Sen. Warner maneuvers to secure intelligence community backing of tech antitrust bill, sources say

Written by Suzanne Smalley

July 13, 2022 | CYBERSCOOP

Sen. Mark Warner, chairman of the Senate Intelligence Committee, is holding a series of talks with the nation’s spymaster to ease the intelligence community’s concerns about the cybersecurity elements of pending technology antitrust legislation, according to two sources familiar with the outreach.

The Virginia Democrat has been working furiously behind the scenes ahead of what the bill’s sponsors hope will be a near-term vote on their American Online Innovation and Choice Act, according to the sources, who spoke to CyberScoop on condition of anonymity because they were not authorized to they speak publicly about the efforts.

One of the two sources characterized Warner’s maneuvering as an attempt to get the Office of the Director of National Intelligence (ODNI) to “sign off” on the national security aspects of the bill. A third source, who was not aware of Warner’s involvement, said the intelligence community is feeling “pressure” from key senators to say the antitrust law does not threaten cyber and national security.

A Warner spokesman declined to comment.

Asked about the alleged pressure, an ODNI spokesman emailed a statement saying the intelligence community would not offer full approval of antitrust laws, which most major technology companies oppose.

“From time to time, the Intelligence Community is asked to provide technical assistance on draft laws,” the statement said. “In these cases, the international community does not weigh the merits of political options.”

Controversial legislation sparks lobbying frenzy

Antitrust legislation has long been controversial with some in the intelligence and cybersecurity communities. Some experts worry that certain provisions will make users more vulnerable to malware and other cyber risks such as spying and cybercrime.

More broadly, many in national security circles worry that the bill will hurt America in the race for cyber dominance over China by gambling away American technology companies that have poured vast sums of money into research and development efforts with national security implications. The legislation regulates big tech in many ways, including preventing dominant tech platforms Meta, Google, Apple and Amazon from giving preferential treatment to their own services in the markets they operate.

Big technology has spent millions lobbying to prevent the bill — which has strong bipartisan support — from becoming law. Senate Judiciary Committee Antitrust Subcommittee Chairwoman Sen. Amy Klobuchar, D-Minn., and full committee member Sen. Chuck Grassley, R-Iowa, are sponsors of the bill; Warner is one of 10 co-sponsors.

A dozen former national security officials sent a letter to House leadership in September arguing that technology antitrust leadership could “abandon America’s technology leadership to China.”

“Recent congressional antitrust proposals targeting certain U.S. technology firms would degrade critical research and development priorities, allow foreign competitors to displace leaders in the U.S. technology sector both at home and abroad, and potentially put sensitive U.S. data and IP in Beijing’s hands,” it said. in a letter. he said.

But highlighting the multimillion-dollar lobbying effort to kill the bill and the overall power and reach of big tech, each of the 12 former national security officials who signed on worked for firms that employed big tech companies in some capacity when the letter was sent, according to a Politico analysis at the time .

Former Defense Secretary and CIA Director Leon Panetta works for a public relations firm representing Google, along with six other signatories, Politico reports. Former Director of National Intelligence Dan Coats, who Politico reported was a key architect of the letter, is senior counsel at the law firm King & Spalding, which represented Google in the House Judiciary Committee’s antitrust investigation into the big tech companies.

Some proponents of the bill say cybersecurity concerns within the intelligence community are overblown and simply a lobbyist smokescreen.

“It is simply not true that this bill threatens user privacy and security,” cybersecurity expert Bruce Schneier wrote in a letter to Klobuchar and colleagues in January. “Actually, it’s fairer to say that this law puts the extractive business models of those companies at risk.” Their claims about privacy and security risks are both false and disingenuous, and motivated by their own, not public, interest.”

How Antitrust Law Implicates Cyber ​​Security

The current cybersecurity debate surrounding the law centers in part on an issue known in tech circles as “sideloading,” which refers to the installation of apps that have not been verified by an app store. Critics of the law say breaking up app store monopolies will expose users to malware and other cybersecurity threats.

That’s a ridiculous claim, Schneier said. “App store monopolies cannot protect users from all risk and often prevent the distribution of important tools that actually increase security,” Schneier’s letter states. “This interoperability [required by the legislation] it doesn’t require one-click installation of random apps from the internet, just for companies to relinquish their monopoly control over app stores.”

Many in cyber and national security have disputed Schneier’s conclusions.

National Security Institute Executive Director Jamil Jaffer said the intelligence community remains concerned how the bill will strengthen the Chinese by undermining the power of US tech giants that invest billions in research and development at a time when national security increasingly depends on innovation and enabling trade third-party apps that will allow Chinese apps to be loaded onto devices.

The bill requires technology companies to “interoperate with Chinese devices and capabilities in a way that makes them potentially open their operating systems or their core capabilities to Chinese and other nation-state actors,” said Jaffer, whose institute at George Mason University advocates for a robust national security and whose advisory board includes several former top national security officials. The institute also receives funding from Amazon, Adobe and the Computer and Communications Industry Association.

“Obviously, Senator Klobuchar wants the administration to say there are no national security concerns. They still haven’t done that,” said Jaffer, who previously served in senior intelligence and national security roles on the House Permanent Select Committee on Intelligence and the Senate Foreign Relations Committee. “If ODNI were to do so, it would certainly run counter to the long history of multiple administrations on the need for the public and private sectors to work together on cybersecurity and the consistent drumbeat of concern about China in particular.”

In addition to his current role at the National Security Institute, Jaffer is an adviser to Beacon Global Strategies, a firm with alleged ties to tech companies including Google, and serves on the advisory board of IronNet Cybersecurity, a company run by a former director of the National Security Agency. He noted that in the past he has been critical of the big tech companies on national security issues.

If ODNI were to sign the bill into law, “it would certainly run counter to the long history of multiple administrations on the need for the public and private sectors to work together on cybersecurity and the consistent drumbeat of concerns about China in particular.”

Jamil Jaffer, executive director of the National Security Institute

Others are more concerned with the specific elements of the law which they say could make it easier for spies and criminals to break into devices.

Jim Lewis, director of the Strategic Technologies Program at the Center for Strategic and International Studies (CSIS), said he has significant concerns about elements of the bill. Lewis, a former diplomat known for his work on cybersecurity policy, said the law’s provision requiring tech companies to disclose source code and access “without any review is just asking for trouble … You make it easier for spies and criminals to get access to people’s devices .”

He is also concerned about provisions in the law that he said will make it harder for tech companies to update devices for security reasons.

“Companies will have to prove there’s a problem to take measures to make your device more secure,” Lewis said. “They have to be able to meet a much higher bar.”

Lewis said he supports the overall goals of antitrust legislation to limit the ability of tech firms to “self-determine,” but added that “we cannot [address] it in a way that only harms cyber security.”

According to its website, CSIS is backed by Facebook, the Computer and Communications Industry Association and other tech giants that oppose the bill.

The bill has been amended to address feedback from the cybersecurity community, but the changes are not far-reaching and the bill still includes many troubling cybersecurity provisions that will make it harder to protect networks and individuals from malware, according to Tatyana Bolton, policy director of the cyber security and R Street threats.

“We should be promoting cybersecurity at all levels with all organizations,” said Bolton, who previously worked at the Cybersecurity and Infrastructure Security Agency as cyber policy lead and is the former senior policy director for the US Cyberspace Commission. “We shouldn’t put up barriers to taking action when they believe their cyber security or the security of their networks and systems is at risk.” That is exactly the opposite of what we want to encourage.”

R Street receives funding from tech companies, but Bolton could not say which ones because of R Street’s policy of not naming corporate donors.