Sen. Mark Warner, the chairman of the Senate Intelligence Committee, is leading a series of conversations with the nation’s spymaster to allay concerns in the intelligence community about cybersecurity elements of pending tech antitrust legislation, according to two sources with knowledge of the outreach.
The Virginia Democrat has been working furiously behind the scenes in the run-up to what the bill’s sponsors hope will be a near-term vote on their American Innovation and Choice Online Act, according to the sources, who spoke with CyberScoop on the condition of anonymity because they were not authorized to speak publicly about the efforts.
One of the two sources characterized Warner’s maneuvering as an attempt to get the Office of the Director of National Intelligence (ODNI) to “sign off” on the national security aspects of the legislation. A third source, who was unaware of Warner’s involvement, said the intelligence community feels “pressured” by key senators to say the antitrust bill does not imperil cyber and national security.
Warner’s spokesperson declined to comment.
Asked about the alleged pressure, a spokesperson from ODNI emailed a statement that indicated the intelligence community will not be offering blanket approval of the antitrust bill, which is opposed by most major tech companies.
“Periodically, the Intelligence Community is asked to provide technical assistance in relation to draft legislation,” the statement said. “In these instances, the IC does not weigh in on the merits of policy options.”
Former National Security Adviser Robert O’Brien told CyberScoop the alleged strong-arming of the intelligence community is wrong.
“Any request to develop intelligence in support of a policy position would be an unfortunate example of the politicization of intelligence on a matter critical to our national security,” O’Brien said in an emailed statement. “The Klobuchar legislation will harm American innovation in the technology sector and impair the private sector’s ability to fund critical R&D in the emerging areas of artificial intelligence and quantum computing.”
O’Brien now works as the chairman of a boutique strategic advisory firm, American Global Strategies. The firm does not disclose who its clients are, but it does have a technology portfolio, according to its website.
Controversial legislation spurs a lobbying frenzy
The antitrust legislation has long been controversial with some in the intelligence and cybersecurity communities. Some experts worry that certain provisions will make users more vulnerable to malware and other cyber risks such as spying and cybercrime.
More broadly, many in national security circles are concerned the legislation will harm America in the race for cyber dominance against China by hobbling U.S. tech companies that have poured huge sums of money into research and development efforts with national security implications. The legislation regulates big tech in many ways, including by preventing dominant tech platforms Meta, Google, Apple and Amazon from giving preferential treatment to their own services in marketplaces they operate.
Big tech has spent millions lobbying to stop the bill — which has strong bipartisan support — from becoming law. Senate Judiciary Committee Antitrust Subcommittee Chair Sen. Amy Klobuchar, D-Minn., and full committee Ranking Member Sen. Chuck Grassley, R-Iowa, are the sponsors of the bill; Warner is one of 10 co-sponsors.
A dozen former national security officials sent House leadership a letter in September arguing that the tech antitrust push could “cede U.S. tech leadership to China.”
“Recent congressional antitrust proposals that target specific American technology firms would degrade critical R&D priorities, allow foreign competitors to displace leaders in the U.S. tech sector both at home and abroad and potentially put sensitive U.S. data and IP in the hands of Beijing,” the letter said.
However, highlighting the multimillion dollar lobbying effort to kill the bill and the overall power and reach of big tech, each of the 12 former national security officials who signed worked for firms employed by big tech companies in some capacity when the letter was sent, according to a Politico analysis at the time.
Former defense secretary and CIA director Leon Panetta works for the public relations firm that represents Google, alongside six other signatories, Politico reported. Former Director of National Intelligence Dan Coats, who Politico reported was a key architect of the letter, is a senior adviser with the law firm King & Spalding, which represented Google in a House Judiciary Committee antitrust investigation into major tech companies.
Some proponents of the legislation say the cybersecurity concerns within the intelligence community are overwrought and are simply lobbyists’ smokescreens.
