One of the biggest threats to U.S. national security and economic well-being is coming not from antagonistic nations such as Russia, China, or Iran. Instead, the source of this danger is the U.S. Senate, specifically, the Senate Judiciary Committee.
The committee recently voted out a bill, the American Innovation and Choice Act (AICA), that threatens not only to weaken this country’s advanced technology sector but also adversely impact America’s supply chains in a time of crisis. If passed into law, AICA will give both state and non-state actors new opportunities to do considerable damage to U.S. national security. It also fundamentally changes the regulatory standard for pursuing antitrust actions and sends a chilling message to firms seeking to compete for a leading place in the online economy. The bill is irrevocably flawed, and the full Senate must reject it.
The bill addresses large companies that run “covered online platforms,” which it defines as a “website, online or mobile application, operating system, digital assistant, or online service.” It would prohibit these firms from using their online platforms in a manner “favoring their own products or services, disadvantaging rivals, or discriminating among businesses that use their platforms in a manner that would materially harm competition on the platform.”
Another violation of the act would be for these platform providers to “unfairly limit the ability of another business user’s products, services, or lines of business to compete on the covered platform relative to the covered platform operator’s own products, services, or lines of business in a manner that would materially harm competition on the covered platform.” These companies would be forbidden from preventing interoperability with the services of other companies and from exploiting the other company’s information to compete against them.
The approach taken by AICA to improving online competition is misguided. First, it applies only to a handful of big tech firms rather than all operators of online platforms. These are companies with at least 50 million active monthly users or with 100,000 active business users or with net annual sales or a market capitalization of no less than $550 billion. This means that AICA would apply to at most five big tech firms: Apple, Amazon, Google, Meta (formerly Facebook), and Microsoft. Major retailers such as Walmart and Target could acquire an online platform and discriminate against competitors but be exempt from the law because they currently fall below the market cap threshold. Conversely, if Tesla or Berkshire Hathaway, both of which have market caps in excess of the standard, entered the online platform business, they would immediately become subject to AICA should it become law.
Second, it upends decades of antitrust law and regulation by making a negative impact on competitors, not consumers, the standard for a violation. This threatens to make the government the arbiter of what constitutes fair competition, a role for which it is unsuited. The U.S. Chamber of Commerce sent a letter to the members of the Senate Judiciary Committee that clearly presaged the economic and legal harm the bill would cause. It partly read:
The outcome of such radical change to antitrust would drive inflation, hamper innovation, undermine job creation, and damage American’s [sic] global competitiveness. This legislation represents a gateway to supporting a larger and radical antitrust agenda that seeks to divorce economic analysis from the law with the aim of applying these same concepts to a much wider swath of our economy.
Possibly even more dangerous for the nation are the potentially deleterious effects of AICA on the security of major online platforms. Several of the affected companies not only provide major covered platform services to consumers but also the U.S. government, including the Department of Defense (DoD) and the Intelligence Community (IC).
Government organizations look to reduce the costs for implementing cloud computing while enhancing innovation by acquiring commercial cloud services, albeit with enhanced security. The IC selected both Amazon Web Services and Microsoft to provide specialized classified cloud services, based in part on their ability to guarantee the security of the applications and information used. DoD recently announced that it would sign contracts with at least four major cloud platform providers—Amazon, Microsoft, Google, and Oracle—through its Joint Warfighter Cloud Capability program to provide enterprise-wide computing and storage capability, including for highly classified information, down to the tactical edge.
The source of the danger is in the portion of the bill that specifies unlawful conduct. Section 2(b)(1) creates an opening for competing third-party service providers and potential bad actors to gain access to the platform providers’ back-end infrastructure. This section makes it unlawful for the platform provider to “materially restrict or impede the capacity of a business user to access or interoperate with the same platform, operating system, hardware or software features that are available to the covered platform operator’s own products, services, or lines of business. . .”
This section potentially opens the door for commercial users of so-called covered platforms to access critical hardware and software, some of which will inevitably be the same as the systems supporting critical government departments and agencies. While the bill does allow subject companies to protect IP and undertake measures necessary for security, it creates opportunities for malign actors to go exploring through providers’ hardware and software looking for vulnerabilities.
In addition, the providers of cloud services must meet an impossibly high bar with respect to the imposition of security measures. Companies can restrict access for security purposes only so long as doing so does not come at the expense of interoperability and access and requires a company to show that the security measures “could not be achieved through less discriminatory means.” This turns the demand for secure cloud infrastructure on its head, giving preference to users’ demands for equal access over protecting systems and critical software. In a world where foreign actors are constantly trying to attack U.S. companies, do we want the strongest online security or the least discriminatory environment?
This bill is ill-conceived and poorly written. The Senate Judiciary Committee held no hearings on the proposed legislation. Consequently, it failed to uncover the unintended but highly negative consequences of its efforts to promote competition in online markets. In particular, by promoting accessibility at the expense of security, the proposed act could seriously hamper the ability of the Defense Department and intelligence community to acquire innovative commercial cloud technologies and place users at peril, particularly members of the Armed Forces in combat.
Dan Gouré, Ph.D., is a vice president at the public-policy research think tank Lexington Institute. Gouré has a background in the public sector and U.S. federal government, most recently serving as a member of the 2001 Department of Defense Transition Team. You can follow him on Twitter at @dgoure and the Lexington Institute @LexNextDC.