Apple CEO Tim Cook warns Washington against “Big Tech” antitrust regulations that sacrifice privacy and security on iPhones.
Cook used his keynote address at the International Association of Privacy Professionals Global Privacy Summit to address the harmful implications of the Open App Markets Act, legislation sponsored by Connecticut Sen. Richard Blumenthal, Tennessee Sen. Marsha Blackburn, and Minnesota Sen. Amy Klobuchar, which would regulate how companies operate online marketplaces for digital applications like Apple’s App Store.
“Here in Washington and elsewhere, policymakers are taking steps, in the name of competition, that would force Apple to let apps onto iPhones that circumnavigate the app store through a process called sideloading,” Cook told the crowd at the summit’s keynote speech. Google already allows the practice of downloading apps from sources other than its app store, Google Play, but the law would force them to allow third-party payment options within apps. The legislation would most affect Apple, which has a more closed and tightly integrated system.
Cook cautioned, “That means data-hungry companies would be able to avoid our privacy rules and once again track our users against their will. It would also potentially give bad actors a way around the comprehensive security protections we’ve put in place.”
Pushback from the industry facing regulation isn’t particularly surprising. Still, the debate over the proposal’s privacy and security costs is heated in Washington policy circles, too, especially in the wake of action last month by the European Union to force Apple and other American tech giants to open up their operations to competitors. The EU’s Digital Markets Act, expected to be in place this fall, has already started an intense discussion over privacy and security.
Shane Tews of the American Enterprise Institute explained the security threat of opening Apple’s closed system to unvetted third-party apps, peeling back the layers of protection its closed system currently provides. She said that while iOS does have device-based privacy protections, the primary way that Apple protects user privacy is through App Store policies and App Review.
“There’s a human element of testing apps that eventually get admitted into the App Store, and that’s lacking when Apple has to allow apps that don’t undergo the App Review process.” Tews told the Washington Examiner. “By not getting to vet the code, the new regulations break a layer of Apple’s privacy and security ecosystem.”
App Store policies and the App Review process aim to prevent apps from circumventing iOS device-based tracking controls and ensure the user data collected is kept to a minimum. Unfortunately, those human-led protections do not have an automated or device-based equivalent. So that level of review and testing could no longer be assumed for all apps in the App Store if the bill became law.
But not everyone sees privacy or security concerns with the legislation.
“Big Tech’s cybersecurity concerns are a desperate and last-ditch effort to kill the Open Apps Market Act,” Joel Thayer, president of the Digital Progress Institute, told the Washington Examiner. “Companies, like Apple, and their groups want to use cybersecurity as a red herring to distract on what the [act] actually does.”
Thayer said the legislation “puts the choice back into consumers’ hands and allows us to access cybersecurity tools that compete with Apple and Google.”
Chris Hauk, a consumer advocate at Pixel Privacy and senior editor at Mactrast, disagrees. He told the Washington Examiner, “The Open Markets Act will cause iPhone and iPad users to be faced with greater security and privacy risks. We see these risks on what seems to be a daily basis with Android devices, which allow sideloading of apps and access to third-party app stores.”
The disagreements over the practical implications of the bill highlight the challenges for lawmakers when regulating technical aspects of the companies’ business practices. Senators from both parties raised concerns about the bill’s security and privacy implications during its markup in the Judiciary Committee earlier this year. Still, many eventually voted for its advance with assurances from sponsors that they’d work behind the scenes to address concerns. Klobuchar called the security and privacy risks “simply not true.”
At the conclusion of his speech, Cook said that security and privacy should be paramount considerations.
“Those of us who create technology and make the rules that govern it have a profound responsibility to the people we serve,” he said. “Let us embrace that responsibility. Let us protect our data and secure our digital world.”
