Over the past few years, the European Union has taken an aggressive posture on tech regulation, targeting large U.S. tech firms and showing little regard for the global implications of their approach. Now, Congress is working on its own framework for regulating the tech industry. This week, former national security, defense, and intelligence leaders sent an open letter to Congress urging lawmakers to consider the global security implications of current tech legislation pending on Capitol Hill.
The letter—signed by former Secretary of Defense Leon Panetta, former Secretary of Homeland Security Jeh Johnson, and former Director of National Intelligence James Clapper, among others—focused on the “battle brewing between authoritarianism and democracy.” The open letter reads in part:
We call on the congressional committees with national security jurisdiction … to conduct a review of any legislation that could hinder America’s key technology companies in the fight against cyber and national security risks emanating from Russia’s and China’s growing digital authoritarianism … It is imperative that the United States avoid the pitfalls of its key allies and partners, such as the European Union (EU).
In recent years, the threat of digital authoritarianism and the cyber capabilities of U.S. adversaries have grown significantly. Authoritarian regimes like Russia and China are increasingly turning to digital tools as a means to repress their own populations, gain influence abroad, and challenge their international competitors. Russian cyberattacks and digital disinformation campaigns against Ukraine are only the latest examples.
In this new world of digital warfare, the United States has an obligation to protect the nation from cyberattacks and counter digital authoritarianism wherever possible. A 2020 report from the Democratic staff for the Senate Committee on Foreign Relations on China and digital authoritarianism crystalized this responsibility. As “the premier digital innovator on the globe,” the United States is “the primary entity capable of shaping the future of the digital environment.” The report continues on to warn that “if the United States continues to cede its traditional role of diplomatic and technological leadership, the global growth of China’s digital authoritarianism model presents a sinister future for the digital domain.”
The former national security leaders’ letter correctly notes that the tech industry is one of the nation’s biggest advantages in the global digital conflict. While prominent tech companies have a mixed track record of working with authoritarian regimes and enabling digital authoritarianism, the tech industry, by and large, has advanced liberal, democratic values abroad. In Ukraine, for example, American social media platforms have played an important role even after being banned in Russia. Perhaps more significantly, Starlink has reportedly promised to send thousands of satellite internet receivers to Ukraine in an effort to keep the country online. But this can cut the other way. For instance, late last year, several U.S. tech companies acceded to Kremlin pressure to ban Putin opponent Alexei Navalny’s voting app from their app stores. Similarly, Apple has blocked numerous apps from its app store in China, including privacy tools like VPNs and even the Voice of America mobile app.
All of this is happening against the backdrop of a “techlash” in the United States and Europe. Trust in the tech industry is at an all-time low with many consumers justifiably concerned about privacy, bias, and security. The current techlash has spurred American lawmakers to introduce legislation aimed at addressing the perceived ills of Big Tech.
However, the U.S. federal government has been more of a follower than a leader when it comes to tech regulation—and now even states like California are stepping in to set rules with global implications. On the global stage, the European Union has taken the lead in shaping tech governance, first with the General Data Protection Regulation (GDPR) in 2016 and now with the forthcoming Digital Markets Act (DMA) and Digital Service Act (DSA). The GDPR is a far-reaching regulation that governs how online data processors must handle data privacy and security—among other things, it’s responsible for those annoying cookie notifications. The DMA is essentially antitrust legislation that bans certain practices by large tech firms, while the DSA establishes new rules for digital services around advertising and content moderation.
Since the United States has so far been slow to establish laws and regulations for digital platform governance, European laws and regulations have spillover effects into American markets. In a phenomenon known as the Brussels Effect, strict regulations in the EU tend to have an extraterritorial impact. While the GDPR is not enforceable in the United States, many American companies have implemented features stipulated in the GDPR for non-EU users. Since compliance costs for the GDPR and penalties for violations are high, many companies have taken a “better safe than sorry” approach and simply applied the GDPR to all users. The same will happen with the DMA and DSA.
Many contend that the DMA and DSA unfairly (and deliberately) target the U.S. tech industry. In a joint statement, Senate Finance Committee Chair Ron Wyden (D-OR) and Ranking Member Mike Crapo (R-ID) said of the DMA and DSA that: “these discriminatory policies will distort trade by disadvantaging U.S. companies and their workers, protecting domestic European firms, and even giving an unfair advantage to government-owned and subsidized companies based in China and Russia that do not reflect shared U.S.-E.U. values of democracy, human rights and market-based principles.”
In response to these concerns, the Biden administration has reportedly been in discussions about the DMA and DSA with the Transatlantic Trade and Technology Council. But it’s not clear that legislation being considered before Congress would seriously address this. Rather, many of its proposals seem to buy into the protectionist European theory of singling out large U.S. firms. In the fight against digital authoritarianism and the global race for tech dominance, it would be irrational for the United States to buy into the assumptions and attitudes of the EU’s historically anti-American approach.
It’s time for the United States to wake up to the global challenges ahead, and the rivalry between liberal Western values and growing illiberal threats. If this is to succeed, Congress and the administration must work to change the narrative, and work to create sector-wide legal and regulatory frameworks for tech that can be a global model to promote democratic values, as well as robust global competition, economic growth, and innovation.
Luke Hogg is Policy Manager at Lincoln Network, focusing on the intersection of technological innovation and public policy.