Reconciling Social Media & Democracy: Cory Doctorow

On October 7th, Tech Policy Press hosted a mini-conference, Reconciling Social Media and Democracy.

While various solutions to problems at the intersection of social media and democracy are under consideration, from regulation to antitrust action, some experts are enthusiastic about the opportunity to create a new social media ecosystem that relies less on centrally managed platforms like Facebook and more on decentralized, interoperable services and components.

The first discussion at the event took on the notion of ‘middleware’ for content moderation, and the second discussion looked at this question through the lens of what it might mean for the fight against misinformation. The third discussion featured Cory Doctorow, who discussed the notion of competitive compatibility.

Below is a rough transcript of the discussion.

Justin Hendrix:

Thank you. And we're going to slide straight into our next speaker, who is joining us now. Cory Doctorow, who is of course a well known science fiction author, activist, journalist, and poster of excellent graphic reminders of our past and slightly more friendly consumer past is the only way I can think of to describe it... I'm very grateful for you joining us today. I've invited him here to talk about “competitive compatibility.” Now, Cory is not one of the individuals who was part of the Journal of Democracy series of essays that we've been talking about so far, but rather he's written his own things on this, of course, including a particular piece from ACM I'd recommend for anybody that wants to kind of dig through that, this essay on competitive compatibility. And of course, he's written many other things about this, but we'll perhaps hear from him particularly about where his head is at at the moment on competitive compatibility. So, Cory, thank you so much.

Cory Doctorow:

It's lovely to be here. Thank you for having me. I live with two people who are sick and tired of hearing me talk about interoperability so any chance to talk about it with other people is very good.

So you mentioned competitive compatibility. That is a term that we at the Electronic Frontier Foundation came up with because the phrase that we used for it before was just too much of a mouthful, although it's a little more self explanatory and that phrases adversarial interoperability. So you can imagine that there's some interoperability that is planned, either it's the subject of a mandate or there's some standardization and there's some interoperability that is indifferent, like you walk into a gas station and you get a 50 cent USB charger that plugs into your car's cigarette lighter, people who made your car don't care that you're using it, they're not going to help you use it, they're not going to try and stop you from using it.

But then there's adversarial interoperability. Adversarial interoperability is when the manufacturer of an existing good or service really doesn't want you to plug something new into it and you do it anyway, even though they're trying to stop you. And adversarial interoperability is something that was once absolutely normal. If you're old enough, you might remember things like plug compatible mainframes, and today has become something of a legal mine field.

So I wanted to start by introducing some "ComCom" examples. ComCom, competitive compatibility, is what we've come to call adversarial interoperability-- partly in deference to our non-English speaking colleagues in Europe who are very interested in interoperability, but it's like listening to a German try to pronounce the word "swirl," it's funny at first and then it makes you feel bad about yourself. So ComCom is a much better term of ours.

So some examples from history-- you may recall, from the turn of this century, that the Mac was on the ropes. If you ran an office and you had a designer who used a Mac, and you had a bunch of other people who used Windows machines, one of those Windows machines users was unwise enough to try and ask the person on the Mac to read a word document, chances where they wouldn't be able to open it with Microsoft's Word for the Mac. If they did, it would be corrupt in some way. And then if they were unwise enough to save it and try and share it back out again with their Windows-using colleagues, it would be forever cursed and no one would be able to open it and restore it to its original format.

And this was an actual major impediment. I was a CIO at the time running heterogeneous networks. We were actually buying designers Windows machines to sit next to their Macs so that they could communicate with their colleagues. And we were in the process of transitioning to actually just switching them all over to Windows and installing Adobe products for Windows, Work for Windows and so on, and just ditching the Mac altogether. Microsoft had two things going for it at the time. It had network effects--obviously every time someone created a Word doc, that was a reason to get a computer that could read a Word doc. And every time someone had a computer that could read a Word doc, that was a reason to believe that you could use Word to communicate with them. And that was how they attained scale. But the way that they maintained that scale was not through network effects.

It was through switching costs, because once you left behind the Windows world, you could no longer communicate with all those other users. And so the price that you had to pay to leave the Windows world was very, very high. And Apple solved this in a really clever way. Steve Jobs did not go on bent knee to Bill Gates and beg him to make an adequate version of Office for the Mac. Instead, he got some engineers to reverse engineer the file formats for Word, Excel and PowerPoint, and created the iWork suite of Keynote, Pages and Numbers and obliterated the switching cost. You may remember there was an ad campaign at the time-- the "switch" campaign. It would be very easy now, unprecedentedly easy for you to switch from Windows to a Mac. And the switching costs are now so low that there's no reason to be bound by that network effect. The network effect can be a way to grow but without switching costs, you can't stay big if you're not good. And since Microsoft wasn't good, people switched to Macs, and that rescued the platform.

