By David Williams
People of a certain age remember the days when you’d click the wrong link on your PC and fry the whole thing. That nightmare will become reality for phones if the government continues to meddle in product design. A slew of federal bills and lawsuits would rob your smartphones, personal computers and similar devices of their simplicity and downgrade existing protections like parental controls, software vetting and secure payment infrastructure. Florida has taken steps to protect cybersecurity. The federal government shouldn’t undermine those protections.
Other countries are stumbling down this anti-innovation road, and the U.S. should be careful not to copy flawed legislation like Europe’s Digital Markets Act (DMA). After the EU mandated that digital platforms couldn’t have structural design protections ― despite cyber and national security experts’ warnings that this would expose users to numerous vulnerabilities ― the American cybersecurity company CrowdStrike was hacked and exploited in a way that was totally preventable, causing Microsoft systems to go down globally.
This cause-and-effect relationship was clearly and quickly demonstrated, to the detriment of companies and consumers around the world. The Orlando International Airport reported more than 500 flights were delayed or canceled on the first day of the CrowdStrike outage. Banks and hospitals were also impacted, taking the cybersecurity incident from inconvenient to downright dangerous. The University of Miami Health System had to resort to paper orders to document and treat patients after the outage took its system offline.
Policymakers are still assessing the global impact of this cybersecurity disaster, but one thing is clear: not all digital infrastructure is created equal. At a House Committee on Homeland Security hearing on September 24, CrowdStrike’s Senior Vice President of Counter Adversary Operations acknowledged that open architectures like Microsoft’s make it difficult to contain threats. In one telling exchange, Ranking Member Eric Swalwell (D-CA) asked, “Would you agree that if something crashes in the app space, it is limited in its effect to the app? Whereas, if something crashes with the kernel in Microsoft it could crash the whole system?” CrowdStrike’s rep responded with just one word: “Yes.”
Clearly, government-mandated design vulnerability translates to real-world harms. State and federal policymakers should not mimic regulators across the pond. There have already been signs that DMA-like legislation is leaking into the United States, with the introduction (and reintroduction, after their initial failure) of bills including the American Innovation and Choice Online Act (AICOA) and the Open App Markets Act (OAMA). Both claimto protect competition online and represent consumers’ best interests, yet rather than bolstering existing protections for consumer privacy and online safety, they protect private companies with competing products and services.
AICOA targets American companies’ self-preferencing practices more broadly, while OAMA specifically focuses on app stores, where most people download the software they rely on. The legislation even limits tech companies’ ability to stop bad actors, including foreign adversaries, from compromising user data. Think about the apps you use every day, whether to check your bank account, prepare for upcoming medical appointments or simply track your workout. People want their personal information to remain private.
Unfortunately, this appears to be a coordinated government attack on tech. In March, the Department of Justice (DOJ) announced its civil antitrust lawsuit against Apple, alleging the company has monopolized the smartphone market and undermined app innovation. This was the latest in a series of attacks on successful, innovative American technology platforms — including products and services consumers enjoy from Google and Amazon. American consumers love free two-day shipping with Prime, accessing information at their fingertips with Google search, and managing family photos, work emails, and financial and health information from their secure smartphones. As tech companies innovate, consumers benefit. But if the DOJ gets its way, users will end up with digital devices and services with degraded quality and security.
In joining the Apple case and others like it, State attorneys general neglected their commitments to protecting consumers’ privacy and safety by supporting anti-innovation lawsuits pushed by the DOJ and Assistant Attorney General for the Antitrust Division Jonathan Kanter. Florida AG Ashley Moody has rightfully steered clear of the case, recognizing that government ― and taxpayer ― resources would be better spent elsewhere.
The belief in a prosperous, innovative tech future has fueled the next generation of Florida’s workforce. A decade ago, the Florida State Legislature created Cyber Florida at the University of South Florida to position the state as a national leader in cybersecurity. In 2022, Governor Ron DeSantis and Commissioner of Education Manny Diaz allocated $15.6 millionto expand cybersecurity and IT training in Florida. These investments will be in vain and dreams of prosperous careers in tech will fade should the US government continue pushing lawsuits and legislation that complicate our technologies and create new vulnerabilities.
The damage of online attacks extends beyond state borders and poses particular threats to vulnerable populations including children, minorities and the elderly. With the largest retirement community in the country located just outside of Gainesville, Floridians rely on existing device protections. Older Floridians especially need their phones to be simple, and for their information to be protected by default.
The lesson is clear: any piece of legislation that aims to regulate technology will have wide-ranging impacts that extend beyond the demographic groups it’s intended to benefit. Heavy-handed regulations like the Digital Markets Act will cause a ripple effect of damage, with the CrowdStrike shortage bringing ‘what-ifs’ to life. Rather than chasing political wins or punishing successful companies (and the consumers who trust them), developing sound policy will require multi-stakeholder collaboration between like-minded democracies, and experts within the private and public sectors.
David Williams is the President of Taxpayers Protection Alliance. In his 30 years in Washington, DC, David has become an expert in finding and exposing government waste and has helped fine tune criteria in identifying and ultimately eliminating earmarks. David has appeared on numerous television, radio, and print outlets such as ABC World News Tonight, The Jim Bohannon Show and The New York Times.
Author
