I highly recommend that everyone reads it - it is extremely short, well written, and probably the single most important piece of legislation to HN folks in the past decade.
As the bill is right now, it require communications platforms with 100M monthly active users in the US to make their services interoperable with other platforms. The bill presumes that platforms using open protocols already (like email) are fine. Facebook and it’s messenger platform is likely to be the only one meeting the threshold.
I'm not American, but if you are and you care, I would suggest you to call your representative and explain why you support (or not) this bill. Remember that as it goes through congress, it can, and most likely will, be heavily edited or gutted to fit the many competing interests whispering in their ears. If you think the bill is good as is, tell them that! Personally, I think the bill is perfect, except for the 100M user threshold to start demand compatibility, which I think should be lowered to 10M.
> the bill is perfect, except for the 100M user threshold to start demand compatibility, which I think should be lowered to 10M
I kinda like the high number, as it means the spirit is to prevent monopolies, which is one of the most compelling reasons for regulations to exist. Make the number too low, and it would invite criticism from people about regulations being overbearing. I don't know if that number is 100M, 10M, or 1M, but just something to be mindful about.
My sense is that if Facebook is legally forced to interop, then all other smaller/future players will voluntarily interop anyway.
Different strokes for different folks as they say, but I don't think "preventing monopolies" has to be the only motivation of this bill. I think interopability (and as a consequence, greatly improved customer choice and competition) is a value in its own right.
The anti-monopoly benefits of interoperability can be offset by the regulatory capture of forced interoperability if companies too small are subject to such rules, placing them at a disadvantage relative to largest players and increasing the likelihood that the status quo remains in place. That's the "Can't have your cake and eat it too" that's being referred to above I think—in other words, if you regulate the second-tier like the first-tier, the second-tier will never have a chance at becoming the first tier.
Slightly off topic, but you managed to clearly articulate what bothers me about a lot of well meaning regulation. GDPR in particular comes to mind - I was never worried about what some small time blogger was doing with my personal info, only (for example) Google and PayPal.
The number I think I'd like is something like 1/3rd or greater of a market. However that has the semantics issue of defining a market.
Instead I'd like to see the targets be an ANY OF (logical or):
A) Userbase of 25% or greater of the target demographic.
B) 33% or greater of the userbase files a request with (E.G. the FCC) for this service to be recognized as large enough to be under the requirements.
C) Any company making a 'sales revenue' (or other income side) of 500x the minimum wage, or 50x the 'net profit' (income after expences) could also be compelled by a regulatory body (court, FCC, FTC, whatever) without any other evidence.
But the interoperability API would be created by private entities, not Federal government works, and AFAIK even federal-but-subcontracted work is copyrightable.
>But the interoperability API would be created by private entities,
That's true. I was wrong.
However, the interoperability specs will be developed by NIST as specified in Section 6(c):
"(c) Technical standards.—Not later than 180 days after the date of enactment of this Act, the Director of the National Institute of Standards and Technology shall develop and publish model technical standards by which to make interoperable popular classes of communications or information services, including—
(1) online messaging;
(2) multimedia sharing; and
(3) social networking."
Those standards certainly can't be copyrighted, and as such, it's still not really an issue.
It absolutely is. In fact, in the email I sent to my senators/representative (included in another comment[0] in this discussion), I write:
"I'd further urge you to introduce amendments to this bill to accomplish the following:
[...]
2. In addition to tasking the National Institute for Standards and Technology with creating the protocols and interfaces required to implement this bill, invite the Internet Engineering Task Force (IETF) to participate as well. The IETF (https://ietf.org/about/ ) are the people who have, for more than 30 years, been developing, documenting and implementing the technical standards that have made the Internet the economic and cultural dynamo it is today."
[0] Is it possible to reference a specific comment via URL that is a reply to someone else's comment? Not sure how to do that.
Methods of communication should (imho) never be copyrightable. That would include APIs, filesystems, codecs, programming languages, and possibly fonts.
Those are good questions. My take is that it would be similar in spirit to the way government can act to prevent price gouging with drug patents. Notice that platforms are allowed to charge and regulate access to the API, but it has to be "reasonable". Here is what is stated on section 4 on interoperability:
------------
SEC. 4. INTEROPERABILITY.
