Ian Brown on Big Tech regulation
Mon Feb 07 2022
Corporate power has never gone this far before: Tech will have to be reined in somehow.

About the Interview

PRISM’s Johan Gott and George Coe sat down for a conversation with Professor Ian Brown on the future of tech regulation as part of our Future of the World series. As fans of his blog, we were excited to talk to Ian, a leading expert on tech policy, including in the areas of intellectual property rights, enforcement, cybersecurity, data protection, and cybercrime, to better understand the dynamics surrounding current policy issues in the tech sector and the direction that regulation may take. 

Our Takeaways:

  • While technology has changed enormously in the last decade, what’s remarkable is how little many of the key policy battle lines differ. Two main things have genuinely shifted: Big Tech’s dominance, which may now be even greater than Standard Oil in the early 20th centrust, and social media, which creates genuinely new policy challenges.
  • The dominance of a select few platforms goes hand in hand with the level of technology harms we’re seeing. One of the most effective ways to curtail big tech’s power and spur competition may be by imposing interoperability requirements. Also, breaking apart companies into smaller pieces would be far easier than most recognize.
  • Emerging tech will be more impactful than policy, and policymakers know this. The financial services sector offers an example of why this is the case: While even open banking hasn’t really altered the dominance of major banks, new technologies, like the emergence of digital assets could shift the needle.

The Interview

Below is our full discussion with Professor Ian Brown. The transcript has been edited for clarity.

PRISM: To get us rolling, I would be interested in understanding how you got started thinking about these topics.

Ian Brown: Since I was young, I have been interested in computers. I was lucky; when I was growing up in the 80s, there were a lot of exciting developments in home computing and some of my family were already very into computing. So with that background, it was easy for me to get into that as a child. As I got older, I read a lot of things that were very geeky. I liked programming computers and figuring out what they were doing, how they worked, and so on. Then, as a teenager, I started reading more about the politics of technology, which became more relevant in the 90s, particularly as there was a lot of controversy over the availability of a free encryption program called Pretty Good Privacy, which an American programmer had released as a deliberate political act because he was concerned with the direction that US interception and surveillance policy was taking. The US government fought really hard against it, and they prosecuted him on weapons export rules. It got a lot of attention at the time, so, that was something that grabbed my attention as a teenager. It ended up being something I kept working on at university and then focused on ever since. 

PRISM: One of the big questions at the moment is how governments address the power of Big Tech. Will Big Tech’s dominance be reined in over the next 5 to 10 years? And if so, what is the most plausible route to that? 

IB: I think taking a long view is the best approach. If you look at the size of the biggest US firms – Alphabet, Amazon, Meta, Apple and Microsoft – they are almost unprecedentedly large. I think the last figure I saw said they were 25% of the S&P 500 in market capitalization. You would have to go back to Standard Oil and some of the giants of the late 19th or early 20th centuries to find companies that were that big and powerful. So, it's not surprising that many politicians and others think that companies should not be that large and powerful. 

We're seeing this play out in China, where the government has been cracking down on big technology companies using the tools at their disposal, whether that is stricter enforcement of competition law or putting pressure on the people running them. We've already seen significant results from that. I think it’s Bloomberg that maintains an index of the total value of Chinese internet stocks, and that has fallen through 2021 from $3T to $2T. Obviously, that approach is having a very big impact in China.

I'm not sure we'll see anything quite so dramatic in the US, but clearly the Biden administration and many members of the Democratic party think competition laws need to be reformed to strengthen the ability of the Federal Trade Commission (FTC) to crack down on what they consider to be anti-competitive practices. 

Alongside that, I think we will certainly see legislation advanced in the US, in the UK, in Brussels at the EU level, and in other countries to regulate the practices of large platforms, particularly when it comes to user-generated content that is then amplified to large audiences, thus increasing its reach. There is a lot of criticism out there that it's in the platforms’ interests to amplify the most provocative and polarizing content, because that's what grabs attention, which the companies need since they are making their money from advertising. That’s to say, the more time users spend scrolling through their feeds the better it is for those platforms. I think that's something many politicians and academics think needs to be changed to reduce the harm that is being caused to many societies.

PRISM: The direction of regulation that you described feels like it could run counter to curbing these companies’ dominance. Complex regulations could lock in incumbents’ advantages by increasing barriers to entry. What do you think is going to be the outcome here? 

IB: Any kind of regulation of these tech giants needs to be done with careful consideration of the impact it will have on competition and by making sure it doesn't create new barriers to entry. But, I do think that balancing these is possible. Actually, I think the competition approach and regulating the activities of the big platforms can complement each other. If the platforms were half the size they are today and if their users had a choice of three or four different social media platforms, instant messaging systems, and video recommendation systems, and so on, I think you would reduce the harm that could be caused. This is because there would be a variety of them that would work in different ways with different audiences and because there would be more diversity in the kind of content they were promoting and encouraging their users to engage with. 