Now, I want you to consider what would happen if you tried to do this with iTunes today. If you tried to do this with iTunes today, you would be sued into a radioactive crater. They would make Computer Fraud and Abuse Act arguments about it, not withstanding the Van Buren case. They would say that your reverse engineering of certain elements of the stack violated section 12 of the Digital Millennium Copyright Act. They would also probably try and get you for contributory infringement. They would also argue that you were engaged in tortious interference and probably bring some other claims against you as well, patent claims and so on.

There is a thicket that has grown up around ComCom, the nature of the need to make ComCom, the underlying process for doing ComCom and the value that we can get out of ComCom haven't changed, but the legal picture for firms that want to engage in it has changed very dramatically. And what's happened is that the firms that are arguing against ComCom-- for example, right to repair is a form of ComCom, right? I made this thing, I say only I'm allowed to fix it, someone else comes along and asserts that they can fix it. Those firms that are doing it, they all benefited from ComCom in their early days. Microsoft, if it could only have worked on IBM PCs, would've been a very small company, but because they were IBM PC compatible that used ROMs that Phoenix Computing made, Microsoft was able to capture a giant market and grow very big indeed. Google, if it couldn't have told all the world's websites that it was a web browser and asked for them to serve up the web pages, would've had a hard time indexing the web.

Every one of these sites has relied in some way on ComCom. Facebook had a service that would let you read your MySpace mail from Facebook so that you could leave MySpace behind and enjoy Facebook, but not have to leave behind your MySpace friends. They have all agreed on common lobbying positions, common briefings to judges as Amici, common public communications that condemn ComCom and its many tactics as variously forms of piracy, cyberterrorism, and many other gross offenses. And this is not unusual, every pirate wants to be an admiral after all. What is unusual is how successful they've been and how durable it has made their monopolies and how much it has captured our imagination and made us believe that those monopolies are kind of the ends state of our networks. And so this has given rise to a form of advocacy for resolving the many problems of big tech platforms that I call fixing the platforms, right?

The problem with Facebook is that Mark Zuckerberg is very bad at being the social media czar of 3 billion people. We must either pressure his board to replace him with someone who is good at that job, or bring to bear such pressure on him as will make him be better at that job. And this is contrasted with what I think is the correct strategy, which is not fixing the platform, but fixing the internet-- which involves abolishing the position of a social media czar for 3 billion people. No one should have that job. It's not just that someone has the wrong job, it's that the job shouldn't exist in the first place.

And so these ComCom tactics offer a mechanism by which we might accomplish reduction in the switching costs that would allow us to unravel many of the advantages that are used to maintain the dominance by these firms. So to take a real world example, at EFF, we've worked with a community of breast cancer survivors. These are women or people with breasts who have the BRCA gene-- they're at a high risk themselves of contracting breast cancer. And because it runs in families, their daughters, sisters, mothers, and other relations are at that risk or suffering for breast cancer or have died from breast cancer. This community is very important to them. And they joined Facebook about a decade ago at a time in which the platform was very aggressively courting medical communities.

And what they found was that Facebook was not being forthright in the way that it described the privacy protections it had for this very sensitive community. Specifically, one of the founders of this community discovered a bug on Facebook's platform that allowed her to enumerate the full membership of every Facebook group, whether or not you were a member of it, which for them was a grave concern. And they brought that to Facebook. Facebook characterized this as a feature request, not a bug report, and they won't fix it. They said that they weren't going to repair it. And eventually after pressure, they moderated this a little so that you could enumerate the members of group that you were a member of, which is for them still not private enough.

But they face a huge collective action problem. Having all arrived on Facebook and accumulated a sizeable number of people after they did migrate from a private message board to Facebook, they really are not in any position to organize a national 'everybody quit Facebook day next Wednesday, 3:00 PM.' But what they could do in theory is they could stand up a standalone diaspora instance or other messaging platform and they could use ComCom contacts, bots, autopilot, scrapers, to allow them to both receive and push messages into Facebook without being on Facebook, without subjecting their use to Facebook scrutiny.

