Privacy advocates have been calling for the United States to adopt strong consumer privacy protection laws along the lines of the EU’s GDPR for a long time now, but the proposed (RESTRICT) ain’t it, chief. Restricting the Emergence of Security Threats that Risk Information and Communications Technology Act Terrible acronym aside, the RESTRICT Act claims to… empower the United States government to prevent certain foreign governments from exploiting technology services operating in the United States in a way that poses risks to Americans’ sensitive data and our national security. ( ) whitehouse.gov In reality, this act would grant the government broad powers to restrict access to any site or service they claim could pose a threat to national security, akin to China’s “ .” great firewall Currently, if you go on the internet and try and find out what the RESTRICT Act , you’ll find a lot of confusing and conflicting information. This is by design, not from a lack of analysis. actually does Simply put, the RESTRICT Act has been interpreted in so many different ways because the wording is so broad that it be interpreted in so many different ways. This is obviously a problematic form of government overreach. can So what does it actually do? Well, nothing! For now, anyway. Like many bills lately, this bill has no immediate effects, but it does grant the White House power to create rules and regulations which will have the power of law. Section 8 grants the Secretary of Commerce the power to “establish such rules, regulations, and procedures as the Secretary considers appropriate.” These rules can include almost anything as long as they are targeting an entity covered by the bill. To give it a little credit, the specific activities this bill targets are narrow. Section 2 of the bill mainly defines the affected entities in terms of corporate ownership and funding in relation to specific “foreign adversaries.” relatively It would be difficult for a company to violate this bill without being a front for a foreign government. However, once a targeted company identified, the powers the White House then gains to prevent their operation and access within the United States are wildly expansive. actually is Does This Bill Ban VPNs? This is the question on a lot of people’s minds, and the answer is, of course, a bit complicated. Right now, this bill is mainly focused on TikTok, despite them not being mentioned specifically within the bill text, so let’s focus on them. If the White House determines that TikTok is covered by this act, they could implement “mitigation measures” including ordering Internet Service Providers to block access to TikTok entirely. At this point, the Act grants very broad power to block the of those mitigation measures as well. circumvention Now, any service “which is designed or intended to evade or circumvent the application of this Act” falls under the scope of this regulation. No person may cause or aid, abet, counsel, command, induce, procure, permit, or approve the doing of any act prohibited by, or the omission of any act required by any regulation, order, direction, mitigation measure, prohibition, or other authorization or directive issued under, this Act. (Section 11(a)(2)) A reading of this could certainly include VPN providers. Even if the White House does not declare VPN companies to be directly violating this act, they could certainly deem their services to be aiding and abetting violators, and the end result is the same: Regulations that ban the operation of VPNs entirely. Even more worryingly—especially for myself at —a stricter reading of the quoted section above could make it illegal to even (i.e., “counsel”) on how to run a VPN or sideload TikTok! Privacy Guides share advice And all of these violations be punished with criminal charges including up to 20 years in jail or up to $1,000,000 in fines. can So what do we actually know? Does this bill ban VPNs? No. Does this bill give the White House executive power to ban VPNs? Yes! It still seems unlikely that our current White House would ban VPNs, and even more unlikely that the Supreme Court would allow them to do so if they tried. However, a future White House with politics more aligned with the Supreme Court could conceivably be more likely to try and suppress free internet access, and it’s doubtful the Supreme Court would try and stop them. Putin has a long history of suppressing dissidents and journalists in Russia by finding ways to classify them as “foreign agents,” and students of his political playbook in the United States would obviously not hesitate to abuse the RESTRICT Act to do the same here. Is This Good Privacy Regulation? Absolutely not. Fundamentally, the RESTRICT Act does nothing to address the actual privacy concerns of American citizens, it only ensures that the digital data of Americans are exploited by America-friendly companies. exclusively If Congress was legitimately concerned about data collection in America, they could implement strong consumer protections that enhance individuals' control and rights over their personal data on platform instead of playing whac-a-mole with every foreign technology entity. every So What? Ultimately, the provisions in this bill are so broad that it is inconceivable that they will be eventually abused by the White House; it would only be a matter of time. not Any law like this which gives the government broad authority to ban all sorts of tools if they are even tangentially related to a foreign country they deem a threat is simply unacceptable in a purportedly free country, and we need to make sure it does not pass. You may still be thinking that this bill would only really impact large, foreign entities like China/TikTok, but we’ve seen time and time again how bills like this that are sold as attacks on huge, nebulous entities like “terrorists” and “foreign state adversaries” wind up mainly used to attack the little guy with minor infractions. Just like with the post-9/11 Patriot Act, the government is trying to whip people up into a panic to pass a bill under false pretexts that only serves to expand their police powers over us. Call your legislators and demand that they vote against the RESTRICT Act; don’t let them take away even more freedoms.