(a) General Duty Of Large Communications Platform Providers.—A large communications platform provider shall, for each large communications platform it operates, maintain a set of transparent, third-party-accessible interfaces (including application programming interfaces) to facilitate and maintain technically compatible, interoperable communications with a user of a competing communications provider.
(b) General Duty Of Competing Communications Providers.—A competing communications provider that accesses an interoperability interface of a large communications platform provider shall reasonably secure any user data it acquires, processes, or transmits.
(c) Interoperability Obligations For Large Communications Platform Providers.—
(1) IN GENERAL.—In order to achieve interoperability under subsection (a), a large communications platform provider shall fulfill the duties under paragraphs (2) through (6) of this subsection.
(2) NON-DISCRIMINATION.—
(A) IN GENERAL.—A large communications platform provider shall facilitate and maintain interoperability with competing communications services for each of its large communications platforms through an interoperability interface, based on fair, reasonable, and nondiscriminatory terms.
(B) REASONABLE THRESHOLDS, ACCESS STANDARDS, AND FEES.—
(i) IN GENERAL.—A large communications platform provider may establish reasonable thresholds related to the frequency, nature, and volume of requests by a competing communications provider to access resources maintained by the large communications platform provider, beyond which the large communications platform provider may assess a reasonable fee for such access.
(ii) USAGE EXPECTATIONS.—A large communications platform provider may establish fair, reasonable, and nondiscriminatory usage expectations to govern access by competing communications providers, including fees or penalties for providers that exceed those usage expectations.
(iii) LIMITATION ON FEES AND USAGE EXPECTATIONS.—Any fees, penalties, or usage expectations assessed under clauses (i) and (ii) shall be reasonably proportional to the cost, complexity, and risk to the large communications platform provider of providing such access.
(iv) NOTICE.—A large communications platform provider shall provide public notice of any fees, penalties, or usage expectations that may be established under clauses (i) and (ii), including reasonable advance notice of any changes.
(v) SECURITY AND PRIVACY STANDARDS.—A large communications platform provider shall, consistent with industry best practices, set privacy and security standards for access by competing communications services to the extent reasonably necessary to address a threat to the large communications platform or user data, and shall report any suspected violations of those standards to the Commission.
(C) PROHIBITED CHANGES TO INTERFACES.—A change to an interoperability interface or terms of use made with the purpose, or substantial effect, of unreasonably denying access or undermining interoperability for competing communications services shall be considered a violation of the duty under subparagraph (A) to facilitate and maintain interoperability based on fair, reasonable, and nondiscriminatory terms.
(3) FUNCTIONAL EQUIVALENCE.—A large communications platform provider that maintains interoperability between its own large communications platform and other products, services, or affiliated offerings of such provider shall offer a functionally equivalent version of that interface to competing communications services.
(4) INTERFACE INFORMATION.—
(A) IN GENERAL.—Not later than 120 days after the date of enactment of this Act, a large communications platform provider shall disclose to competing communications providers complete and accurate documentation describing access to the interoperability interface required under this section.
(B) CONTENTS.—The documentation required under subparagraph (A)—
(i) is limited to interface documentation necessary to achieve development and operation of interoperable products and services; and
(ii) does not require the disclosure of the source code of a large communications platform.
(5) NOTICE OF CHANGES.—A large communications platform provider shall provide reasonable advance notice to a competing communications provider, which may be provided through public notice, of any change to an interoperability interface maintained by the large communications platform provider that will affect the interoperability of a competing communications service.
(6) NON-COMMERCIALIZATION BY A LARGE COMMUNICATIONS PLATFORM PROVIDER.—A large communications platform provider may not collect, use, or share user data obtained from a competing communications service through the interoperability interface except for the purposes of safeguarding the privacy and security of such information or maintaining interoperability of services.
(d) Non-Commercialization By A Competing Communications Provider.—A competing communications provider that accesses an interoperability interface may not collect, use, or share user data obtained from a large communications platform provider through the interoperability interface except for the purposes of safeguarding the privacy and security of such information or maintaining interoperability of services.
(e) Exemption For Certain Services.—The obligations under this section shall not apply to a product or service by which a large communications platform provider does not generate any income or other compensation, directly or indirectly, from collecting, using, or sharing user data.
