Pluralistic: 11 Jun 2021

Today's links

EFF's interoperability banner graphic, a kind of Rube Goldberg machine integrating pulleys, belts, megaphones, emoticons, lightbulbs, HTML tags, a Creative Commons icon, a radio tower, a padlock, etc.

Privacy Without Monopoly, EU edition (permalink)

Tech monopoly apologists insist that there's something exceptional about tech that makes it so concentrated: "network effects" (when a product gets better because more people use it, like a social media service).

They're wrong.

Tech is concentrated because the Big Tech companies buy up or crush their nascent competitors – think of Facebook's predatory acquisition of Instagram, which Zuckerberg admitted (in writing!) was driven by a desire to recapture the users who were leaving FB in droves.

Google's scale is driven by acquisitions – Search and Gmail are Google's only successful in-house products. Everything else, from Android to Youtube to their entire ad-tech stack, was once a standalone business that Google captured.

Monopolies extract monopoly rents – like those delivered by Googbook's crooked ad-tech marketplaces, or Apple/Google's 30% app shakedown – and use them to maintain their monopolies. Google gives Apple billions every year so it will be the default Ios and Safari search.

These are the same tactics that every monopolist uses – high-stakes moneyball that creates a "kill-zone" around the monopolist's line of business that only a fool would try to enter. Tech DOES have network effects, but that's not what's behind tech monopolies.

We see monopolies in industries from bookselling to eyeglasses, accounting to cheerleading uniforms, pro wrestling to energy, beer to health insurance. These monopolies all follow Big Tech's template of mobilizing monopoly rents to buy or crush all competition.

The differences between the anticompetitive tactics that monopolized these industries are largely cosmetic – swap out a few details and you might well be describing how John D Rockefeller and Standard Oil monopolized the oil markets in the late 19th and early 20th centuries.

Big Tech does have network effects, but these are actually a tool that can be used to dismantle monopolies, as well as maintaining them. Network effects are double-edged swords: if a service gets more valuable as users join, it also gets less valuable as users leave.

If you want to understand the anticompetitive structure of the tech industry, you'd be better off analyzing switching costs, not network effects. Switching costs are the things you have to give up when you leave a service behind.

If your customers, community, family members or annotated photos and other memories are locked up in Facebook's walled garden (or if you've got money sunk in proprietary media or apps on Apple's, etc), then the switching cost is losing access to all of that.

Here's where tech really is different: tech has intrinsically low switching costs. Latent in all digital technology is the capacity to interoperate, to plug a new service into an old one, to run an old app inside a simulator ("runtime").

There's no good technical reason you can't leave Facebook but take your treasured photos with you – and continue to exchange messages with the people you left behind.

True, Facebook has gone to extraordinary lengths to keep its switching costs high, deploying technical countermeasures to block interoperability. But these aren't particularly effective. Lots of people have figured out how to reverse-engineer FB and plug new things into it.

Power Ventures created an app that aggregated your FB feed with feeds from rival services, giving you a single dashboard. NYU's Ad Observer scrapes the political ads FB shows you for analysis to check whether FB is enforcing its own paid political disinformation rules.

And there's a whole constellation of third-party Whatsapp clients that add features FB has decided Whatsapp users don't deserve, like the ability to block read-receipts or run multiple accounts on the same device.

Most of these are technical successes, but they're often legal failures. FB has used the monopoly rents it extracted to secure radical new laws and new interpretations of existing laws to make these tactics illegal.

Power Ventures was sued into oblivion. Ad Observer is fighting for its life. The Whatsapp mods are still going strong, but that may be down to the jurisdictions where they thrive – sub-Saharan Africa – where FB has less legal muscle.

With low switching costs, much of FB's monopoly protection evaporates. Lots of people hate FB, and FB knows it. You're on FB because your friends are there. Your friends are there because you're there. You've taken each other hostage, and FB benefits.

With low switching costs, you could leave FB – but not your friends. The kill zone disappears. All we need is interoperability.

Enter the EU's Digital Services Act and Digital Markets Act, proposed regulations to force interop on the biggest Big Tech players.

The EU has recognized that mandating interop can reduce switching costs, and reducing switching costs can weaken monopoly power.

Some critics (like me!) of the EU proposals say they don't go far enough, asking for "full interop" for rival services.

Against these calls for broader interop come warnings about the privacy implications of forcing FB to open up its servers to rivals. It's hard enough to keep FB from abusing its users' privacy, how will we keep track of a constellation of services that can access user data?

Last Feb, Bennett Cyphers and I published "Privacy Without Monopoly," for EFF, describing how interoperability can enhance privacy.

Interop means that users can choose services that have better privacy policies than Facebook or other incumbent platforms.

But in theory, it means that users could choose worse services – services that have worse privacy policies, services that might be able to grab your friends' data along with your own (say, the pictures you took of them and brought with you, or their private messages to you).

That's why, in our paper, we say that interop mandates have to be backstopped by privacy rules – democratically accountable rules from lawmakers or regulators, not self-serving "privacy" limitations set by the Big Tech companies themselves.

For example, Facebook aggressively imports your address books when you sign up, to connect you to the people you know (this isn't always a good experience – say, if your stalker has you in their address book and automatically gets "friended" with you).

