In the famous children’s song by Laurie Berkner, the narrator goes to cartoonish lengths to rid themselves of the eponymous cat, only to have it return from each attempt. Congress’s latest effort to require a sale of TikTok (the Protecting Americans from Foreign Adversary Controlled Applications Act, or PAFACA) appears impossible to circumvent. However, if either the Open App Markets Act (OAMA) or the American Innovation and Choice Online Act (AICOA) were enacted, Congress should fully expect foreign adversary-owned apps to come back the very next day, even if PAFACA were also law. Why? Because AICOA and OAMA would dismantle a key enforcement mechanism H.R. 7521 would rely on to realize its goal.
OAMA. OAMA takes a two-pronged approach to mandating the carriage of apps on covered stores and on smart devices. First, Section 3(f) would mandate that app stores “provide access to operating system interfaces, development information, and hardware and software features to developers . . . on terms that are equivalent . . . to the terms for access by similar apps provided by the covered company . . ..” Second, Section 3(d) would also require covered operating systems to allow third-party app stores. This additional mandate reinforces that along with requiring open access to the device and operating system for any app, covered app store operators must also allow third-party stores to distribute under their own vetting terms (or lack thereof) without interference by the covered app store operator.
OAMA provides an affirmative defense, which as we have described, is designed not to allow for proactive security vetting. Sections 3(d) and 3(f) require that the covered app stores’ infrastructure disable the ability to remove or prevent an app from being installed on a consumer’s operating system. However, OAMA’s affirmative defense only allows the removal of an app to be declared legal after the fact—which does not bring the actual mechanisms to effectuate that removal back to life after 3(f) and 3(d) have killed them. Some third-party app stores undoubtedly would comply with PAFACA, but remember that covered operators would not be allowed to remove an app store that wants to facilitate the download of a prohibited app.
AICOA. The main problem in AICOA is Section 5(a)(4), which would declare it unlawful for a covered app store operator to “materially restrict . . . the capacity of a business user to access or interoperate with the same platform, operating system, or hardware or software features that are available to . . . the covered platform operator . . ..” This provision is also a key part of the bill for some of its supporters because it would eliminate the ability to enforce a requirement for some apps to pay for distribution (or else face removal from the store).
Instead of an affirmative defense, AICOA has a rule of construction. The rule of construction is supposed to allow the app stores to remove an app like TikTok by providing that “nothing in subsection (a) shall be construed to require a covered platform operator to interoperate or share data with persons or business users that are on any list maintained by the Federal Government by which entities . . . have been identified as national security . . . risks . . ..”
It is nice that this provision tries to clarify that AICOA wouldn’t result in a penalty of 10 percent of the app store operator’s U.S. revenue if it were to remove TikTok. The problem, however, is that Section 5(a)(4) has already illegalized the mechanism to remove TikTok. That is, vetting the app and retaining the ability to remove it would be a violation of the blanket prohibition on any restriction to interoperate with and access consumers’ operating systems and smart devices. A rule of construction does not undo the meaning of this prohibition. So, the result in this case is a little bit like confiscating someone’s car and then clarifying that, if they still had their car, it would not be illegal for them to drive it 55 miles per hour.
Under either OAMA or AICOA, the app stores must allow the download of an app from an external source without any prior restrictions or the ability to recall an app based on prior vetting. Those would be prohibited restrictions. The app store cannot remove TikTok because the means of removing it has been prohibited.
A theme of bills like AICOA and OAMA is that by misunderstanding how mobile security actually works, they would casually scrap its proactive processes as just another pretext to harm competitors. TikTok may be forcing lawmakers to fully realize the implications. For better or worse, Congress is now reaching for the necessary levers to keep foreign adversaries off of American smartphones. In an AICOA or OAMA world, they would find that one of the most important ones has disappeared.