So Sec.4.2.B.iii says the large communication providers are allowed to charge a fee to access the network but doesn't say anything about the same charges being applicable to themselves. Wouldn't this create a competitive advantage to the larger network ?
Also, it seems awfully similar to the treatment for cellular communication providers. What are the differences here ? Or would Verizon/ATT be rolled into this since the statute just mentions large communications provider ?
This bill is pretty smart (agreed about the limit though, I'd even put it at 1M MAU). Could it be we're finally at a point where Congress is listening to competent tech lobbying instead of just megacorp media/tech companies?
I'm every bit as surprised as you. I don't think it's a significant fraction of congress though, I think it's specifically senator Mark Warner. He did work with tech before, and my take is that he knows what he is talking about and was waiting for a good political moment to present such unpalatable proposals (unpalatable to the tech companies, that is).
Last year he (meaning, most likely his staff under his supervision) put out a "whitepaper" outlining 20 possible proposals to regulate social media and tech companies. Notably, 4 of the things discussed were introduced as bills in one form or another.
Unfortunately I don't think the act as written would apply to iMessage. Seems like section 4e:
> Exemption for certain services.—The obligations under this section shall not apply to a product or service by which a large communications platform provider does not generate any income or other compensation, directly or indirectly, from collecting, using, or sharing user data.
would cut iMessage (and any other Apple service) out. I guess the argument could be made that Apple indirectly generates income from collecting data and making it available across their devices as a form of vendor lock-in, but that's shaky.
Cost of iMessage (software & service) is included in the price of iPhone/Mac. This is similar to MacOS/iOS - both are free to use but only on Apple hardware.
iMessage is end-to-end encrypted. It is unlikely that Apple collects any personal data from it -- at most, they might be collecting some aggregate data, like the frequency with which various features are used.
As far as the user is concerned, imessage does mostly operate with another "open" platform, SMS. Certain features don't work for apple users texting others, but core functionality is intact. This is also because apple innovated by creating those features while retaining SMS interoperability, and RCS didn't exist at the time.
Why not? I have loads of different accounts from gaming services with friend lists and chat: Steam, Epic Games Store, Blizzard's Batte.net, etc. It would be nice if those were interoperable.
If you open the text and look at section 2 of bill S.2658, you will see the definition of "Large Communications Platform Providers":
(7) LARGE COMMUNICATIONS PLATFORM.—The term “large communications platform” means a product or service provided by a communications provider that—
(A) generates income, directly or indirectly, from the collection, processing, sale, or sharing of user data; and
(B) has more than 100,000,000 monthly active users in the United States.
I think there are a lot of things that the bill is not clear about, and in fact I don't think it would live up to any legal standards in its current form (IANAL). It is very easy to read though.
I think the goals here are laudable, but the cynic in me worries about the details.
Data portability is easy to implement (and has been by some companies).
But back-end interoperability and delegability are tricky not just because of technical challenges (those can be solved), but mainly because of abuse and spam.
If, all of a sudden, any other service can like and comment on Facebook posts without having a Facebook account... I don't see how this doesn't become a spam/abuse-fest overnight.
My $0.02 is that there's a much simpler solution hiding in plain sight: just stop giving legal copyright/hacking/ToS protection to sites with third-party-generated content that the site didn't license.
In other words, if someone wants to build an app that downloads your Spotify playlist data by impersonating you... or scrape Craigslist listings... or copy Yelp reviews... then nothing is legally in the way. Not copyright, not anti-hacking laws, not ToS.
Services are free to rate-limit or ban you if they catch you... but if you can get around that then the information/interaction is yours.
This feels like a much more "free market" approach. It doesn't rely on trying to build laws that will be bad compromises and outdated by the time they're passed. Rather it involves undoing existing laws and protections that are producing harm.
(To be clear, copyright still applies to things that are paid for or licensed -- movies, songs, articles, etc.)
> Services are free to rate-limit or ban you if they catch you... but if you can get around that then the information/interaction is yours.
So what you're saying is, you'd like to encourage a technological arms race between intrusion detection systems and hackers, without any legal repercussions for either side - and this should somehow be in the interests of users.
