How to regulate the tech platforms
Open their secret protocols, so anyone can write a client app.
|Nov 19, 2020|| 65||31|
Whatever knight can slay the platform dragons, that knight will win every fair lady’s heart. Nobody likes these damn companies.
Then again, nobody has liked Microsoft since Bill Gates wore braces; and Microsoft is with us still. “Molti nemici, molto honore.” The dragon doth deserve his due.
The European style of regulation is one big exploding-whale lesson in what not to do. How many seconds of precious life have you lost to cookie and GDPR warnings? Add up all those days of our lives—and we see a global usability disaster comparable to a major terrorist event.
For what? What have all the warnings done to make the Internets safer, freer, more private? European cafe socialists, chic turtlenecks and all, take an L here. California corporate libertarians get the W—but their rotten whale is still on the beach.
It’s not that the government should never do anything. The government should never do anything just because it feels good. Power is fine, but it has to work.
It feels good to send a noble knight off with his mighty spear to slay the dragon. You never see him again. You do see the dragon again. Later you learn the spear was 3D-printed and the knight was some 13-year-old fat kid.
This is America and we have no knights, only wizards. We don’t slay dragons. We tame them, and rent them to the circus. These dragons will not like being tamed. Probably there is no wizard today with the necessary power level. Sad!
Yet were there a wizard with the power to cast it, here is one spell that might succeed: protocol transparency.
Protocol transparency means banning secret Internet protocols, at least for monopolies. Governments can tame the platform dragons—tame, not slay, though they will squeal as if being slain—by compelling them to use only free, published network protocols.
Protocol transparency separates a platform into two businesses: server infrastructure and client interface. The platform can still build its own client; now so can anyone else. The server is still a monopoly, but it is just a data service. It has lost its lock on the user’s eyes. It can only send messages to an independent client of the user’s choice.
Intuitively, this should shift power from platform to user. Indeed we’ll see how this tension between server and client becomes the leash on the platform dragon’s neck.
Definition of protocol transparency
Everyone who’s used a computer knows what a file format is. A protocol is just a file format, but for Internet messages. Like a file format, a protocol can be a stack of layers: one format wrapped in another format, like a Russian doll.
Let’s call a protocol transparent if anyone can send or read a message in the protocol. In a transparent protocol, the whole public has both the technical information and the legal right to encode or decode messages in a transparent protocol, at every layer of the protocol stack. The opposite is opaque.
Transparent does not mean standard, just open. Under protocol transparency, big platforms can design and use all the private protocols they like. They just have to publish these protocols, and grant the public the legal rights to use them. (All the better if their private drafts do progress to public standards.)
Transparency is not a security compromise. It doesn’t imply that messages aren’t signed and encrypted—only that anyone can write programs that can read or write valid messages if given the valid secret keys. This follows Kerckhoffs’ principle that security must not depend on opaque encodings.
Transparency is an effective treatment for software monopolies because it breaks the network transmission of monopoly. Opaque protocols create a commercially exclusive connection between code on two computers. Only a Megasoft program on box A can talk to the Megasoft program on box B, since Megasoft owns the opaque protocol that A speaks and B understands.
Transparency is not complete until every kind of opacity is cleared away. How does opacity work? Sometimes it is too expensive for a third party to reverse-engineer the Megasoft protocol (which may be complicated, obfuscated, unstable, etc). Sometimes Megasoft has copyrights or patents it can assert.
Transparency is easy to enforce, since any hacker can find undocumented messages, and easy enough to define. Documentation is never perfect; but reverse engineering is never impossible. And if the doc is so bad it is useless or worse, it must be on purpose.
Transparency can be implemented with minimal engineering work by any competent platform. The opaque protocols already have internal documentation. This doc has to be cleaned up; patent and copyright grants need to be written. 90 days is long enough.
Effect of protocol transparency
What could possibly be the effect of this trivial technical change?
