Last month, Google announced a massive planned acquisition of the cybersecurity firm, Mandiant. The $5.4 billion purchase comes as part of a concerted effort on Google’s part to better protect its customers. More specifically, the acquisition will be targeted at both growing and securing Google’s cloud services. Given the recent hacks of U.S. government agencies and critical infrastructure, it is more important for large companies like Google to strengthen their cybersecurity than ever before.
Unfortunately, new, aggressive antitrust regulators at the Department of Justice have already announced a probe into the merger. Further, a number of proposals currently in the U.S. Senate would nullify the beneficial impacts of such an acquisition. The American Innovation and Choice Online Act, introduced by Sen. Amy Klobuchar (D-Minn.), would“prevent self-preferencing and discriminatory conduct.” The language in that bill is so broad, that it would actually presume anti-competitive activity if Google were to defer to Mandiant to vet potential security threats in the Google Cloud.
This would completely defeat the purpose of the acquisition and leave both Google and its customers at the mercy of potentially malicious third parties. A big tech company – or any company for that matter – using its own in-house security systems to screen for threats and neutralize bad actors in the digital space is just a commonsense business practice. It is a system they can trust and they can set parameters that work best for their products and services. Doing so makes the process more efficient for them and allows them to dedicate more focus to serving their customers’ interests.
This problem is not abstract. In response to the announcement of the Mandiant acquisition, Thomas Kurian, the CEO of Google Cloud said,“Organizations around the world are facing unprecedented cybersecurity challenges as the sophistication and severity of attacks that were previously used to target major governments are now being used to target companies in every industry.”
The attacks Kurian references are those like the SolarWinds hack. That incident saw hackers infiltrate a number of organizations, as well as roughly a dozen agencies of the U.S. federal government. It was just last year when the Colonial Pipeline was hacked and forced offline, sparking a panic and a gas shortage. With conflict in Eastern Europe and global supplies of oil already in question, it is not a stretch to believe something similar could happen, but on a much broader scale.
It is for these reasons that companies like Google are going out of their way to beef up their security apparatus. It is why such an acquisition is worth the astronomical $5.4 billion Google is paying before getting into the weeds with federal regulators. In today’s day and age, companies that neglect cybersecurity do so not only at their own peril, but the peril of everyone who uses their products. For a company like Google, that means tens, if not hundreds of millions of Americans across the nation.
Klobuchar’s legislation would also bar tech companies from“preventing another business’s product or service from interoperating.” First, this interoperability would allow third-party businesses to steal troves of data, as Cambridge Analytica famously did. Second, it would all but eliminate the capability of companies to shield their users from bad actors. Especially given the bill’s provisions about“equal access” it is very possible that third parties could be granted the same level of access to user data as the Google Cloud has.
Klobuchar is on a second bill, the Open App Markets Act, which would prevent tech companies from barring access to its app stores. This, again, would open the door to potentially harmful software making its way onto the devices of millions of Americans. It would also make any reasonable security efforts fruitless or illegal.
All of this cuts at the very heart of cybersecurity in an increasingly digital age. It is also not to mention the fact that Klobuchar has a third piece of legislation, the Platform Competition and Opportunity Act, which would prevent America’s largest companies from acquiring any related businesses. This would not only put the brakes on innovative mergers – like Google’s with Mandiant – that would improve services and security, but would absolutely dry-up investment in cybersecurity start-ups who depend on mergers and acquisitions to entice initial investors.
While tech companies are doing whatever they can to secure their platforms and devices in the 21stCentury, lawmakers are settling political vendettas on Capitol Hill, unfairly and unnecessarily targeting these companies in the process. Legislation like this would make it nearly impossible for America’s tech companies to protect their users’data. They would also decrease the quality of the products themselves, leaving American consumers vulnerable to growing threats in cyberspace.
Daniel Savickas is the director of Tech Policy at the Taxpayers Protection Alliance.
Join the conversation as a VIP Member