I don't know why we'd need a "free market" approach, but this is just lawlessness.
The result will be that legitimate users get the worst of both worlds: If I want to download my own Spotify playlist myself, I'll be out of luck - because my dead-simple Wget call will be no match for Spotify's bot detection.
There is nothing I could legally do to make Spotify give me a copy of my own playlist - I'll have to pay some third-party service that has the necessary know-how to evade the detection and scrape the data for me.
Meanwhile, some hacker could use the same service to impersonate me or steal my data - and I'd again have no legal recourse because, hey, no protection, what the hacker did was perfectly legal.
> Just look at the continuing existence of "youtube-dl" for example.
That only exists because Google can't be bothered to break it. There isn't currently any serious attempt at an arms race taking place there as far as I can tell. It's agent doesn't look anything like a regular browser and the way it hits their backend is nowhere near the way the official js player does, yet it continues to work for me.
If an arms race ever did take place my money is (sadly) 100% on Google. Just look at the level of automated obfuscation Snapchat employs. You could reasonably expect the equivalent of a WASM based video player compiled with a custom equivalent to OLLVM, communicating with a procedurally generated API, and updated versions of API and player automatically rolled out hourly with a small overlap (equivalent to certificate renewal).
(Something vaguely resembling the above is already employed for the reCAPTCHA check boxes IIUC.)
That would block youtube-dl, but the user could still customise their browser to record the video stream to disk. This would mean it would take as long to record as to play the video, but it would work.
As Mindwipe says, if Google really meant business they'd use WideVine for all content rather than just for pay-to-access content.
Lol, youtube-dl exists purely because it's userbase is small enough that it's impact on Google's revenues is less than it would impact CDN efficiency to kill it.
If that were to change (either because CDN efficiency improves so that post encryption ad-insertion is cheap, which will happen eventually or youtube-dl's user base increases) then Google can implement Widevine on everything and it'll be useless.
The vast majority of youtube consumers don't use services like youtube-dl. Youtube absolutely could make it a lot harder for youtube-dl to work, but currently (I am assuming) the lost ad revenue doesn't add up to enough for it to be worth it.
The article advocates for this, calling it “competitive compatibility,” but noting “it’s not enough to legalize competitive compatibility, since the platforms have such an advantage in technical resources that serious competitors’ attempts to interoperate face enormous engineering challenges.”
Interesting, but I don't buy it. The existence of "youtube-dl" and scraping tools shows that, actually, it's the competitors who usually win.
The fact is, if a service works for users at all, it's never going to be terribly difficult to scrape. That's the whole point of why it's ultimately far more beneficial for users and competitors.
It's almost the inverse of websites being too powerful to compete with. The people scraping data are too small to bother with. It might be a problem if it becomes too widespread because of the legislation. The music industry survived Napster and file sharing because it had other revenue paths. But I guess if Facebook fell to an alternative way to interact which Facebook couldn't afford to stop, then that'd just be the free market at work.
"If you're going to be an asshole to my customers, gtfo of my bar" predates the concept of an EULA, and IMO, the freedom of association is a necessary component of a free market.
To the contrary -- the "free" in "free market" refers to freedom. So if a service wants to ban a user, then that's pretty much the definition of a free market.
Similarly, a user is free to try to get around the ban by using a different IP address, etc.
Both sides here would be free to do what they want without the law taking sides. But at a technical level, because anti-scraping measures aren't that hard to defeat, it means that users and competitors will be the primary beneficiaries here.
So I am ok to use my 'freedom' and pay someone to cut your supply of cement, so that you can't compete with me in construction? Where is the boundary between 'free market' and narket manipulation, and how do you prove the latter?
This happens all the time, Intel, paid computer manufacturers not to use AMD chips.
As for the bans and circumvention idea - I would like a stable and reliable system that's guaranteed to work, not a constant game of cat and mouse.
> If Facebook is to make its encrypted chat services interoperable with third parties, it must reserve the right to aggressively fix bugs and patch vulnerabilities. Sometimes, this will make it difficult for competitors to keep up, but protocol security is not something we can afford to sacrifice.
This looks like a barn door, not a loophole. What would stop major players from updating their proprietary protocol on a daily basis? The overhead of staying on top of a dozen big social media sites' protocols would be absurd.
