In far too many competition cases, cybersecurity has become an afterthought – as courts impose far-reaching remedies that do not sufficiently account for security. The Center for Cybersecurity and Law is seeking to halt this trend. It has filed a series of amicus briefs that seek to educate the courts about core security considerations and correct for lower-court overreach.

The latest amicus filed in Epic v. Google, the Center urges the Ninth Circuit to rehear the case in order to sufficiently consider – and address – user security and public safety risks posed by the district court’s injunction. 

Of particular concern, the injunction requires Google Play to:

• Allow link-outs to unvetted and potentially insecure apps that can be downloaded online (par. 10).
• Carry third party app stores that have demonstrably worse security records than Google Play (par. 12).
• Allow third-party app stores to carry the Google Play Store catalog, without any regard to the risk of copy-cat apps or the challenges of distributing critical security updates (par. 11).

As described in detail in the Center’s amicus brief, each of these measures carries significant security risks. 

The brief includes information regarding the growing sophistication and effectiveness of malicious cyber-criminals and nation-state adversaries; the specific vulnerabilities created by the district court’s injunctions; and how attackers can exploit these vulnerabilities to exploit unsuspecting users by sending malware to their phones. The brief also explains why the creation of a yet-to-be established and unaccountable “Technical Committee” (par. 13 of the injunction) fails to adequately address the significant security risks.

This amicus brief follows similar efforts to educate courts about the security risks stemming from unvetted link-outs and restrictions on warning users about those risks and the security and privacy risks of required sharing of sensitive user data with would-be competitors.  And it draws on the Center’s prior work on mobile security, which highlights the importance of centralized security controls in order to protect the security and privacy of users – and thus the security of the broader digital ecosystem.

In all of this work, the Center has the same refrain: Competition and security are not mutually exclusive. Courts and regulators can – and should – protect both.

‍