With only a handful of legislative days left on the calendar, sponsors of the American Innovation and Choice Online Act (AICOA) and Open App Markets Act (OAMA) desperately seek a way around or through growing opposition to their bills. Even as Sen. John Cornyn, the chamber’s minority whip, said last week that AICOA is a “half-baked idea,” explaining why it doesn’t have the votes to pass, sponsors are likely eyeing a path for it and/or OAMA as an amendment to the National Defense Authorization Act (NDAA). But AICOA’s and OAMA’s digital platform prescriptions lack a credible nexus to the nation’s national defense, except insofar as the bills would weaken security on essentially all consumer smartphones, including against foreign adversaries.
National security experts want committees with national security oversight to review the bills, especially since neither received a legislative hearing (even in the committee of primary jurisdiction). Trying to fast-track them as amendments—to a bill intended to enhance the nation’s defense capabilities, no less—would be particularly reckless. The experts seeking national security review include former Secretary of the Department of Homeland Security (DHS) Jeh Johnson and former Secretary of Defense Leon Panetta, among others. They argue that the bills “would provide an open door for foreign adversaries to gain access to the software and hardware of American technology companies. Unfettered access to software and hardware could result in major cyber threats, misinformation, access to data of U.S. persons, and intellectual property theft. Other provisions in this legislation would damage the capability of U.S. technology companies to roll out integrated security tools to adequately screen for nefarious apps and malicious actors, weakening security measures currently embedded in device and platform operating systems.” Their analysis is hard to refute, as it simply describes the natural result of mandating open access to mobile platforms.
ACT | The App Association members are keenly aware of the constant barrage of custom cyberattacks on consumer smartphones, whether their origins are foreign or domestic. In general, consumers are much less conscious of them because they ordinarily need only rely on their devices’ default settings to fend off the vast majority of these efforts. As the national security experts point out, mandating open access to personal information, along with device and software features, would undo the protective defaults on smartphones. In turn, consumers would automatically distrust software from unknown sources, likely relegating the small business software developer role to triaging compromised devices. As Morgan White of App Association member MotionMobs puts it, “If these bills are enacted, smaller companies like mine would be forced to go back to troubleshooting and debugging everyone’s compromised devices. We don’t want to leave the world of developing the innovations of tomorrow and go back to being the world’s Geek Squad, we’re beyond that.”
Opening up smartphones to foreign and domestic cyberattackers would be a uniquely counterproductive addition to a defense bill that should be slamming the door shut on them. If the bills’ backers nonetheless think “this is the way,” we hope NDAA leaders dismiss the idea quickly and permanently.