As both producers and users of cybersecurity products and services, ITI’s members are highly motivated to protect user information and are at the forefront of innovation in the security space. At the same time, ITI has consistently opposed technology-specific mandates—including, but not limited to, spectrum use flexibility, universal service fund availability, FAA in-flight device regulation, automotive safety, cybersecurity, data security, or the payment technology space—because such mandates stymy innovation. In the security space, when innovation is stalled, technologies quickly become outdated and consumers are left less protected.
While mandating security technologies to protect consumers may sound like an attractive proposition, the end result is usually one of more harm than good. Technology-specific mandates in the security space ultimately hurt consumers by preventing the roll-out of new technologies that may be more secure, or by removing the incentive to innovate more protective technologies altogether.
The mandated use of a certain technology in a particular space means no other technology can be used, regardless of what innovations may come about. In other words, a technology-specific mandate can end up being both a floor and a ceiling. And in the security space, what’s cutting edge today can quickly become outdated as a result of the constantly evolving tactics employed by those who wish to inflict harm by stealing consumer information, sometimes in the span of just a few months. As Congress debates policies implicating the tech sector, we urge lawmakers to carefully consider the unintended consequences of locking technology into place.