Matt Perault
In tech policy, everything comes with a cost. If you remove more content, you’ll get accused of censorship. If you reverse course and allow more posts to stay up, you’ll get criticized for turning a blind eye to harmful speech. If you tighten privacy controls to try to protect against data misuse, you’re accused of creating barriers that stand in the way of fair competition. If you loosen them, you increase the risk of data misuse or a security breach.
Developing a sensible policy agenda for reforming the tech sector isn’t about finding a cost-free magic bullet; rather, it’s about identifying reform proposals with benefits that outweigh costs and then getting comfortable with those costs. A pragmatic approach to any tech policy proposal requires being realistic and transparent about its downsides.
New legislation in Europe carves out a bold new path in tech policy, but it creates the impression this path is cost-free. It’s not.
In recent weeks, Europe has agreed to landmark deals that will shape power and speech in the tech sector: the Digital Markets Act (DMA) and the Digital Services Act (DSA). The DMA addresses competitive dynamics, imposing a wide array of restrictions on U.S. Big Tech firms. The DSA is focused on expression; it will require platforms to remove illegal content and publish transparency reports while also creating additional responsibilities for large platforms.
These new regulations will dramatically shift how tech products look and feel. Because messaging platforms are obligated to interoperate with other messaging services, Apple and WhatsApp may no longer be able to offer the same level of encryption for messages. Because companies are prevented from offering preferential treatment to their own products, Google may not be able to offer its search results box, which provides a business’s address, phone number, and website at the top of the results page. New content moderation requirements will likely make it harder for smaller tech companies to compete with larger platforms, requiring them to hire more lawyers to handle regulatory compliance rather than engineers to build products.
These tradeoffs are real, but the text creates the misleading impression that it’s possible to have it all. For example, the provision requiring messaging services to interoperate—meaning that you could send a message from a service like WhatsApp to a different one, like iMessage—states that companies should offer this interoperability without reducing their privacy protections. A company “should ensure that interoperability does not undermine a high level of security and data protection.”
Maybe a brilliant engineer at a company like WhatsApp or Apple will be able to figure out a way to do that, but it’s unlikely. Several years ago, when I was leading public policy at WhatsApp, Europe was calling for messaging products like WhatsApp to interoperate with SMS services offered by European telcos like Vodafone and Orange. I asked several WhatsApp engineers if this type of interoperability was possible without weakening the end-to-end encryption that was a default, defining security feature of our product. The answer I received from every engineer I talked to was “no.” According to recent statements by the head of WhatsApp, the answer seems to be the same today.
Of course, weakening encryption might be a cost that Europeans should be willing to bear. Encryption creates its own set of challenges, frustrating law enforcement and making it easier for harmful content to escape detection. A sober assessment of costs and benefits might still tilt in favor of requiring messaging services to interoperate, since the benefits of interoperability might outweigh the costs to privacy.
The problem is that policymakers are not engaging in an honest, transparent accounting of these costs and benefits. Their proposals create the illusion of a costless future, one in which users send messages freely between platforms with the same level of privacy and security they have today. That future is a myth.
Platforms face tremendous uncertainty as they contemplate how to comply with these laws. Should they alter their products if doing so would require them to degrade security? How much security risk will be tolerable to policymakers in Brussels? Do they need to interoperate with another messaging service that they think is unsafe?
The DMA punts on these questions, leaving them to be figured out over time through lawsuits and consultations with the European Commission. That process will almost certainly be burdensome and uncertain, making it harder for companies to offer the best possible products in Europe.
Despite this ambiguity, these reforms in Europe are on a path to implementation. When they come into effect, Europe will join a small but growing list of countries that have enacted significantly more stringent regulations on the tech sector. China, for instance, has taken steps to tighten its antitrust laws, limit the time that kids spend gaming, and address cybersecurity and privacy risks.
Enactment of real reform should create an opportunity to learn. With new regulatory regimes underway, policymakers can look at the actual costs and benefits of reform, rather than merely speculating about them. In Europe, for instance, experts should track the impact of the interoperability mandate, assessing whether the benefits to innovation and competitiveness outweigh the costs to privacy and security.
These assessments could play an important role as Congress considers its own set of reforms. Several proposals have been introduced by senators and representatives of both parties, and many of them parallel the elements of reform in Europe and China.
Yet like in Europe, U.S. legislators have not provided a clear accounting of the costs and benefits of their proposals. They seek to limit how platforms render search results, but don’t discuss the impact on products like Google and Amazon Basics. They seek to restrict the online advertising business, but don’t explain how that would affect advertising prices for small businesses. They seek to restrict acquisitions by large platforms but don’t examine the effect that would have on the venture capital market in communities like mine, where startups thrive in the Research Triangle Park in part because of the possibility of being acquired by a large company.
Cost-benefit analysis is used routinely by the executive branch to assess whether a government rule would make good public policy. This analysis is not the final word on whether a rule should go into effect, but instead is used as a data point that brings rigor to the policy development process.
The same approach could be useful to Congress as it considers tech reform, enabling the government to better understand the impact of proposals on competition, innovation, safety, privacy, security, expression, and national security. Conducting this process transparently and publishing the results would also foster the kind of open debate that the public deserves.
It’s certainly possible the benefits of tech policy reform will exceed its costs. But to pretend that reform is a cost-free exercise sends a misleading signal that could result in making our tech products worse, not better.
No comments:
Post a Comment