Simple. Right now, you can only log into Facebook using the official Facebook app. This app—the client—talks to the server at Facebook HQ over an opaque protocol. Since the protocol is secret, no one besides Facebook can write a Facebook client.
If Facebook is legally required to open its protocol, anyone can write a Facebook app. So enforcing protocol transparency creates a new market for independent client apps.
These new independent clients do not even have to map 1:1 to server platforms. You might even get a unified social app which could talk to both Facebook and Twitter. Amazing technology!
Under protocol transparency, client and server are different businesses. Facebook is a server company; it runs a virtual world in a big mainframe; this virtual world works by exchanging messages over the Internet with its users’ private computers. None of this is new; but now, any software in the world knows how to talk to Facebook’s server.
Facebook can still make an official client for its own server. But its users can run any client they want, and any company can create a competitive client. Facebook’s server cannot tell which of these clients the user is running. And Facebook is literally liable for any monkey business that gives its official client special superpowers.
Indeed the official client is probably not the best client the user can get. The official app has a structural disadvantage against independent apps: a conflict of interest.
While an independent client is working just for the user, an official client is working for both the user and the platform. For example, neither Facebook nor Twitter wants a unified social client; nobody else can make one; so there is none. Many such cases.
It is hard to even imagine how different a fully user-oriented client would be. It would be different enough that we are not looking at a mere market, but a field of innovation.
Exposing all the opaque protocols of all Internet services gives a client programmer the power to use any and all of them from a single application. Since no one has ever had this power or anything like it, no one knows what programmers will do with it.
Justification for protocol transparency
Monopolies are not illegal. The purpose of antitrust law is not to prohibit monopolies, but to prevent them from harming the consumer.
Facebook is entitled to its monopoly over its social server. It is not entitled to use an anticompetitive practice to extend that monopoly into the market for social clients—not when that monopoly clearly cripples these products and harms the consumer.
This “tying” is straightforward John D. Rockefeller stuff. The only postmodern twist is that “Standard Social” has never suppressed the market for independent clients. Rather—it has never allowed that market to exist. Also, Rockefeller was better dressed.
The tied client-server system, which uses opaque protocols to give one client app exclusive access to one server platform, is as close as a distributed system can get to a single piece of hardware—a giant mainframe with its own wire running into your house, like a 1950s telephone. Running on the Internet, it uses technical and/or legal tricks to resist the spirit of the Internet as a general and impersonal public highway.
It is generally agreed, even among some California libertarians, that chopping up Ma Bell was a good thing. Whenever disrupting a monopoly by arbitrary force creates an explosion of commercial innovation and general consumer surplus, the libertarians slink back to their hors d’oeuvres. They have many other important things to say.
Commercial impact of protocol transparency
This is all very well, but maybe it still sounds minor. It isn’t. Actually, the main policy problem with protocol transparency (since politics is indeed the art of the possible) is that the regulation is too powerful. Therefore, it would be too strongly resisted.
An independent client is a program that works only for you, the user. Code that works only for you will never annoy you. For example, ads are annoying. So an independent client will never show you ads.
But all these platforms are funded by ads. How does that work? It—doesn’t. Sun-Tzu advises the general to never back his enemy into a corner. This is also true of dragons. Taming a dragon is hard enough. If the dragon decides you are there to slay it—
Advertising, though fundamentally noxious, is a persistent weed. Like cancer, it fights back. Ads burrow deep into the content, going “native”; AI-powered heuristic blockers hunt them down in the element jungle. Advertising may survive; but at least it’s at war.
Let’s suppose protocol transparency does kill advertising, or severely damages it. Since advertising is how these companies wet their beaks, will they survive? Is transparency a Machiavellian plan for mere corporate murder? Are we here to slay the dragon? No.
Facebook is still a monopoly. It still has a billion users who have locked their social lives to the company. It can—just bill them. It will probably not make as much from subscriptions. But a recurrent billing relationship with customers is great to have.
And in this new, ad-free world, Facebook’s users are now actually its customers. We have eliminated another conflict of interest—this time, on the server side. Facebook no longer has to balance the interests of advertisers against the interests of users.
