October is many things. It’s the month where the weather begins to get decidedly colder. Autumn is in the air and Halloween looms right around the corner. However, most might not know that October is also Cybersecurity Awareness Month. In 2004, then-President Bush – along with Congress – dedicated the month of October to “helping individuals protect themselves online as threats to technology and confidential data become more commonplace.”
Eighteen years later, those threats have become even more sophisticated and everyday Americans and lawmakers alike are finding ways to address them.
Unfortunately, some of the cybersecurity threats over the horizon are not originating necessarily from foreign adversaries, but instead from ill-advised legislative proposals. Bills ranging from the halls of Congress to state houses across the nation provide broad mandates that will inevitably inhibit the ability of contemporary tech companies to rise to meet the challenges that face them in an increasingly digital world.
Among these proposals is a duo of bills working their way through Congress at the moment. The Open App Markets Act (OAMA), introduced by Sen. Richard Blumenthal, D-Conn., would prohibit tech companies who operate mobile app stores from barring third party developers from their space. Ostensibly in the name of competition, OAMA would make it presumptively anti-competitive to refuse to host an app on an app store. The bill would also require devices to allow “side loading,” meaning users would be allowed to download third party content outside of the main pre-loaded app store.
For one thing, there are a number of reasons a smart phone provider might want to keep a third party developer off its app store. The foremost of which is that a particular app might pose a security risk to its customers. This is also the reason some companies are uncomfortable with side loading. It makes the download of malware and the compromise of the entire device altogether more likely. Under OAMA, tech companies would have to continually justify their basic security measures to an Federal Trade Commission tribunal. Companies should not have to ask for permission to secure their products.
Moving alongside OAMA is the American Innovation and Choice Online (AICO) Act, introduced by Sen. Amy Klobuchar, D-Minn. AICO would similarly make it presumptively anticompetitive for tech companies to favor or preference their own products or services. These range from search results to payment processing systems and security services.
The latter two are most concerning in this instance. Smart phone providers insist on their own security services and payment processing systems to minimize threats to their networks and operating systems. AICO would have these precautions treated as monopolistic behavior reminiscent of the “robber barons” of old. However, these cybersecurity protections are nothing of the sort.
AICO and OAMA are also accompanied by a handful of similar bills moving at the state level. These bills would jeopardize consumers in those individual states. They would also necessitate costly changes by tech companies, having to follow a patchwork of different regulations across the nation. This would detract from their efforts to bolster cybersecurity nationwide, as they’d now need 50 different strategies, as opposed to just one.
Also at the state and local level is the issue of government-owned networks (GONs). Municipalities across the nation are taking it upon themselves to build out and run their own broadband networks. These GONs are poised to receive an influx of federal funding if state and local officials are careless with new federal broadband spending.
However, the nation has seen a number of cyber attacks not just aimed at federal government agencies, but states and municipalities as well. Where internet service providers have resources and expertise at their disposal to fend off these attacks, small towns and cities often do not. They are already at risk from more sophisticated adversaries. Putting them in charge of the internet of thousands – if not millions – of people is an especially foolish idea.
While the nation’s cybersecurity may fly under the radar in favor of changing leaves, Halloween costume shopping, and the beginning of playoff baseball, it remains immensely important. Families should consider how best to keep their devices safe and lawmakers should ensure that tech companies that service millions are able to do so without the red tape of government wrapped around their hands.
Dan Savickas is the director of tech policy at the Taxpayers Protection Alliance.
