Congress is once again focusing on how social media companies are possibly manipulating consumers thanks to a new cadre of serious documented consequences. So, it is especially frustrating that the most vocal policymakers seem to be coalescing around a solution to these problems that actually helps the business models that depend on social manipulation. To be clear, policymakers’ concerns are well founded, and we understand congressional leaders’ desire to act. But, far from cracking down on the business models that rely on unfettered collection of personal information—along with its use to manipulate people into spending more time on a social media platform—these proposals remove the most meaningful defenses we have against them.
Specifically, members of the House and Senate Judiciary Committees are considering legislation prohibiting software platforms (app store /operating system combinations) from vetting apps and guarding against the unauthorized collection of sensitive personal data. These “nondiscrimination” bills could produce disastrous results for App Association members by rolling out the red carpet not just for spyware and copyright theft, but also for business models like Facebook’s, which are generally legal, but may—as Congress’ own inquiries revealed—result in serious harms, especially to young women. Opening the door further for all of these threats would undermine the trust consumers have in the marketplace, making it much harder for small software makers with little or no public profile to gain consumers and clients.
The first major nondiscrimination bill to emerge this year is the American Choice and Innovation Online Act (ACIOA). In ACIOA, the prohibition on app stores’ ability to remove bad actors or limit the data collection that feeds ad algorithms is complete and is functionally equivalent to a requirement for a software platform to allow sideloading of software (downloading unapproved software onto a device from a third-party source). Similarly, in the Open App Markets Act (OAMA), one concerning provision is the “interoperability” requirement, mandating that software platforms provide the “readily accessible means for users” to “install third-party Apps or App Stores through means other than its App Store.” Both of these nondiscrimination bills create the presumption that it is illegal for a platform to remove a bad actor, by requiring it to allow sideloaded software onto the operating system, which of course eliminates any ability for the platform to prevent access by the app to sensitive data (including via consumer-directed, platform-level controls) or to remove the app altogether due to privacy issues. Similar versions of nondiscrimination requirements (or prohibitions on platform-level vetting and privacy controls) may yet emerge and if they do, they will likely present the same problems, unless they take a drastically narrower or otherwise different approach.
We aren’t the only ones who can see these consequences. Marco Arment, a longtime critic of software platforms, predicts that if Congress, or the courts, require software platforms to allow sideloading, Facebook would benefit immensely. As he notes, Facebook would likely get around the App Store / iOS restrictions it finds cumbersome by removing its apps from the app stores and requiring them to be sideloaded, which consumers would likely do, given their popularity. He posits further, rather plausible and much less privacy protective, environmental changes within a Facebook-only app store for app developers and consumers. For example, “Maybe I’d be required to add the Facebook SDK to my app in order to be in their store, which they would then use to surveil my users” . . . and “Maybe you’d need to install seven different app stores on your iPhone just to get the apps and games you already use – and all without App Review to keep them in check.”
Without a doubt, Facebook would love to get around platform privacy restrictions, especially the recent move by Apple prompting consumers to “opt in” to being tracked across apps (the App Tracking Transparency or ATT update). This additional privacy control has affected the revenue of consumer data-fueled ad businesses like Facebook’s, and Facebook is hitting back hard, suggesting that the move may force the company to charge for access to its social networking services. Facebook clearly places a high value on the ability to squirm free of software platform-imposed restrictions on its data collection and monetization activities. OAMA and ACIOA do not just provide that wiggle room, they provide a wide avenue with formidable federal enforcement capabilities keeping the avenue free of obstacles. Unfortunately, that road would be paved with App Association member prospects and the consumer harms certain to result from an ad-supported environment dependent on manipulation, which federal policy would protect, not prohibit.
It is unclear exactly how the recent social media revelations could lead to proposals that would make their business models easier and more viable. A more suitable approach would probably involve a single, federal consumer privacy framework—or perhaps by directly addressing the use of algorithms to manipulate or deceive consumers on social media platforms. Even as the rapid growth in popularity of nondiscrimination bills has led us to point emphatically to their serious consequences, we aim to be constructive in this debate and will continue to share our perspectives to inform the work of policymakers on these important issues.