Political impact of protocol transparency
While its business model is advertising, a user-hostile and intrusive way of making a buck, a social platform cannot say that the user is king. A platform is a business. The customer is king—and the customer is the advertiser. The user is… human capital.
If regulation did force big platforms to a subscription model, the user would be king. Let’s look at what that might do to both the platforms and the society they now afflict.
Many believe that the tech barons like and want power. This misconception extends the fundamental truth that liking and wanting power is a normal human trait with the understandable but erroneous assumption that these people are actually human.
Of course they are are biologically human. But hardly normal. What drives them is two desires: the aesthetic desire to create amazing technology; and the autistic desire to turn this abstract technical success into biblical shareholder returns.
Rich as they are, most of these weirdos are not even greedy. (Larry Ellison is excepted from the above generalizations.) For them, money is just keeping score. And the last thing they want is any actual power. Unfortunately, today, this is not a virtue but a vice.
Napoleon said: show me the world when anyone was 20, and I’ll show you who he is. The platform founders grew up in the ‘90s libertarian-lite tech culture, which is how they got started with their “free speech wing of the free speech party” attitude. This slacker “South Park” viewpoint was most conducive to blissful political apathy.
Unfortunately, as Trotsky said, you may not be interested in politics, but politics is interested in you. It turns out that advertisers are easy to pressure. It turns out that engineers, while not easy to pressure, are easy to seduce. Sexy politics tells them they matter. Their code-starved dopamine receptors catch fire. Soon they are using at the office, and soon after dealing too: the dreaded “staff infection.”
The classic platform company, from CEO to summer interns, is defenseless against political pressure. Since it is not interested in power, it becomes a conduit for power. Most who feel the sharp end of this power blame the companies, or even their leaders. While quite understandable, this is wrong. The companies and their leaders neither have nor want power. Rather, power is flowing through them—and they hate it.
Power is tamed by power alone. If we change the revenue model of these companies to subscriptions, we change their power dynamic in two ways. Obviously, cutting advertisers out of the business model removes an enormous lever of political pressure.
There will still be pressure. And perhaps less obviously, there is another new power that can rise against the old pressure: the users. No platform has yet invented the consent of the governed. But never say never.
Social impact of protocol transparency
Because they are organized on ‘90s libertarian-lite principles, the platform companies have no political connection with their users; and their users have no default political connection with each other. Not only is this true in the boring sense of “Republicans and Democrats” politics; it is true in the original sense of the Greek polis.
Facebook is not a polity. Its users are not a community. They lack what Aristotle called philia: an automatic, default group loyalty. Of course they can form loyal groups on the platform; but the platform itself is not a group, nor its userbase a people. The idea of a Facebook election is absurd, not least because no such site will ever get to zero bots.
And because the Facebook user base is not a people, the leaders of Facebook do not have, cannot claim, and probably cannot even aspire to the consent of the governed. Facebook users are atoms; they are not inherently loyal to each other; nor have they any more emotional connection to the management than any guest at a Motel 6.
This is a very libertarian way of governing human beings. It is a very authoritarian way of governing human beings. It is also a very unnatural way of governing human beings, since it sterilizes their natural social and political instincts.
But in a world where the users are not the customers, it is probably the best Facebook can do. It is not possible for the management to build genuine emotional bonds with the users, because the users have no genuine reason to trust the management, because the customer is king and the customer is someone else.
Removing this conflict of interest, simplifying the business model so that the customer is the user, opens up the possibility of genuine loyalty and affection between users and management. It lets these platforms imagine forms of government less reminiscent of Pinochet, Singapore, or the early Tudors.
To a Machiavellian, republican forms of government prosper not because they work better, but because they are stronger. The illusion of popular sovereignty creates the reality of popular loyalty. The republic, by exciting its citizens with a story of power, creates more energy than the absolute monarch who just orders his subjects to obey.