A related argument you sometimes hear is: “Why would governments want stronger competition enforcement? Surely it's much easier to put pressure on a small number of big companies like the Chinese government does than to pass rules that would affect a large number of companies.” This is a slightly dishonest position; it's saying governments should bypass the rule of law in regulating these platforms – particularly given the impact of platform regulation on freedom of expression, on privacy, on other human rights. I think it's really important that internet regulation is done via law rather than political leaders putting political pressure on the chief executives of very large companies.

PRISM: Some of the efforts right now are trying to place size thresholds to make laws only apply to the larger companies. Is that a viable way to get around this? 

IB: Yes, a lot of the legislation that's being considered has size requirements. For example, the European Union, both on the competition side, via the proposed Digital Markets Act, and on the platform regulation side, via the Digital Services Act, the regulations would only apply to the largest platforms. The threshold in the proposal is 45 million users [for the Digital Services Act], and the Digital Markets Act even goes further and adds more requirements, such as – I recall – 10,000 monthly active business users and a market capitalization in the high tens of billions of euros, a figure that some European Parliament members want to raise further. I think that creates some concerns about the rules becoming protectionist, as they might not apply to big European platforms, and only to the American ones. I think the EU should be very careful not to be protectionist. There are very good policy justifications for what the EU is doing, and it shouldn't make it easy for critics to argue that this is just protectionism.

PRISM: Thinking about this, it seems like a lot of this stuff is potentially impactful but also possibly quite weak – potentially the FTC enforces things a bit more, maybe there are some new regulations that in some ways increase barriers to entry or are maybe a bit more pro-competition – but what is most likely to have a big difference? 

IB: Some American critics of monopoly power think the only way to deal with these gigantic platforms is to break them up. They think the right approach is to follow what happened to AT&T in the early 1980s, when the giant incumbent telephone company was split into many “Baby Bells”. I think that could work; I could imagine Baby Facebooks and Baby Googles. From a technology perspective, that's really quite straightforward to do, unlike with AT&T, which had a very large network of cables across the US. It's easy to clone software. You could create 10 Facebooks out of the software and systems that Facebook already has and then let them compete. You could also break up those businesses along business lines. For example, you could look to Amazon, which is a good example of this. Amazon Web Services is one of the most profitable parts of Amazon. You could imagine Amazon Web Services being spun out from Amazon, or Google divesting the intellectual property related to Android and the services running behind it, or Facebook divesting Instagram and perhaps even WhatsApp. 

I actually think the more European approach, which is focused on behavioral remedies being imposed on these large companies, can have a significant impact. And I think interoperability requirements are among the most promising of those. So, just like Europe has required telecoms companies to interconnect to their competitors’ networks for decades, it would be very feasible to do that with social media and instant messaging, so that incumbents in those digital markets would have to let smaller competitors have access to their networks. In this scenario, users can choose to share content across social networks or send messages via competing messaging services. I think that's much more likely to lead to the growth of competing social media and instant messaging services. 

We've made some progress with competition so far. There’s Signal, for example, which is a privacy-focused instant messaging service that has had some success, and DuckDuckGo and several other privacy-focused search engines. But I think it's much more likely they could grow larger and act as genuine competitors to Google, Facebook and the others if Big Tech were required to let competitors connect to their services.

PRISM: So regarding interoperability, from a technology standpoint, what does that mean? What would be reasonably expected to occur?

IB: A shallow version of interoperability is what to a large degree, we have today from a number of existing platforms. Facebook enables apps to run on its platforms. Facebook – and there is some merit to this argument – has been forced to reduce interoperability over time because of privacy concerns, for example, after the Cambridge Analytica scandal. Facebook uses that argument to say: “Well, that happened because we were too interoperable. We let a company from outside Facebook access too much data on our platform, and then that data was abused.” So, even at that shallow level of interoperability, I think regulators might think about taking action with very large incumbents, like Facebook, for example, they might say: “Okay, it's good that you've opened up some of your technical interfaces and application programming interfaces (APIs), and a lot of other businesses and competitors now actually depend on these technical interfaces. So, we would like you to meet certain transparency and stability requirements with those.” For example, they might require platforms to notify business users of these technical interfaces before making significant changes or perhaps to even consult the business users. 

