NEWSFLASH: Former DNI James Clapper Warns The Revised AICOA Still Hurts U.S. National Security
James Clapper, former Director of National Intelligence, warns that the proposed anti-tech legislation, the American Innovation and Choice Online Act (AICOA), sponsored by Senators Amy Klobuchar and Chuck Grassley, will hurt American national security. His op-ed expands upon arguments in an earlier open letter penned by Clapper and other national security experts.
Clapper writes, “Recently the Senate revised its bill; the new version acknowledges—but fails to address—any of the national security concerns raised in our open letter, or reservations expressed by bi-partisan members of the Senate Judiciary Committee during the lone public hearing on this legislation last January.”
Former DNI Clapper also detailed three severe flaws with AICOA:
1) AICOA does not address giving “unfettered” access of American hardware and software to foreign adversaries. “First, the bill still fails to address the major issue we wrote about in our letter: giving ‘unfettered’ access to the hardware and software of American technology companies which could result in major cyber threats, misinformation, access to data of U.S. persons, and intellectual property theft.”
2) AICOA could force American tech companies to break integrated security tools such as spam, malware, and spyware scanning. “Second, certain provisions of this proposed legislation could force tech companies to break apart integrated security tools currently embedded in device and platform operating systems to screen for spyware and malware. From spam filters to authentication services, we’ve all come to rely on these fraud protections to keep us safe and protect our data; these provisions could expose consumers to bad actors seeking to exploit the weak links in the cybersecurity chain.”
3) The amended AICOA requires that American tech companies allow every application—including those from abroad—to interoperate with their platforms, which could inhibit companies from taking action against bad actors. “Third, the amended Senate bill requires tech companies to allow every application—including those from abroad—to interoperate with their own platforms, except where doing so would cause a ‘significant cybersecurity risk.’ The bill, however, doesn’t define what the threshold is for such a risk. This could conceivably inhibit a tech company from taking aggressive action against a known threat, out of concern that the threat didn’t reach the ‘significant’ threshold. If the companies have to look constantly over their corporate shoulder in the face of always agile threats, Americans could be exposed to the insidious and subtle changes that exploit previously unidentified vulnerabilities.”
See more on the national security concerns of anti-tech legislation here, here, and here.