A platform whose leadership held the loyalty of its users would react differently to any form of external pressure. In fact, yielding to external pressure betrays that loyalty. Reddit once had nontrivial user loyalty, but made this mistake and blew most of it.
The world is still young and the Internet is extremely young, and the history of the latter has not yet seen a large virtual community that becomes a true polity, with the instinctive, quasi-familiar emotional loyalty that Ibn Khaldun called asabiya. Of course, modern Westerners are uniquely bad at asabiya. But human biology remains.
My guess is that this will happen at some point—but it will happen as an accident. Intentional communities are welcome to prove me wrong, but their record is weak. And it probably cannot happen with the user bases of the existing platforms, which will remain gaseous clouds of dissociated human atoms—but I would love to be wrong.
And what will be the career of that polity, once it is born? I couldn’t even begin to tell you—I couldn’t even begin to guess. Which is the most interesting thing, perhaps. Now, let’s discuss three other purported solutions to the tech problem.
Appendix: server interoperability
Superficially, protocol transparency sounds like the same regulatory approach as one which has been proposed by Cory Doctorow and the EFF: server interoperability with open, standard federation APIs. Actually, these approaches are quite different, though protocol transparency can be seen as a variant of Doctorow’s “delegation.”
The intent of server interoperability is to make social networking work the same way, technically, that email works. This is a good, healthy and positive engineering design.
If email worked like Twitter, everyone would be on Gmail, and all emails would be uploaded straight to Google. If Twitter worked like email, you would use a standard protocol to upload your tweet to your tweet provider, which would use another standard protocol to share it with your friends’ tweet providers.
This is not technically difficult. It is not Star Trek, though it is called “federation.” In fact there is a small but thriving federated social network called "Mastodon,” which has a real culture of its own, with values that are roughly those of Star Trek. Let us all tip our fedoras to Mastodon, with its “toots.”
But federated social networking has never gone mainstream—for social and economic reasons, not technical reasons. As a young cub, I recall dropping into an IETF standardization meeting for federated social networking—in 1997. This working group later developed the XMPP standard, which did not take off. Mainstream networks have occasionally tried to federate with XMPP and other protocols. These federation interfaces became ghost-town spam gateways and were shut off.
(Mastodon is mostly spamless for the same reason the Internet was mostly spamless before the mid-90s: user selection bias. The kind of people who use Mastodon are neither spammers, nor spammable. This is only because Mastodon isn’t mainstream. Its solution to the spam problem is mostly not yet having had to solve the problem.)
Federation is good. Open standards are good. Mastodon (or its standard ActivityPub) is good. However, as a regulatory strategy, server interoperability is ordering these companies to solve a problem which the Internet has been trying to solve for 25 years. Also, they do not actually want to solve this problem, although many of their engineers probably do. Many of their engineers were born in 1997, and/or identify as dragons.
So a regulation that forces the platforms to offer federation services is forcing them to create a compliance API: a software subsystem that only exists for regulatory reasons. The nature of software is not to work, or at least not to work well. The nature of a compliance API is to appear to work, in some sense of the word, in theory.
If the compliance API is also an open standard, its futility is comical. The nature of standards is to take forever. The nature of implementations is to be incompatible. No one will put this much energy into something they don’t want to make work, and don’t even really know how to make work—at least, not socially and economically.
Regulation has its limits. Regulators cannot regulate a company or an industry into inventing a solution to an unsolved problem. One need not be a California libertarian to suggest that King Canute is not the very model of the modern regulator.
In contrast, requiring protocol transparency opens the protocols that the platforms actually use. All the companies have to do is release some rights and post their docs— and fix any server code that relied on a trusted client. But that code is a bug anyway.
Appendix: platform moderation liability
Various efforts at doctoring various laws, such as the infamous “section 230,” to render platforms literally liable for unfair moderation, are also touted by some. These efforts are ridiculous grifts, harmless at best, and should be dismissed with prejudice.
