For the past week, U.S. lawmakers have taken a brief pause from, say, deciding just how we should all feel about the FBI’s practice of warrantless wiretapping, in the name of rallying around a common enemy: foreign tech companies.
Over the past seven days, we’ve seen the Trump administration consider a full-on ban of any apps owned by China-based companies. The White House prepped a new round of sanctions set to smack down any business dealings with Huawei and other Chinese telcos, and TikTok is under unprecedented scrutiny for its own Chinese origins. And now, the U.S. Congressional Committee on Oversight and Reform has sent two formal letters to Apple and Google’s respective CEOs asking them to use their power to probe where their third-party app developers are storing their data.
In both letters, Stephen Lynch, Chairman of the National Security Subcommittee noted his concerns over mobile apps that are owned or operated by foreign developers ” or even those that simply store any American’s data overseas ” could potentially leave the door open for some sort of spyware to sneak onto a citizen’s device.
“At a minimum,” he wrote, the two companies “should take steps to ensure that users are aware of the potential privacy and national security risks of sharing sensitive information with applications that store data in countries adversarial to the United States, or whose developers are subsidiaries of overseas companies.”
He’s right. For the past year, in particular, we’ve seen a good handful of hacking attempts ” successful or otherwise ” stemming from hacker groups in China, Russia, and the Middle East. If Apple and Google had a mandate requiring a given app developer to disclose which countries might be storing the data from their apps, it could, ostensibly, help your average app-downloader judge whether a certain note-taking app is worth downloading, or whether it might be offshoring data with the likes of a company like Israel’s vaguely-terrifying NSO group.
In the letter, Lynch pointed out that since he last floated the idea to Apple and Google back in January, neither company could name any “statutory or regulatory limitations” that would keep either of them from requiring devs to name countries where their data will be stored. He closed both of these letters by asking each of them whether they’d commit to this sort of mandate for their devs and whether they’d make this information available for the people browsing and downloading off their respective platforms, and gave each of them until the month’s end to respond. Gizmodo reached out to both companies for comment but did not receive an immediate reply.
Considering all of the domestic surveillance that’s been largely proven to be inescapable for any American with a decent cell phone connection, it can feel like a bit of a misdirection on congress’s part to paint “adversarial countries” as the problem, rather than the data collection industry writ large. If Apple and Google do take these new mandates into account, it might be worth asking them how we can get some insight into the invasions of privacy that happen closer to home.