Tech monopoly apologists insist there's something exceptional about tech that makes it so concentrated: "network effects" (when a product gets better because more people use it, like a social media service).
Tech is concentrated because the Big Tech companies buy up or crush their nascent competitors - think of Facebook's predatory acquisition of Instagram, which Zuckerberg admitted (in writing!) was driven by a desire to recapture the users who were leaving FB in droves.
Google's scale is driven by acquisitions - Search and Gmail are Google's only successful in-house products. Everything else, from Android to Youtube to the ad-tech stack, was once a standalone business that Google captured.
Monopolies extract monopoly rents - like those delivered by Googbook's crooked ad-tech marketplaces, or Apple/Google's 30% app shakedown - and use them to maintain their monopolies. Google gives Apple billions every year so it will be the default Ios and Safari search.
These are the same tactics that every monopolist uses - high-stakes moneyball that creates a "kill-zone" around the monopolist's line of business that only a fool would try to enter. Tech DOES have network effects, but that's not what's behind tech monopolies.
We see monopolies in industries from bookselling to eyeglasses, accounting to cheerleading uniforms, pro wrestling to energy, beer to health insurance.
Big Tech *does* have network effects, but these are actually a tool that can be used to *dismantle* monopolies. Network effects are double-edged swords: if a service gets more valuable as users join, it also gets *less* valuable as users *leave*.
If you want to understand the anticompetitive structure of the tech industry, you'd be better off analyzing *switching costs*, not network effects. Switching costs are the things you have to give up when you leave a service behind.
If your customers, community, family members or annotated photos and other memories are locked up in FB's walled garden (or if you've got money sunk in proprietary media or apps on Apple's, etc), then the switching cost is losing access to all of that.
Here's where tech really *is* different: tech has intrinsically low switching costs. Latent in all digital technology is the capacity to interoperate, to plug a new service into an old one, to run an old app inside a simulator ("runtime").
There's no good *technical* reason you can't leave Facebook but take your treasured photos with you - and continue to exchange messages with the people you left behind.
True, Facebook has gone to extraordinary lengths to keep its switching costs high, deploying technical countermeasures to block interoperability. But these aren't particularly effective. Lots of people have figured out how to reverse-engineer FB and plug new things into it.
Power Ventures created an app to aggregate your FB with feeds from rivals, giving you a single dashboard. NYU's Ad Observer scraps the political ads FB shows you for analysis to check whether FB is enforcing its own paid political disinformation rules.
And there's a whole constellation of third-party Whatsapp clients that add features FB has decided Whatsapp users don't deserve, like the ability to block read-receipts or run multiple accounts on the same device.
Most of these are technical successes, but they're often legal failures. FB has used the monopoly rents it extracted to secure radical new laws and new interpretations of existing laws to make these tactics illegal.
Power Ventures was sued into oblivion. Ad Observer is fighting for its life. The Whatsapp mods are still going strong, but that may be down to the jurisdictions where they thrive - sub-Saharan Africa - where FB has less legal muscle.
With low switching costs, much of FB's monopoly protection evaporates. Lots of people hate FB, and FB knows it. You're on FB because your friends are there. Your friends are there because *you're* there. You've taken each other hostage, and FB benefits.
With low switching costs, you could leave FB - but not your friends. The kill zone disappears. All we need is interoperability.
Enter the EU's Digital Services Act and Digital Markets Act, proposed regulations to force interop on the biggest Big Tech players.
The EU has recognized that mandating interop can reduce switching costs, and reducing switching costs can weaken monopoly power.
Some critics (like me!) of the EU proposals say they don't go far enough, asking for "full interop" for rival services.
Against these calls for broader interop come warnings about the privacy implications of forcing FB to open up its servers to rivals. It's hard enough to keep FB from abusing its users' privacy, how will we keep track of a constellation of services that can access user data?
Last Feb, Bennett Cyphers and I published "Privacy Without Monopoly," for EFF, describing how interoperability can preserve privacy.
