Congress Wants to Regulate Your App Store By Picking Winners and Losers – But They Aren’t Doing It With Your Best Interest in Mind
On February 3, the Senate Judiciary Committee is poised to vote on S. 2710, the “Open App Markets Act”, a bill that, as drafted, regulates a handful of app stores by requiring interconnection with third-party payment systems and mandating the installation of third party apps and app stores and other pricing and business decisions, all of which could negatively impact innovation and competition.
The bill requires certain app stores to use third-party in-app payment systems, regulates pricing terms and conditions of sale in those app stores, and mandates that developers be allowed to interoperate and communicate directly with users side-stepping the covered company.
Despite this overreach, the bill is shortsighted about how consumers use technology today and is not future proof. For example, it excludes from its definitions the app stores of consoles like Microsoft’s Xbox, where people are increasingly accessing apps. Consoles are no longer solely gaming devices. Case in point: as early as 2017, Xbox’s most popular app wasn’t even a game; it was Netflix. The bill also excludes a variety of other app stores on televisions, streaming boxes, and other computing platforms.
The effect of the bill is to regulate a few U.S. app stores without regard to business models, privacy or security of data, and concern about competition or the welfare of users. Ultimately, the bill would have negative effects on competition, innovation, and privacy. The only winners here are multi-billion dollar companies like Epic Games, Spotify, and Match Group (Tinder) in their lobbying and legal battles, not users. Rather than the Senate Judiciary Committee picking winners and losers in the app ecosystem, they should take a measured and thoughtful approach. Below are some of the concerns with the bill.
The bill restricts in-app payment systems and terms and conditions of sale but it does not take into account the privacy and security of users
Section 3(a)(1) prevents the covered company from requiring developers from using an in-app payment system owned or controlled by the covered company or any of its business partners. App stores invest significant resources in research and development to maintain their ecosystems. This includes investments in privacy and security systems in in-app payment systems that protect consumers. Requiring covered companies to permit any third-party payment system to operate in app stores may introduce more harm because the covered company cannot be assured that other payment systems invest in privacy and security to the same degree as the covered company. Such a change puts systems for processing refunds, assuming parents can control a child’s request to make an in-app purchase, and the privacy of users’ identity and contract information at risk. A similar provision, Section 3(d) mandates that a covered company allow third-party apps or app stores to interoperate on the covered company but, it too, does not address the privacy, cybersecurity, and national security implications of allowing third-party apps or app stores to access hardware, software, operating systems, and other sensitive information.
Section 3(a)(2) prevents the covered company from setting pricing terms or conditions of sale to be equal to or more favorable on its app store than the terms or conditions of another app store. However, regulations on how app stores may charge developers could deter investments or innovation in software distribution. The fee that some developers pay for hosting their products on an app store allows companies to continue investing in the ongoing development of protections that safeguard consumers. And these investments benefit app developers – especially smaller and midsized app developers – by providing them with hundreds of thousands of application programming interfaces (APIs) and dozens of software development kits (SDKs) that have powered the millions of apps available to consumers. By constraining the means by which app stores recover the costs of maintaining a safe and trustworthy ecosystem, companies’ efforts to innovate and provide consumers with newer and better app stores could be impaired. Therefore, this bill’s attempt to regulate app store business models could be detrimental to consumers and developers as it would eventually limit their options and likely decrease quality of services.
The bill requires a handful of companies to allow communication directly between developers and users that could subject users to spam and fraud
Section 3(b) makes it unlawful for a covered company to restrict communications from developers with the user of an app regarding legitimate business offers, such as pricing terms, products, or services. Such ex ante regulation is difficult to enforce given that covered companies cannot know the nature of the communication before it occurs. Thus, users could be subject to spam, fraud, or anything else non-business-related, which the covered company may not act upon to keep from getting sued. Sure, protection from spam and fraud are affirmative defenses but companies may not be inclined to roll the dice to see if these defenses will be availing in court.
Even if the communications are business-related, consumers already have a tough time managing their paid app subscriptions. How many times have you found out that you were paying for an app that you forgot about? This bill would permit app developers to solicit users directly – just what consumers are asking for: more inundation by solicitations! It would also put at risk the systems that covered companies use to display a user’s subscriptions so they can easily cancel them.
Other concerns with the bill
The bill ignores cybersecurity recommendations from the U.S. government, e.g., the FTC and DHS, and potentially puts consumer privacy and data at risk. For example, the U.S. government has long-recognized that downloading certain unverified software from outside of official app stores could put mobile devices at risk. These recommendations and other best practices recognize the role that official app stores play in ensuring that Americans can enjoy their mobile devices while keeping them safe from hackers, spammers, and other cybercriminals. Section 3(f)’s requirement that covered platforms grant all third-party app stores the same level of access to features, and Section 3(d)’s broad access mandates, compromise crucial security controls that prevent malware. Although Section 4 provides affirmative defenses for the protection of security and privacy of users, these defenses are too narrowly drawn to be meaningful. Importantly, Section 4 also does not include national security as an affirmative defense.
Additionally, Section 5 provides a private right of action that could result in frivolous lawsuits brought by developers. This legislation also lacks even the minimal intellectual property rule of construction that was included in, another bad regulation bill, S. 2992, and it’s accompanying manager’s amendment, which was marked up less than two weeks ago.
Rather than bring S. 2710 and other anti-tech bills to the floor and continue with its crusade of picking and losers amongst members of the business community, Congress should assess what is truly in the best interest of competition, innovation, and consumers.