“It’s simply not true that this legislation puts user privacy and security at risk,” cybersecurity expert Bruce Schneier wrote in a letter sent to Klobuchar and colleagues in January. “In fact, it’s fairer to say that this legislation puts those companies’ extractive business-models at risk. Their claims about risks to privacy and security are both false and disingenuous, and motivated by their own self-interest and not the public interest.”
How an antitrust bill implicates cybersecurity
The current cybersecurity debate swirling around the bill centers in part on an issue known in tech circles as “sideloading,” which refers to the installation of apps unverified by any app store. Critics of the legislation say that breaking up app store monopolies will expose users to malware and other cybersecurity threats.
That is a ludicrous claim, said Schneier. “App store monopolies cannot protect users from every risk, and they frequently prevent the distribution of important tools that actually enhance security,” Schneier’s letter said. “This interoperability [required by the legislation] does not require one-click installation of random apps from the Internet, only that companies relinquish their monopoly control over app stores.”
Many cyber and national security dispute Schneier’s conclusions.
National Security Institute Executive Director Jamil Jaffer said the intelligence community remains worried about how the bill will bolster the Chinese both by undermining the might of American tech giants pouring billions into research and development at a time when national security is increasingly dependent on innovation and by permitting third party app stores that will allow Chinese apps to be loaded onto devices.
The bill requires tech companies to “interoperate with Chinese devices and capabilities in a way that makes them potentially open their operating systems or their core capabilities to Chinese and other nation state actors,” said Jaffer, whose institute at George Mason University advocates for a robust national security posture and whose advisory board includes several former top national security officials. The institute also receives funding from Amazon, Adobe and the Computer and Communications Industry Association.
“Obviously, Senator Klobuchar would like the administration to say there are not national security concerns. They haven’t yet done so,” said Jaffer, who formerly worked in high-ranking intelligence and national security roles on the House Permanent Select Committee on Intelligence and the Senate Foreign Relations Committee. “If ODNI were to do so, it would certainly be contrary to the long history across multiple administrations of the need for the public and private sectors to work together on cybersecurity and the consistent drumbeat of concern about China in particular.”
In addition to his current role at the National Security Institute, Jaffer is an adviser to Beacon Global Strategies, a firm that reportedly has ties to technology companies, including Google, and serves on the advisory board of IronNet Cybersecurity, a company run by the former director of the National Security Agency. He noted that he has been critical of large technology companies many times in the past on national security issues.
Others worry more about specific elements of the bill that they say could make it easier for spies and criminals to break into devices.
Jim Lewis, director of the Strategic Technologies Program at the Center for Strategic and International Studies (CSIS), said he has significant concerns about elements of the legislation. Lewis, a former diplomat who is known for his work on cybersecurity policy, said the bill’s provision requiring tech companies to reveal source code and access “without any sort of review is just asking for trouble … You’re making it easier for spies and criminals to get access to people’s devices.”
He also worried about provisions in the bill that he said will make it harder for technology companies to update devices for security reasons.
“Companies will have to prove that there’s a problem for them to take action to make your device more secure,” Lewis said. “They have to be able to meet a much higher bar.”
Lewis said he supports the antitrust legislation’s overall goals to limit tech firms ability to “self preference” but added that “we can’t [address] it in a way that just damages cybersecurity.”
According to its website, CSIS is supported by Facebook, the Computer and Communications Industry Association and other tech giants that oppose the bill.
The bill has been amended to address feedback from the cybersecurity community, but the changes are not far-reaching enough and the bill still includes many worrying cybersecurity provisions that will make it harder to protect networks and individuals from malware, according to Tatyana Bolton, policy director for R Street’s Cybersecurity & Emerging Threats team.
“We should be incentivizing cybersecurity at all levels with all organizations,” said Bolton, who previously worked at the Cybersecurity and Infrastructure Security Agency as the cyber policy lead and is the former senior policy director for the U.S. Cyberspace Solarium Commission. “We shouldn’t be putting up barriers to take action when they believe the cybersecurity or security of their networks and systems is in jeopardy. That is the exact opposite of what we want to be incentivizing.”
R Street receives funding from tech companies, but Bolton could not say which ones due to an R Street policy of not naming corporate donors.