Interop means that users can choose services that have better privacy policies than Facebook or other incumbent platforms.
But in theory, it means that users could choose *worse* services - services that have worse privacy policies, services that might be able to grab your friends' data along with your own (say, the pictures you took of them and brought with you, or their private messages to you).
That's why, in our paper, we say that interop mandates have to be backstopped by privacy rules - democratically accountable rules from lawmakers or regulators, not self-serving "privacy" limitations set by the Big Tech companies themselves.
For example, Facebook aggressively imports your address books when you sign up, to connect you to the people you know (this isn't always a good experience - say, if your stalker has you in their address book and automatically gets "friended" with you).
If you try to take your address book with you when you quit, FB claims your contact list isn't "yours" - it belongs to your contacts. To protect their privacy, FB has to block you from exporting the data - making it it much harder to establish social ties on a new service.
It's not obvious who that contact info "belongs to" (if "belong to" is even the right way to talk about private information that implicates multiple people!).
But what *is* obvious is that Facebook can't be trusted to make that call.
Not only has Facebook repeatedly disqualified itself from being trusted to defend its users' privacy, but it also has a hopeless conflict of interest, because privacy claims can be used to raise switching costs and shore up its monopoly.
In our paper, Bennett and I say that these thorny questions should be resolved democratically, not in a corporate boardroom.
Now, as it happens, there's a region where 500M people are protected by a broad, democratically enacted privacy law: Europe, home of the GDPR.
Today, in a new appendix to "Privacy Without Monopoly," EFF has published "The GDPR, Privacy and Monopoly," my analysis of how the GDPR makes interoperability safer from a privacy perspective.
Working with EFF's Christoph Schmon and Bennett Cyphers, we develop a detailed analysis of the GDPR, and describe how the GDPR provides a lawful framework for resolving thorny questions about consent and blended title to data.
The GDPR itself seeks to promote interoperability; it's right there in Recital 68: "data controllers should be encouraged to develop interoperable formats that enable data portability." But loopholes in the rules have allowed dominant companies to stymie interop.
For years, Europeans have had the "right" to port their data, but nowhere to port that data to. The DMA closes the loopholes and dismantles the hurdles that kept switching costs high.
The GDPR's consent/security/minimization framework sets out the parameters for any interoperability, meaning we don't have to trust Facebook (or Google, or Amazon, or Apple) to decide when interop must be blocked "to defend users' privacy" (and also shareholders' profits).
Big Tech platforms already have consent mechanisms (and must continue to build them) to create the legal basis for processing user data. An interoperable FB could be a consent conduit, letting your friends decide when and whether you can take their data to a new service.
And the GDPR (not a tech executive) also determines when a new service meets the privacy standards needed for interop.
It governs how that new service must handle user data, and it gives users a way to punish companies that break the rules.
Today, if you leave Facebook, your friends might not even notice. But in a world where FB is a consent conduit to manage your departure and resettlement, all your friends get signals about your departure - perhaps prompting them to consider whether they should go, too.
Far from prohibiting interop, the GDPR enables it, by creating an explicit privacy framework that is consistent across all services, both the old monopolies and the new co-ops, startups, public utilities, and other alternatives that interop would make possible.
Monopolies distort the world in two ways. The most obvious harm is to competition, choking out or buying out every alternative, so you have to live by whatever rules the monopolist sets.
We don't want competition in surveillance.
Opening space for interop poses a legitimate risk of creating a contest to see who can violate your human rights most efficiently.
Yet, it's obvious that monopolists themselves shouldn't get to decide where they should be subjected to competition and where they should be subjected to regulation. That's a job for democratic institutions, not autocratic board-rooms.
@pluralistic looking forward to reading this weekend, interesting new slant to compare with my audit and implementation experience. Thanks
Mamot.fr est une serveur Mastodon francophone, géré par La Quadrature du Net.