A mid-level of interoperability for example would be that a competing social media service to Facebook would allow its users to send a friend request to a user on Facebook, and if that Facebook user accepted the friend request, which would look exactly like a normal Facebook friend request, the competing social media service user would be able to receive status updates from their new friend on the competing platform. Or for another example, someone using a competing messaging service would be able to join a group on WhatsApp, assuming the administrator of the WhatsApp group allows them to do so, then be able to send and receive messages in it. 

Going further, a really good example is the UK’s open banking program where the UK competition authority required the nine largest UK retail banks to develop together a set of APIs and technical interfaces that the smaller banks and and fintech companies can use – with the authorization of a customer – to enable them to see information about accounts and transaction histories. That enabled all sorts of fintech companies to emerge. That degree of interoperability is quite deep. It gives access to a lot of information that banks hold about customers. I think getting anywhere near the level described with open banking or the medium level that I described with social media and instant messaging would do a lot for competition in digital markets.

PRISM: From a technology perspective, it seems like you’re saying social media is the lower hanging fruit. As you go further is there a viable Google or Amazon approach for promoting interoperability or should they be less worried? 

I think social media is relatively straightforward from a technical perspective. There are open technical standards that already allow for this kind of interoperable social media system to emerge. These are small by comparison to Facebook, but are still reasonably sized open-source systems with millions of users. The largest and best known is Mastodon.

Something that has already been proposed by the European Commission and by the UK competition authority with regard to Google is that one of its big advantages is its scale. It has billions of users who are, in effect, helping Google improve the quality of its search results every day. That's a tremendous resource for Google, and it's something that's very difficult for smaller competitors to overcome. So, Europe and the UK’s competition authorities are proposing that Google should have to share data about those search queries and clicks so that competitors have a chance to build an equally good search engine. 

That's something I think we'll see happen quite quickly. There seems to be quite a bit of consensus around this. On Google's other businesses, there are several ongoing investigations by the European Commission about allegedly anti-competitive actions that Google has taken with Android. In particular, Android – and Apple – are under investigation in relation to practices in their app stores. A number of other countries, including South Korea, are opening investigations or are proposing legislation specifically related to this. I think of the five largest tech platforms in the West, Microsoft – partly for historical reasons, as it was hit with several big antitrust cases in the late 1990s and early 2000s – is already pretty interoperable. Windows is pretty open. The APIs that developers writing software to run on Windows have access to are pretty much identical to the ones that people at Microsoft are writing software on. 

I think Amazon is the company where it's least obvious that interoperability requirements make sense. The cloud services that Amazon provides might be impacted by such rules and cloud is one of the eight core platform services the European Commission's proposed Digital Markets Act focuses on. However, I think it's more likely that cloud regulation will progress separately in Europe. So, I think it's less likely that interoperability mandates would be put on Amazon.

PRISM: It sounds like from an interoperability standpoint, outside the social media context, the conversation is mainly about data and giving everyone a sort of even playing field in terms of access to it. Is that fair?

IB: Yes, that’s definitely the case. If you read the very detailed reviews that have been done in a number of countries and regions over the last few years on digital competition, they said a lot about what's sometimes called data portability, particularly, real-time data portability. That is to say, individuals and businesses should be able to authorize a company to access their data that is held by large platforms. 

This is really important when you look at things like machine learning and related systems, because they require a lot of data to be trained and perform well. In those kinds of tools and across a wide range of sectors there are meaningful impacts. We're not only talking about digital markets anymore. Perhaps a slightly counterintuitive example, but this data is important in agriculture. For example, companies that make tractors have been building all kinds of sensors that farmers can put on their tractors to monitor soil quality, moisture levels, and so on. That kind of data then is going to give you a huge advantage if you want to build machine learning systems that will predict where farmers should plant crops, at which timest they should do so, and what kinds of fertilizers and other tools they should use to maximize output in a very precise way. That is something that if you're a big incumbent tractor maker is going to give you a really big advantage when designing machine-learning-based systems. Many smaller competitors would say: “Well, if a farmer using the tractor of that incumbent wants to use a competitor’s software system they should be able to access the data that the tractor maker holds about their fields.”

PRISM: I’m also interested in your thoughts on emerging technologies. A lot of this stuff, especially related to ad businesses and data portability is premised on the problems that we've seen over the last decade or so in tech. To what extent do you think it is possible that tech will change in a way that will shift mindsets and the interpretation of the problems?

IB: I think absolutely in the long term – perhaps one to two decades. Emerging technologies and platforms will have the biggest impact on today's incumbents. I interviewed a competition regulator in the UK about the open banking program, and I asked if he thought that open banking would succeed in fostering competition where many other actions by UK competition authorities have failed. His response, which I found interesting, was: “No.” He thought that, over time, things like cryptocurrencies will actually have a significant impact and that this will influence the dominance of incumbents. Open banking is more focused on increasing innovation.

