Congress Is Weakening America’s Cybersecurity. It Couldn’t Have Picked A Worse Time.
Last week the world watched in horror as Russia illegally launched a brutal war in Ukraine. Online videos and eyewitness accounts evoked a terrible throwback to WWII, with tanks rolling over borders, frightened refugees, and bomb blasts in a major European capital.
While the visuals look hauntingly familiar, this war is very different: it is the first major global conflict to be fought not only on the ground, but also online as Russia aggressively extends its campaign to the online sphere. Indeed, dominating the cyber realm is a critical part of Russia’s military strategy.
Even prior to the physical invasion, Russian cyber warriors initiated massive attacks on Ukrainian infrastructure. Government ministries, military institutions, and bank websites were knocked offline using sophisticated malware. The aim was to deny Ukrainians access to news, communications services, banking, and the power and conveniences of the Internet. Meanwhile, on social media sites, Russian trolls unleashed a blizzard of online disinformation in an effort to sow fear and confusion.
U.S. social media sites are responding to the challenge. Facebook parent company Meta has removed disinformation posts and websites, and has banned Russian state media from running ads or monetizing on the Meta platform anywhere in the world. Twitter is stepping up efforts to detect platform manipulation and is actively monitoring the accounts of government officials, journalists, and other high-profile individuals to prevent hacks and takeovers. Meanwhile, user traffic within Ukraine has shown a spike in the use of Telegram, Signal, and other encrypted messaging services.
Russia’s cyberwar will likely not end at Ukraine’s borders. Cybersecurity experts warn the United States and other western democracies that they will likely be the next targets as Russian hackers zero in on data centers, critical infrastructure, and sensitive data. Many U.S. companies are at risk: the Financial Times reports that more than 100 Fortune 500 companies use Ukrainian IT services.
Russia certainly has the means and expertise to expand the cyber battlefield. According to the Microsoft Digital Defense Report, 58% of all cyberattacks observed in 2021 came from Russia. Even more chilling: nearly a quarter of nation-state cyberattacks targeted not governments or businesses, but individual consumers.
In this treacherous environment, you would think that Congress would rush to reinforce the security of American networks and personal devices. In fact, the opposite is true. In their haste to punish “big tech,” U.S. policymakers are advancing legislation that makes Americans less secure and creates an online playground for foreign adversaries and other bad actors.
The most egregious example is the Earn IT Act, a bill that creates a false choice between protecting the physical safety of children and protecting the online safety of Americans. Not only will this overly broad bill chill lawful speech, but it will also undercut internet safety by making platforms criminally liable for providing encryption. Online wrongdoers of all types were presumably thrilled when this bill passed out of the Senate Judiciary Committee, despite pointed objections from many Senators.
The EARN IT Act is not the only example. Another Senate bill, the Open App Market Act, forces app stores to enable the downloading of unverified software from third-party providers. More, the bill prohibits the required use of in-app payment systems owned by the app store provider, placing app store users at the mercy of bad actors using unvetted payment systems. Taken together, these provisions allow foreign actors or cyber thieves to sidestep the sophisticated and effective measures currently used by app stores to screen for malicious and dangerous software.
Finally, so-called “competition” bills in the House and Senate include provisions intended to prevent large tech platforms from self-preferencing a company’s own services against those of competitors. Unfortunately, these bills would also prevent companies from blocking or taking down offensive or unwanted content. These bills open the door to content from Russian and other foreign propagandists, as well as stalkers, cyberthieves, and other bad actors.
Policymaker pique at a handful of tech companies does not justify undermining the online security of millions of Americans. At the very least, Congress should put an immediate stop to all bills that prevent platforms from moderating foreign propaganda or protecting the security of consumer devices. Instead, Congress should work with the tech industry on legislation to strengthen Americans’ privacy and online safety and provide our companies with the tools to navigate an increasingly challenging online world.
Michael Petricone is the Senior Vice President of Government Affairs, Consumer Technology Association (CTA)