The Senate Judiciary Committee is set to deliberate on the American Innovation and Choice Online Act (AICO). CNBC reports how companies such as Apple and Google are fighting it. AICO is sponsored by Sens. Amy Klobuchar, D-Minn., and Chuck Grassley, R-Iowa.
American Innovation and Choice Online Act
The American Innovation and Choice Online Act would stop dominant tech platforms from favoring their own products over third-parties in their marketplaces, such as the App Store and Google Play store. It also stops companies from unfairly limiting third-party products to compete in marketplaces.
The bill would create a category of “covered platforms” based on criteria such as the number of U.S.-based monthly active users, or if it’s owned by an individual with United States net annual sales or a market capitalization greater” than US$550 billion. A company would be classified as a covered platform for seven years. Afterward, it can apply to have this label removed, and this will be at the choice of the Department of Justice and Federal Trade Commission.
Companies are attacking the bill, with Apple warning that it would increase the risk of security breaches for iPhone users. This is because the AICO could force the company to allow users to install apps from third-party sources, commonly referred to as “sideloading.”
Amazon says that the bill “would jeopardize our ability to allow small businesses to sell on Amazon. The bill would also make it difficult for us to guarantee one or two-day shipping for those small businesses’ products.”
Andrew:
This bill reads like a study in the best of intentions paving the road to hell; although the intentions here are not above suspicion.
Item 4 under section 2 ‘unlawful conduct’ states that it is unlawful to
‘materially restrict or impede a business user from accessing data generated on the covered platform by the activities of the business user, or through an interaction of a covered platform user with the business user’s products or services, such as by establishing contractual or technical restrictions that prevent the portability of the business user’s data by the business user to other systems or applications’
This potentially paves the way for an actor, including one acting as a front for a nationstate, to lawfully obtain user data for social engineering exploits or other activities that might otherwise be shielded from that actor. It’s going to be difficult to delineate what user data, including payment information, can be restricted, particularly should third parties be allowed to set up their own direct payment systems (eg Epic https://www.bloomberg.com/news/articles/2021-09-12/epic-games-files-notice-of-appeal-in-case-versus-apple).
The motive behind the bill appears to, almost singularly, focus on the remuneration and profit margins of the companies that wish to compete on that platform, rather than the capacity of the platform creator and owner to protect the security of the platform and their clients.
Should this bill pass, if and when the security of these same platforms, notably Apple, are compromised, we can anticipate these same legislators to haul these CEOs back before the cameras to repent for having harmed their user base, and be scolded to improve their platform’s security – oh, and without hurting third party profit margins by restricting data access.
If I were such an actor, I’d start getting my exploits locked and loaded.