And more importantly, to provide a transitional state-- an intermediate state between being on Facebook and not being on Facebook, because those messages could be appended with a footer that read, "Today 13% of our message group's traffic came from off Facebook. When this reaches 60%, we will start a 30 day timer, and then we're going to sever the link. Figure out what you want to do, figure out which community you want to belong to." That's a way that they could ooze off the platform instead of jumping off the platform all on one go. Tthere are serious privacy issues with this. And I wrote a paper with my colleague Bennett Cyphers-- it's called Privacy Without Monopoly--that talks about how, while there are serious privacy issues with this, Facebook is not the company that we should trust to adjudicate them for reasons that I hope are radioactively obvious to everyone who is listening to the sound of my voice today, especially this week.

And what we do need is a standalone, sturdy privacy law that allows us to objectively consider what any interoperator is doing and determine whether or not they're doing something that accords with privacy. And that would apply equally to Facebook and to the people operating this diaspora server. Now, if you are familiar with things like the Access Act or various other proposals--Protocols Not Platforms, Daphne's work, Frank Pasquale's work, and the middleware proposals-- you may be wondering why this couldn't be accomplished with a mandate. And it absolutely could. We could build a standard either under government agents or out of the kindness of Facebook's own heart and we could stand up APIs that allow us to do this without all the gorilla warfare bots and scrapers, which after all would be constantly under threat from Facebook, they would be trying to identify the bots and shut them down and you'd be modifying the bots to fix them.

Now, Facebook has 3 billion users, which means that by definition, it has 3000 one in a million behaviors being exhibited every single day, so their ability to distinguish a bot from a user is going to be really hard. They'll catch a lot of dolphins in their tuna net. But still we could imagine a sturdier version of this. And here's where I want to talk about where ComCom fits in with other forms of interoperability, with planned interoperability, managed, mandated, cooperative interoperability. And I think that it is not a replacement for, but rather a stiffener of it. And to explain why I want to return to this idea right to repair and briefly recount what happened when Massachusetts passed a right to repair bill for cars.

In 2012, Bay Staters went to the ballot box. They overwhelmingly passed a ballot initiative that mandated that automakers provide independent mechanics with diagnostic codes that could be read off the cars' wired networks, that are called the can buses, so that they could affect their own independent repairs. And immediately the automakers reengineered their cars so that service messages did not go over the can bus, they went over a new wireless network that they built into new models, which was not covered under the mandate.

And it took eight years for Bay Staters to revisit this and go back to this question and pass a new ballot initiative in 2020 that said that, "For avoidance of doubt, we meant the wireless networks too," and now they're in court and eventually they're going to get back to this. And in the meantime, there's a lot of cars independent mechanics can't fix and some of them are closing up shop and going to work for big three automakers. And so even when we get the mandate fixed at the speed of legislation and regulation and not the speed of market actors or individual self-help measures, we may not have the mechanics to do the repairs.

And so what ComCom represents is it represents the cost oof defection, the cost of subverting the mandate. If Facebook says, "Well, we're going to keep this Mandated Access Act API, but we're going to change our internal data structure so that doesn't connect to anything useful," like the fire department might say, "You have to put a tap on the front of your house for the fire hose," and you do that, but then you disconnect your water main from it. So the tap's still there, you're still in compliance, it just doesn't connect to anything. If Facebook were to do that, the response wouldn't be eight years in which they could play cute in front of senatorial committees and the FTC and special regulators, it would be an immediate response of users quickly implementing bots and scrapers and other gorilla warfare acts.

I have been told by senior executives at big tech firms-- and the record is replete on this question-- that firms would much rather endure a managed form of competition which has quantifiable risks than engage in endless gorilla warfare with other market actors. I mean, that's what happened with Apple and Microsoft. Right after Apple made Pages and Keynote and Numbers, Microsoft standardized the Office file formats. That's where .docx comes from. Because once it was no longer a competitive advantage to maintain all these obfuscated, non-interoperable file formats that after all were a huge pain for Microsoft users, not just Apple users, Microsoft threw in the towel and became a non-adversarial interoperator.

So this is the equilibrium. And I want to close now by saying that the point of all of this is not competition for its own sake, it is competition for self-determination-- that ultimately the thing that is going to determine whether we live in a technological dystopia or not is whether people who use technology are going to be able to configure it so that it serves their interests, rather than the interests of shareholders of the firms that made them. And this is where competitive compatibility also makes a decent adjunct to managed interoperability, to mandated interoperability, because if any of you have ever done standardization work, firms are constantly seeking to tilt standards and mandates to their advantage.

