Government battles against tech could leave consumers less secure
Regulators around the globe are seeing the market power of consumer-facing tech companies and bringing cases against some of the industry’s biggest household names.
They portray these legal fights as the conflicts of giants: the companies versus government regulators. Regulators have an essential mission to ensure companies play by the rules, preserving competition and giving people choices within those markets. Companies counter that they need to constantly innovate to create new products that capture consumer attention, while avoiding any perception they’re abusing their size.
But this simplistic perception misses an essential set of stakeholders: everyone else. Realistically, most of us use products or services from just about all of these companies, and the actions taken by the courts in these cases are going to impact us, too. If regulators and the courts treat us as bystanders, they may inadvertently hurt the very people — the consumers — that they intend to protect by taking away security and limiting privacy.
This is increasingly relevant as the Department of Justice has requested that Google sell the Chrome browser. But DOJ’s request is broader, and two recent examples would have a significant security impact: a court decision ordering Google to allow other app stores on Android devices without oversight into how the company vets apps or protects users, and the DOJ request to force Google to share sensitive information about searches and queries with the world. Both of these require the rest of us — people using these products — to pay as Google’s punishment by making their experiences less safe.
We understand that regulators are looking for novel ideas to create more competition in an already competitive market. After all, the online ecosystem is different from the price of oil or railroads. These theories will undoubtedly serve to punish or disadvantage a company in the crosshairs. But while punishing the companies, regulators don’t seem to be thinking about consumers.
Over decades, tech companies like Google have learned that they need to dedicate significant resources to cybersecurity. It hasn’t always been smooth, but it has created an ecosystem where we trust the security of our devices, the apps and services on them, and online services. Protecting and safeguarding the data and platforms that consumers use is critical to ensure the market remains healthy. Regulators, companies, and policymakers should be in lockstep on this part of the competition equation.
Leaving users to fend for themselves on security will reduce market confidence and app usage. Companies have invested significant resources to ensure that mobile apps are safe, secure, and transparent. Research has shown that users are not prepared or able to choose secure apps, and new ways to install apps — with different policies and vetting processes — will be overwhelming to users and open numerous avenues for bad actors to exploit them. Increased regulator action will only make it worse.
This also means that mobile phone developers have different guidance and rules across jurisdictions: where the U.S. is following Europe toward limiting the curation and vetting of apps and applications, countries like Brazil and Indonesia are asking companies to take a more substantial role in securing the apps in their stores. These suggestions fragment the market within the U.S., too — placing restrictions on just one company while their peers face no such mandate. The E.U. introduced similar requirements for all mobile operating systems and quickly saw malicious actors taking advantage.
Further, DOJ’s proposal that Google be forced to share user data could allow malicious actors to evade any countermeasures. This data is full of sensitive and personal information which would open portals to become attractive targets for hackers — as we’ve seen recently with the high-profile hacking of portals created by telecommunications companies to facilitate government wiretap requests.
For the regulators’ efforts, their proposals will make users’ experience less secure and less private. Security and privacy — for users and the ecosystem — is conducive to competition. After all, if we can’t trust an app, we don’t download or purchase it. If we don’t think a service is secure, we don’t use it. If our searches will be shared across the ecosystem, we may choose not to use it. Tech giants spend a lot of time talking about their users. Courts and antitrust regulators should do the same.
Heather West is a senior advisor of the Center for Cybersecurity Policy and Law.
