The U.S. House Judiciary Committee looks set to bring forward legislation that would impose mandates on social-media platforms to make their users’ data portable to and their platforms interoperable with competing platforms. Rep. Ken Buck (R-Colo.), the ranking Republican on the committee’s antitrust subcommittee, has joined with subcommittee Chair David Cicilline (D-R.I.) in endorsing an approach putatively modeled on the Telecommunications Act of 1996, which mandated that phone numbers likewise be portable when a customer moves from one phone company to another. In a recent hearing, Buck called that requirement “one of the most popular and pro-competitive actions Congress ever took.”
But rather than demonstrating that data portability and interoperability mandates would be easy to implement, analogies to the Telecom Act’s number portability requirement highlight how difficult they can be. As law professor Peter Swire of Georgia Tech University explained in a recent study of data portability mandates, regulators who rely on phone number portability as a model “may have an unrealistically positive view about how easy and beneficial” these regulations are.
Telephone numbers are just about the simplest form of consumer data one can imagine. They are impersonal, completely standardized, and assigned and controlled through a centralized and coordinated system. This stands in contrast to user data on social media platforms in just about every way: the very reason we care so much about this information is that it is highly personalized and user-generated, a representation of individual users’ thoughts, views, and social contacts.
But making even simple phone numbers portable across carriers proved to be quite difficult. It took several years and the establishment of a new private regulatory entity, the Number Portability Administration Center, to allow portability just of local phone numbers. It took another several years before wireless numbers were portable among cellular carriers. And to this day, not all phone numbers are portable between different parts of the country and not all carriers are subject to portability rules.
There also have been downsides to number portability. Carriers are allowed to charge consumers for the service. And number portability has created substantial security challenges, creating a way for attackers to steal phone numbers—often as part of efforts to compromise multi-factor security systems in order to access sensitive data like bank accounts.
Yet phone number portability is just about the easiest form of data portability, and barely touches on interoperability.
The 1996 Telecom Act’s unbundling and interconnection requirements, which required incumbent telephone companies to make their networks interoperable with new competitors’ networks, offer a more complete example of portability and interoperability in the telephone industry. These requirements led to more than a decade of litigation, including multiple trips to the U.S. Supreme Court. Deciding what parts of the network had to be unbundled—the same sort of fight that Big Tech platforms would have over what parts of their systems had to be interoperable with their competitors—was so messy that at one point the Federal Communications Commission tried to pass the task to state regulators (the courts said that it couldn’t do that). And these fights slowed deployment of competitive Internet access, keeping the telephone industry fighting over previous-generation DSL while the (unregulated) cable industry raced ahead, facing little competition, with next-generation cable internet services.
Portability and interoperability work best when dealing with highly standardized data used in highly standardized ways. Consider last month’s news that IBM is exploring a sale of its Watson Health business largely because its experience has shown that patient health records are too non-standard for literally the best AI in the world to make sense of them. The social media platforms that Congress is focusing on deal with user-generated data that are far less uniform or structured than medical information. And the whole point of opening these platforms to greater competition is to allow greater differentiation in services, which inevitably makes for less uniform data.
Our technological ecosystem is already shot through with security challenges. This isn’t because developers are lazy or incompetent; it’s because it’s really hard to design and implement systems securely. Interoperability and data portability mandates make this challenge substantially more difficult. Such rules mandate systems that, from a security point of view, should be closed off to third parties instead be opened up to them.
The Big Tech economy faces serious challenges. Increasing competitive pressures may be one way to improve the status quo. There may be some tailored types of portability and interoperability that do make sense. But these must be designed carefully, and they are neither costless nor flawless solutions.
Gus Hurwitz is Associate Professor of Law and Menards Director of the Nebraska Governance & Technology Center and Director of Law & Economics Programs at the International Center for Law and Economics.