It's very hard to win a fight at the W3C against Microsoft or Google or Facebook. Frankly, the way that you win at the W3C is by throwing enough engineers and lawyers at it so that every secretary, every committee chair, every sub chair, and every note taker, and everyone who is in charge of the mailing list works for your company and everyone who is adverse to you has one halftime staffer on it. That one halftime staffer instead could be making bots that are tying your ops people in knots all day long and turning your users into furies who want to know why it is they've just had their accounts terminated for being bots, right?

So this is the thing that gets them to play nice. It's not the whole solution, but it is the thing that allows us to assert be measures beyond that which we are willing to standardize or that which a regulator is willing to impose, measures that are ultimately about the user's own dignity and lived experience with their technology. This would allow, for example, people who are using the W3C standard for DRM on video to write their own look ahead routine that would identify upcoming strobe effects in movies, so that if they had photosensitive epilepsy, it wouldn't trigger seizures in them. That's something we proposed to the W3C for its DRM, but Netflix wouldn't have it and so it's not in the standard, right? So this would allow us to create a space in which we could find out whether or not allowing people with epilepsy to avoid grand mal seizures was the route to an endless round of piracy, or just was the humane thing to do.

And if it turned out we were wrong, if it turned out that they weren't willing to do it, well then people with photosensitive epilepsy would still be able to implement this. And so there are ways that we can contemplate doing this, maybe we'll get into that in the Q&A. We could pass a law that defends interoperators that creates a defense in law, we could create a procurement guideline that says that Uncle Sam's not going to buy anything from you, unless you promise not to sue them and to block interoperability, we could settle with the FTC when Facebook inevitably throws in the towel, and we could say, "Here's your new special master. Anytime you want to bring a claim that might implicate interoperability, their job is to make sure you're not doing it contextually to shut down an interoperator." There are lots of ways we can imagine doing it, but any one of them or in concert would be an absolutely vital adjunct to a mandate.

Justin Hendrix:

Cory, I do want to actually push you on exactly that last point that you were making around legislation. Of course there are five bills that the House has put forward around antitrust and competition, one of them has to do with data portability and interoperability. What are you enthusiastic about? What are the problems with the proposals in front of Congress at the moment? And are you aware of any sense of momentum with those particular proposals?

Cory Doctorow:

So I'm one of the world's worst Congressional Kremlinologists so I'm not going to handicap their chances. The bill that I think is most relevant here is the ACCESS Act, as you mentioned, the interoperability act. I think the ACCESS Act is excellent but incomplete. When I get a sec, I'll find you the URL and paste in the kind of five point critique I have of it. There are some things that are just-- I'm baffled that they're not in there because I think they were proposed and didn't end up in there, like it needs a circuit breaker. Right now, as it stands, a firm that determines that an API is being abused, like maybe that it's got a bug that allows bad actor to extract more information than was covered by the regulation and that could expose users to privacy risks, they can't shut down the API.

And I understand that pretextual shutdowns would be really bad so we could establish a good faith defense and a notification requirement within 24 hours and stiff fines for anyone who's determined to have done it on bad terms. But my fear is that without a circuit breaker, what's going to happen is that at someone will figure out how to hack one of these mandatory APIs, they'll extract a couple of billion users' information. They'll say, "Look, this is what happens when you allow people to interoperate with Facebook. Only Facebook can save you from Facebook, not third parties," and then that will put the whole project of interoperability in bad odor forever. That's, I think, a major problem.

Another major problem is the compositional makeup of the committee that evaluates interoperability. As it stands, I think it's no fewer than two members of the dominant platform, two members of SMEs, one NEST advisor, and two members of public interest group. And you could build a compliant committee that consisted of 1000 Facebook lawyers and engineers and five other people and that is not a committee that is going to build an API that challenges Facebook shareholder interests and upholds the public interest. So again, this is a kind of easy fix.And there are a few others that are in there that are somewhat technical.

I think the biggest problem with the ACCESS Act is it's not backstopped by a free standing national privacy law with a private right of action. And so what we're going to end up with is the ACCESS Act and then we'll end up with another, I don't know, open app store act or some other thing that implicates privacy and each of them is going to have a distinctive privacy regime and none of them will have private rights of action. So unless you can convince our future president, Kid Rock's attorney general, to go to bat for you, those privacy violations aren't going to be addressed.