I agree with the need for security, and I see that the industry has failed to update email; but I see that more as a consequence of the industry continually trying to "disrupt" email through the creation of walled gardens.
As pointed out, in section 4 of S.2658 this is explicitly prohibited:
C) PROHIBITED CHANGES TO INTERFACES.—A change to an interoperability interface or terms of use made with the purpose, or substantial effect, of unreasonably denying access or undermining interoperability for competing communications services shall be considered a violation of the duty under subparagraph (A) to facilitate and maintain interoperability based on fair, reasonable, and nondiscriminatory terms.
Fun fact: Within Facebook’s task-tracking system there is/was a “wishlist”-priority task with planned details for how to change Messenger’s MQTT protocol to break third-party clients if need be. As far as I know this was never acted upon because Pidgin-like third-party clients never became popular for Messenger MQTT like they were for the old now-deprecated XMPP Messenger gateway.
No it doesn't, you need to impersonate an user and login with your password in order to relay messages outside of FB messenger. That said, it has been done: https://github.com/tulir/mautrix-facebook
That's certainly the intent, but as it's written, (by my lay-reading) it appears that the burden of proof would rest upon a single change, and not a sequence of changes -- any one may be innocuous, but their sum may not be. And where a single actor may not run afoul, I can imagine a conspiracy of big players making changes which collectively burden smaller players. I would greatly prefer a consortium or better, an independent standards body.
It was written to get rid of dark patterns and deceptive interfaces. The official summary says: "To prohibit the usage of exploitative and deceptive practices by large online operators and to promote consumer welfare in the use of behavioral research by such providers."
In my reading, the DETOUR act says that large online operators (defined as services with more than 100M monthly active users anywhere, not just in the US) may not use misleading interfaces or unclear wording to mislead the user. It also says that they can only conduct behavioral experiments (e.g. A/B testing) if they have an independent review board registered with the FTC and have informed consent from the users as well as routine disclosure to the public of experiments being done. Finally it says that online large operators may form professional standards bodies, and that those bodies should develop on a continuing basis guidances and bright line rules for developing their technology products in a way that does not impair user autonomy or induce compulsive behavior in children.
From what I understood from the content of the bill, it seems that there is a clause that prevents companies from aggressively modifying their API to prevent interoperability.
There's a number of quiet warnings in my head that this is too overbroad. Don't get me wrong, I think something like this should happen 100%. But this seems to cast too wide a net.
What about my bank? They have >100M users, and with an app/service portal, they'll be required to be "interoperable". I don't want my bank or my bank info to be interoperable. I also don't want my bank to have an interoperability interface; as an internet plumber, I fully realize the first thing you need to have a blockage is a pipe with something in it.
What about content delivery? Will I be able to play music/movies hosted by my subscription provider through a 3rd party? This calls into question some difficult problems around licensing that may be impossible to satisfy via existing, established contracts; don't paint a content provider into a corner of guaranteed noncompliance.
Where is the definition of "interoperability"?
This will be a field day for an endless bevy of corporate lawyers to say "Oh XYZ isn't a service with users. It's available to users of ABC service, which is fully compliant with the interoperability rules as required by blah blah."
I applaud the effort and think this is a priceless next step in helping define where we should go next, but I'm only hearing possibility and daydreams, not concrete implementation.
If you look at section 2 of bill S.2658[0], you will see that the bill only applies to "Large Communications Platform Providers". You bank is not that. Spotify and Netflix are not that. The bill doesn't apply to them. And note that the current threshold is 100M monthly active users in the United States*. A third of the population using the communications platform monthly. Relevant passage of section 2:
(7) LARGE COMMUNICATIONS PLATFORM.—The term “large communications platform” means a product or service provided by a communications provider that—
(A) generates income, directly or indirectly, from the collection, processing, sale, or sharing of user data; and
(B) has more than 100,000,000 monthly active users in the United States.
> (A) generates income, directly or indirectly, from the collection, processing, sale, or sharing of user data; and
OK, this is substantially better than any other proposal I've seen. It means that any platform that doesn't make money off of user data (e.g. one that makes money in some more ethical way) is exempt.
