devices. While Apple devices don’t allow sideloading, Android devices permit the practice. As a result, Android devices get infected with malware 15 to 47 times more than Apple iOS devices. Apple also noted that sideloading is also partially why “98 percent of mobile malware targets Android devices.”
In addition to interoperability requirements, the bill provides a vague definition of the term data. AICOA defines data as ” information collected by or provided to a covered platform or business user that is linked, or reasonably linkable, to a specific user or customer of the covered platform; or user or customer of a business user.” By not being specific with requirements, the AICOA is open to interpretation and could require the sharing of personally identifiable information with third-party operators who the consumer has not directly entrusted with such information.
As stated earlier, the interoperability requirement would prohibit platforms from denying access to potentially harmful actors. The requirement to share data along with a vague definition means platforms could be required to share a wide range of personal data even with actors that could present threats to privacy and security. This could potentially include not just the data of individuals who agree to share their data, but it could also include data such as shares, likes, or comments from individuals who have not consented.
Consumers feel differently thanAICOA’s proponents, who want big tech companies to share consumer data. Almost 90 percent of consumers reported their willingness to share data depended on how much they trust a company. But with this trust comes responsibility, as 64 percent of Americans say they would blame the company over the hacker in case of a data breach. While consumers may trust specific companies, it doesn’t mean they place the same trust in all companies. If enacted, the AICOA would require data sharing and jeopardize consumers’ privacy and security. Congress should listen to their constituents’ concerns and not put data at risk to target big tech.