Justin Hendrix:

Cory, I also want to ask you-- strangely I moderated a panel yesterday on the idea of right to repair and we were talking about vacuum cleaners and other appliances and all the various ways that industry will attempt to kind of get round right to repair, similar to the type of thing that you just mentioned to do with cars. Even if we were to push in this direction of decentralization, interoperability, competitive compatibility, I don't know, what's the time horizon, do you think for all this to sort of sort out where we can get past, "Well, we're doing this," to, "We're giving it a go and we've got first volley of effort around it," to, "Industry has figured out it's conniving ways to neuter whatever thing that we're doing," how long does all this take? I mean, a lot of folks would say, well, they have said on this call that this is a crisis and we've got a real urgent situation on our hands.

Cory Doctorow:

So I'll tell you why I like interop is because it doesn't require that the whole problem be solved before you can do anything, or least to say jam yesterday, jam tomorrow and no jam today. This gives you a tangible benefit right away, especially adversarial interoperability, ComCom. And the victories build on victories. I think this is a slowly at first then all at once kind of situation where you give people self-determination, you lower the switching costs, you reduce the network effects, you allow people to defect. This disciplines firm so that they either tilt their policies so that they're less beneficial to their shareholders, or they suffer the consequences of losing users. Either way, they lose money. When they lose money, they are less capable of defending themselves against antitrust claims and other forms of regulation.

The reason that IBM was able to outspend the entire DOJ antitrust division for 12 consecutive years from 1969 to 1981, where upon the DOJ dropped the antitrust case, is because they were a monopolist, right? This is the problem, the fundamental problem with antitrust law is that if you have monopoly rents, you can mobilize them to fight antitrust enforcement. And so this starves the beast, right? If we tackle this, then we open the space for things like a meaningful consent regime that at the stroke of a pen wipes out all be behavioral advertising. Because if you actually had to consent to every use of behavioral advertising, it would take you 20 minutes, right? No one is going to spend 20 minutes clicking, "Yes, yes, yes, yes, yes," before they get to see a web page that might collect their telemetry. And if they don't and if the privacy law is well written so if you don't say yes, the answer is no, then there is no behavioral data to be gathered.

And that also eliminates the kill zone. So all of a sudden, the fact that we have a handful of dominant firms that net tens of billions of dollars a year in pure profit and see year on year double digit growth would not be early a disincentive to an investor thinking about backing a new market entrant and would instead be what it has historically been, which is a signal to other market actors that they should go in and whittle down those margins. So unbundling and other forms of interop open up the policy space for other interventions, right? For private interventions, for interventions on permitting third party moderation, for interventions on just standing up third party servers that have more robust anti-harassment policies that are federated with Facebook, but that allow for a local determination of what crosses the line, and all of that weakens Facebook's power. The campaign, Nick Clegg, millions of dollars a year to go around the world and tell everyone that it's great. And when that happens, when they cut the kombucha budget to zero, because they've got to hoard their dry powder, then we can actually bring them to heel.

Justin Hendrix:

We are just about out of time, we've got one minute left. But a lot of focus is of course, on the role of government in a punitive, regulatory activity. Are there other things that... Of course, the government has a huge purse to be an investor in possibilities. Are there other things the government could be doing to take us towards this future?

Cory Doctorow:

Well, I mentioned procurement. Like, I think it's bonkers that there's a school district in this country that buys Google Classroom without getting a meaningful guarantee that they can plug third-party software into Google Classroom, even if Google doesn't like it. That's just prudence. Mere prudence to do that. And to do otherwise, is imprudent, grossly negligent. So interoperability and procurement have gone together since the Civil War. When the Union Army told rifle makers that if they didn't make interoperable rifles, they couldn't sell to the Union Army. They didn't want to run out of ammo or parts. I'm a pacifist, I'd like to disarm the army. But we could go pretty far by just using the power of federal procurement to do this, and starting in aerospace wouldn't be bad.

David Dayen's got a wonderful chapter in Monopolized about how a couple of hedge funds worked out that in aerospace, there are a bunch of single source parts in fighter jets and in other key aerospace components. And so they bought the companies that made these parts, and then they offered them to Boeing and other military contractors for significantly below cost so that they would be embedded in all aerospace applications. And then they charge 10 million percent markup some replacement parts. So this should just be in our procurement guidelines, not just for interop reasons, and human dignity, and technological self-determination. But because you're a sucker if it's not.

Justin Hendrix:

Cory Doctorow, thank you so much for joining us today. I'm very grateful to you for taking the time to do this. And where can people follow all of your great work?

Cory Doctorow:

Well, I work with EFF, so eff.org. And then I have a daily blog and whatnot at pluralistic.net. And you can find my books at craphound.com.

Justin Hendrix:

Thank you, sir. Thank you very much.