If you try to take your address book with you when you quit, FB claims your contact list isn't "yours" – it belongs to your contacts. To protect their privacy, FB has to block you from exporting the data – making it it much harder to establish social ties on a new service.

It's not obvious who that contact info "belongs to" (if "belong to" is even the right way to talk about private information that implicates multiple people!).

But what is obvious is that Facebook can't be trusted to make that call.

Not only has Facebook repeatedly disqualified itself from being trusted to defend its users' privacy, but it also has a hopeless conflict of interest, because privacy claims can be used to raise switching costs and shore up its monopoly.

In our paper, Bennett and I say that these thorny questions should be resolved democratically, not in a corporate boardroom.

Now, as it happens, there's a region where 500M people are protected by a broad, democratically enacted privacy law: Europe, home of the GDPR.

Today, in a new appendix to "Privacy Without Monopoly," EFF has published "The GDPR, Privacy and Monopoly," my analysis of how the GDPR makes interoperability safer from a privacy perspective.

Working with EFF's Christoph Schmon and Bennett Cyphers, and Ala KrinickytÄ—, a data protection lawyer at NOYB, we develop a detailed analysis of the GDPR, and describe how the GDPR provides a lawful framework for resolving thorny questions about consent and blended title to data.

The GDPR itself seeks to promote interoperability; it's right there in Recital 68: "data controllers should be encouraged to develop interoperable formats that enable data portability." But loopholes in the rules have allowed dominant companies to stymie interop.

For years, Europeans have had the "right" to port their data, but nowhere to port that data to. The DMA closes the loopholes and dismantles the hurdles that kept switching costs high.

The GDPR's consent/security/minimization framework sets out the parameters for any interoperability, meaning we don't have to trust Facebook (or Google, or Amazon, or Apple) to decide when interop must be blocked "to defend users' privacy" (and also shareholders' profits).

Big Tech platforms already have consent mechanisms (and must continue to build them) to create the legal basis for processing user data. An interoperable FB could be a consent conduit, letting your friends decide when and whether you can take their data to a new service.

And the GDPR (not a tech executive) also determines when a new service meets the privacy standards needed for interop. It governs how that new service must handle user data, and it gives users a way to punish companies that break the rules.

Today, if you leave Facebook, your friends might not even notice. But in a world where FB is a consent conduit to manage your departure and resettlement, all your friends get signals about your departure – perhaps prompting them to consider whether they should go, too.

Far from prohibiting interop, the GDPR enables it, by creating an explicit privacy framework that is consistent across all services, both the old monopolies and the new co-ops, startups, public utilities, and other alternatives that interop would make possible.

Monopolies distort the world in two ways. The most obvious harm is to competition, choking out or buying out every alternative, so you have to live by whatever rules the monopolist sets.

But the other kind of harm is even worse: monopolists can use their political power to get away with terrible abuses.

Ad-tech concentration produced monopoly rents that blocked or weakened privacy law for decades, allowing for a grotesque degree of commercial surveillance.

We don't want competition in surveillance.

Opening space for interop poses a legitimate risk of creating a contest to see who can violate your human rights most efficiently.

Yet, it's obvious that monopolists themselves shouldn't get to decide where they should be subjected to competition and where they should be subjected to regulation. That's a job for democratic institutions, not autocratic board-rooms.

Adding privacy regulation (strong privacy regulation, with a private right of action allowing users to sue companies for breaking the rules) to interop is how we resolve this conundrum, how we make sure we're banning surveillance, rather than "democratizing" it.

This day in history (permalink)

#20yrsago Embarassing gaffe in Microsoft’s anti-Linux campaign

#15yrsago Inside China’s iPod sweat-shops

#10yrsago Walt Disney’s 1956 time-capsule letter to the future

#10yrsago Terry Pratchett initiates assisted suicide process

#5yrsago It’s getting harder and harder to use gag clauses to silence laid off workers in America

#1yrago Interoperability and privacy

#1yrago Tesla modder selling discounted upgrades

Colophon (permalink)

Today's top sources:

Currently writing:

  • Spill, a Little Brother short story about pipeline protests. Yesterday's progress: 253 words (5218 words total).

  • A Little Brother short story about remote invigilation. PLANNING

  • A nonfiction book about excessive buyer-power in the arts, co-written with Rebecca Giblin, "The Shakedown." FINAL EDITS

  • A post-GND utopian novel, "The Lost Cause." FINISHED

  • A cyberpunk noir thriller novel, "Red Team Blues." FINISHED

Currently reading: Analogia by George Dyson.

Latest podcast: How To Destroy Surveillance Capitalism (Part 06)
Upcoming appearances:

Recent appearances:

Latest book:

Upcoming books:

  • The Shakedown, with Rebecca Giblin, nonfiction/business/politics, Beacon Press 2022

This work licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Newsletter (no ads, tracking, or data-collection):

Mastodon (no ads, tracking, or data-collection):

Medium (no ads, paywalled):

(Latest Medium column: "The Rent’s Too Damned High," about the long con of convincing Americans that they will grow prosperous through housing wealth, not labor rights

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla