The U.S. nuclear option on apps and data

The wrinkles of “securities” that flow between national and economic interests have many different layers.

Today’s version of the story comes from Washington, where the Commerce Department is finalizing rules around data security and foreign ownership, which is aimed at apps like TikTok which collect vast quantities of information and are widely presumed to be enmeshed in Chinese intelligence efforts given the country’s laws. Under the department’s final rules, Commerce would have the effective authority to shut down apps it deems a danger to national security.

Back when I was at TechCrunch, I argued strenuously against the notion that the U.S. should be able to just unilaterally shut down popular apps, such as how the Trump administration tried to “nuke” TikTok in September 2020. I dubbed it “gangster capitalism,” a form of governance where rules shift with the political winds and investors and employees who build great products could just be suddenly annihilated by random bureaucratic interventions without recourse. America’s tremendous economic success has hinged on well-regulated, consistent markets — why would we want to demolish a model that has provided us so much?

In the end though, we find ourselves with pretty much the same outcome anyway: a “nuclear option” that would allow the U.S. government to shut down apps it deems a threat.

It makes complete sense for the U.S. — or any country, for that matter — to be concerned about data privacy and its citizens. Yet, as with so many policies around technology today, these new rules are a limited bandage on a much wider problem: Who can own a user’s data?

Commerce is arguing that some nations (starting obviously with China, but Russia and others can’t be far behind) shouldn’t own American data and could be blocked entirely in the future. Makes sense, but what about Saudi Arabia? Brazil? France? Canada? Really, if stockpiles of consumer data are so valuable, why shouldn’t Americans be protected from all foreign ownership over their information?

The logic doesn’t stop there, of course. Why should all American companies have access to this valuable store of data? If my information should be secure, why should the entire advertising industry have access to it? Why should my ISP and telco provider, and Google, and every other organization in the modern data broker market have wide access to these troves?

Right now, the China angle is taking precedence due to the acute nature of that challenge, but it’s absolutely wrong-headed to build a regulatory regime around the acute problem without analyzing the wider system where the problem exists. The American approach to data is a patchwork of state laws, executive branch regulations, and industry norms. There’s no comprehensive model of data governance, no answer to the question of who can own what data. Without a comprehensive strategy around data, each of these initiatives like today’s from Commerce is just a piecemeal tool when we need a complete solution.

Right now, we are left with a business environment where data is pretty much fungible unless you raise the ire of the Commerce Department enough for them to hit the nuclear button on an app. That’s not a tenable situation for America’s technology industry long term, particularly if we want it to maintain its vibrancy into the future.

Technology and sovereignty has been a theme here on “Securities,” such as with yesterday’s piece on a blocked semiconductor acquisition. America has a duty to put in place more safeguards on data to stop the companies (and countries) that would abuse what has traditionally been a very porous and open approach to information management.

Yet, I remain deeply perturbed about giving regulators unilateral authority to strike at apps or any software, particularly when rules around data remain so limited. App censorship is a growing trend around the world, and it seems the U.S. government is now putting in place the rules to add such a tool to our own domestic market. I shudder to think at the second-order effects of such a system.