There are many first steps in these efforts. They all have the same last step: judges prohibit platforms from censoring conservatives. This is nonsense. Platforms do not censor conservatives! They moderate hate speech, misinformation, disinformation, harassment, pornography, hooliganism, blasphemy, filial impiety, denial of physics, racism and race denial, insults to the Prophet and/or counterrevolutionary agitation…
All these platforms have a moderation arm with a headcount that dwarfs a Panzer division, a manual the President’s tax returns could get lost in, and a workload that demands nine decisions per millisecond. To anyone even vaguely familiar with the latency, bandwidth and stability of the American court system, the idea of subjecting this machine to meaningful, effective judicial scrutiny, whatever the textual pretext, whatever the political or intellectual goal, is roughly as plausible as invading Cuba with an army of amphibious sheep. Baa.
In fact, platform liability could produce one concrete effect: a social-media equivalent of the FCC’s historical Fairness Doctrine. If this past is precedent, the ultimate effect would be to leave platforms liable for not censoring conservatives. “You’re laughing. You’re laughing, but it isn’t funny.”
Appendix: personal cloud servers
Protocol-transparency regulation isn’t really the right solution, though.
It’s a cute hack; it may even be an effective hack, or even the right hack; but it’s a hack. A hack is not a future. (It's probably also too hard politically to implement.)
The right solution is for everyone to have their own server. Instead of juggling a bunch of accounts on different platforms, you’ll have one personal server which runs a bunch of different apps, and holds all your data for life.
This server is still hosted. It’s in some company’s data center (“the cloud”). It’s still just a virtual computer. But it’s absolutely yours. No one can tell you what to do with it, or punish you for doing things they don’t like—unless you dox yourself, of course.
But your data is still in some random company’s warehouse. How can it be truly yours?
It’s already difficult and unusual, though technically possible, for a hosting provider to reach into a virtual computer and read or write it. There is no such structural firewall between your Facebook profile and Facebook’s code, which has to read and write it. But your Facebook profile is not a general-purpose computer which executes itself.
A host has every business incentive to keep your virtual machine inviolate— unless it receives a government order. Then it has every incentive to dissect you alive. But here the latest technology has unironically been changing the world for the better.
New Intel and AMD chips let hosts strengthen this firewall even against themselves, at minimal cost, with a technology called secure enclaves. Secure enclaves let a host run your virtual computer in such a way that not even the host can read or write it. The host can even ignore a government order—because there is nothing at all it can do.
Google already sells this secure hosting service, as Confidential Computing. Google does not offer secure hosting for anonymous cryptocurrency. But anyone can buy an AMD chip. With the addition of another proven technology, onion routing (Tor), a rough outline of the future digital privacy utopia is clear.
If you can own a personal server on a blockchain, run it in some host’s secure enclave, and make it communicate only over an onion network, you have nearly perfect digital freedom—even against what security researchers call a “global adversary.” To some people, this outcome is heaven; to others, it looks like hell; regardless, it is coming.
What’s between us and there? A small matter of software. Some engineering details. What’s between us and there is that the centralized platforms of the early 2000s have set a very high usability bar for quality of service, which is very hard for decentralized (or even merely federated) systems to meet. Managing your own server has to become as easy as managing your own Facebook account—a hard problem, to say the least.
Centralization has huge technical advantages. Decentralization has huge social, economic and political advantages. Since the ‘80s the pendulum has swung all the way from Compuserve and AOL to the PC and the Internet, then all the way back. Our cable modems are acoustic couplers and Facebook is a dialup service on a mainframe.
Anyone in 1995 who suggested that the right way to implement social networking was for the whole world to just dial into one giant mainframe would have been laughed at. Yet here we are, aren’t we? They laughed at Fulton and the Wright brothers, too.
Yet anyone who remembers 1995 remembers how it looked back at 1985, Compuserve and AOL. It seemed then that the new decentralized world was real, and all those CD-ROMs we were still getting in the mail were a sad, dying old joke—an overgrown toy.
And so it proved. Maybe our platform dragons will one day share Ozymandias’ fate. Someone should tame them first, anyway…