Competition experts who are skeptical about reforming competition laws often express this sentiment. They say: “Well look, ultimately, Microsoft has largely been displaced; not because of competition action but because the mobile phone became popular.” I acknowledge there is some strength in that argument, but personally, I'm with the governments that say, “We're not willing to wait 10 or 20 years for change and then see a shift to more diverse tech markets that, over time, reconsolidate because of some fundamental structural aspects of these markets. We want to take action now.”

PRISM: Is this a generic discussion in most countries or are there different conversations going on in different countries about how long they are willing to wait and so on? 

This is an ongoing debate within and between competition authorities. I just reviewed six jurisdictions’ competition law reforms relating to digital markets and there was a full spectrum of changes. I looked at Brazil, China, India, the EU, the UK and the US. One end of the spectrum was Brazil, where the competition authority has said many times their existing laws are flexible enough to deal with digital markets. At the other end of the spectrum, you have China, which for a number of reasons – many of them political and driven by the the Chinese Communist Party’s broad vision of how China's economy and society should evolve – has taken much stronger action by putting pressure on companies by updating monopoly guidelines, revising their anti-monopoly laws, and using brute force in which the government tells Chinese companies: “You will do this, or your chief executives might disappear for several months,” as we saw with Jack Ma recently. 

Between these two examples, I recently read an article from the chair of the OECD Competition Committee, which effectively said: Let's not be too hasty in reforming competition law when we don't even fully understand the changes that digital markets are bringing about yet. And there are other equally conservative – or cautious and very traditional – approaches to competition law.

PRISM: On privacy and security generally, how do you see the tension between these two ideas being played out?

IB: First of all, national security, especially stakeholders like intelligence agencies and to some extent, the armed forces, particularly the US, have been extremely influential in how the Internet has developed over the decades and to a significant degree is why much of the Internet exists in the way that it does now. One of the basic premises of the Internet was to ensure the US had a resilient communications infrastructure that would survive a nuclear first strike, which was part of the whole mutually assured destruction deterrence strategy. 

I've been involved in debates for decades about encryption and the ability of governments to break it under certain circumstances, whether that is related to countering serious crime and terrorism or counterintelligence. This is something that governments have come back to over and over again, even when corporations and civil society groups are united in opposition. It's always going to be the case that national security stakeholders will push to make sure they can gain access to information. In democracies, they assert that those circumstances would be set out in law and that agencies would have to go to judges to get approval before they would make use of any powers that they were given potentially to break into encryption systems. 

There are a lot of technical security counter-arguments that the tech companies want to debate here. They rightly say there's no such thing as a backdoor into an encryption system that's only available to the good guys. If tech companies build backdoors into encryption systems, there is always a risk that other states – or even organized criminal groups – can hack and break into security systems. 

Equally, I think the human rights-related privacy arguments that tech companies and civil society groups make are important. Civil society groups would not argue that governments under no circumstance should be able to access communications of people that are suspected of serious crimes and wrongdoing. Part of the problem is if you build technical systems to facilitate surveillance, it's often as easy to do it on a very large scale as on a targeted scale. I think this was something that Edward Snowden was particularly concerned about and why he chose to leak information about what the US government was doing. What he saw was not targeted intelligence gathering but very large scale gathering of communications, which then used powerful computing to crunch through that data looking for things of interest. I think a lot of civil society groups and human rights campaigners have major concerns about what democratic governments can do with that kind of mass surveillance capability – never mind authoritarian governments.

PRISM: What do you think is going to be most different about the tech policy debate and world that we live in and is there anything missing in the debate? 

IB: I have been following tech policy for 30 years. What has amazed me is how little the arguments and debates have changed. Around 15 years ago, I thought that things would change as tech became an ever-bigger part of economies and societies and as policymakers became digital natives because there would be a better sense of how to regulate it. This has not been true. Even though technology is now a huge part of debates about economic and social governance and most parliamentarians, officials, and ministers know the technologies that we're talking about because they're absolutely mainstream, we are still here arguing about encryption. They are the same arguments. Social media has raised some interesting newer arguments, although even these are getting old as social media is already around 20 years old. Machine learning and similar kinds of tools do raise some new-ish policy questions, particularly realted to discrimination and bias. 

I think the policy debate will not radically change in 5 or 10 years, but will continue to evolve. Some new technologies will raise new issues. It's very often the case that the mainstream debates around these issues are frustrating because they go around in circles because there are strong, opposing interests involved in these debates, and that’s not going to change in 10 or 20 years.