Google has a fresh list of reasons why it opposes tech antitrust legislation making its way through Congress but, like others who’ve expressed discontent, the ad giant’s complaints leave out mention of portions of the proposed law that address said gripes.
The law bill in question is S.2992, the Senate version of the American Innovation and Choice Online Act (AICOA), which is closer than ever to getting votes in the House and Senate, which could see it advanced to President Biden’s desk.
AICOA prohibits tech companies above a certain size from favoring their own products and services over their competitors. It applies to businesses considered “critical trading partners,” meaning the company controls access to a platform through which business users reach their customers. Google, Apple, Amazon, and Meta in one way or another seemingly fall under the scope of this US legislation.
Google VP of engineering for privacy, safety and security Royal Hansen penned Google’s latest take on the bill, which he said undermines Google’s ability to secure its platforms and protect users.
Google security teams work around the clock, Hansen said, typically blocking more than 100 million phishing attacks and tracking more than 270 government-backed threat actors from 50 nations. “This work requires us to make judgment calls quickly, based on indicators and alerts from a huge variety of sources. Responding … without hesitation is critical to protecting millions of internet users,” Hansen said, adding that AICOA could hurt Google’s abilities to keep products secure.
Hansen claims Google would be banned from basic product integrations, like spam filtering and malware scanning built into Gmail. Integrations like those “could be prohibited simply because competitors offer their own versions of spam filtering, malware scanning and other security services,” Hansen claimed.
It’s true that Google would be prevented from materially restricting, impeding, or unreasonable delaying “the capacity of a business user to access or interoperate with the same platform, operating system, or hardware or software features.”
In this case that might mean simply offering a third-party spam filter alongside Google’s own. The mega-corp isn’t under any obligation to offer products that would harm its security nor derail its own products by stripping out features completely.
From the bill: “It shall be an affirmative defense to protect safety, user privacy, the security of nonpublic data, or the security of the covered platform; or maintain or substantially enhance the core functionality of the covered platform.”
Hansen also said the bill would require Google to open its platforms to bad actors, which “would inevitably be exploited by foreign companies looking to understand US technical infrastructure, and access data from American businesses and citizens.” Referring again to the above passage, Google would be under no obligation to put its platform or users in danger. The bill also said that preventing a violation of, or ensuring compliance with, existing state and federal laws was a justifiable defense.
Hansen also said the bill would prevent Google from taking action against purveyors of misinformation, and “would create a legal environment that encourages companies to err on the side of not protecting users.” Nothing in the bill directly leads to that assessment.
It does specifically mention China, foreign state-owned companies and other foreign adversaries as not being protected under the act, which Hansen said would be difficult to prove because “modern threat actors use compromised third-parties or shell companies to conduct operations.”
What Hansen may actually be unhappy about is requirements in the bill that imply tech companies are responsible for performing their own due diligence. According to the proposed legislation, nothing in it may be construed to:
- Require a platform operator to divulge IP or trade secrets
- Prevent a platform from asserting its preexisting IP rights
- Require a business to share data with entities prohibited from economic activity in the US or identified as a national security risk
- Require an operator to take an act that would lead to its data being transferred to the government of a foreign adversary
- Place liability on platforms for offering encrypted communication services or paid subscription services for consumers
Other complaints against AICOA have been formed along similar lines, including Amazon’s that said the mandate would make it difficult to ensure Prime’s two-day shipping.
AICOA has bipartisan support and stands a significant chance of being signed into law – if it passes the Senate. A vote isn’t scheduled, and senior Democrats are reportedly trying to push it through before the midterm elections, as Republicans have indicated that AICOA would not be a priority were they to seize control of one or both halves of Congress. ®