That seems overly broad. The whole point of a communications service from the user's point of view is to process user data, namely the messages that the user sends or receives via that service.
> What about my bank? They have >100M users, and with an app/service portal, they'll be required to be "interoperable". I don't want my bank or my bank info to be interoperable.
Here in the UK we have something like that, called Open Banking[1]. IMHO the most noticeable benefit to consumers is that many of apps from the UKs largest banking providers now allow you to view your accounts from all your banks through their app (traditionally you could only view accounts you held with that bank). I believe that some budgeting / spending-tracking apps also take advantage of it to amalgamate information from all of your accounts.
> What about my bank? They have >100M users, and with an app/service portal, they'll be required to be "interoperable".
Banks around here (Norway) are required to provide API access because of Eu regulations (yeay EU, sometimes you are a great idea even if I'm happy that we aren't a member) and I can already see accounts from other banks I have used before.
> I also don't want my bank to have an interoperability interface; as an internet plumber, I fully realize the first thing you need to have a blockage is a pipe with something in it.
Couldn't this be used as an argument against every standardization effort?
This is good and all, but there is a much simpler solution to this problem and others:
Progressive taxation of companies
I know this sounds outrageous, but hear me out. What if monopolies split themselves? Wouldn't that be great? Does the same company really have to make the phone and the charger? No, but there are 2 reasons apple does:
1. Collaboration between the phone department and the charger department is slightly easier.
2. They can abuse their monopoly on iphone chargers to force you to pay more for them.
Apple makes about 30 billion on iphones per quarter. Assuming all iphones were $600 (which they arent) and everyone uses 2 chargers per iphone (because the first one broke) priced at $20, apple would be making $2 billion from chargers.
Say, if they didn't abuse their monopoly position for chargers they would make only $1.8 billion from them.
This is $2.0 billion - $1.8 billion = $0.2 billion less revenue.
Now if you just tax apple progressively such that taxes for 32 billion in revenue are more than $0.2 billion higher than paying taxes for 30 billion in revenue, apple will split into iphoneapple and chargerapple by themselves!
Now in practice you might not want to tax revenue but for example the value of the company or something else.
Also you don't want the 'split' companies to still behave like they are one company, this means that you want the split-off company to have different shareholders from the main company, because otherwise they would just behave in mutual interest.
More in line with the topic, netflix might decide to split into a 'movie suggestions algorithm' service and a 'movie streaming' company.
Google would split into a gazillions of different companies.
But some interoperable internet legislature might be a little more realistic :)
If we think the advantages of monopoly power are undesirable, we should tax them. Don't fine them for abusing monopoly power; it's an asset, tax them just for having it. Same thing that Sanders said about the banks - tax them for simply being large, and they'll break themselves up.
edit: If walled gardens had to pay taxes on their moats, they'd stop digging them.
* Abusing monopoly power in one market to leverage an unfair advantage in another market is NOT OK.
In the case of the latter there ain't a tax (the irony is that large behemoths are already avoiding paying their fair tax). A tax lcould also morally legalize the behaviour (moral is important in antitrust behaviour look at the claws/lobby of tobacco firms).
On the contrary, it is a fine by a government subjected by a court of law. Every government has to start this lawsuit themselves though. It takes a lot of effort, time, money. On top of the fine, action as a result of being found guilty can be demanded as well (see history of US phone companies).
Sure, Apple will split into iPhoneApple and ChargerApple... after signing an exclusive 100 year contract for ChargerApple to be the sole supplier of chargers to Apple, for a fixed price, blah blah blah trivial workaround.
You need to se it like this: iPhoneApple is selling off it's charger operations to someone else (it is important that they are different shareholders). Once the companies are split up, iPhoneApple won't want chargerapple to have an exclusive contract, since their phones are worth more if chargers are cheaper. So the only reason they would want to give an exclusive contract to ChargerApple is to sell it for more money. Considering this, they might as well sell it first and then negotiate an exclusive contract. Or hell, maybe they find someone who will pay more for it than their spinnof. At this point, iPhoneApple will realize what every other smartphone maker in the industry realizes: Selling exclusive charger contracts is not worth it.
No, all I've come up with googling 'progressive tax for companies' are textbook explanations why it is not 'fair' to do this. Presumably it wouldn't be fair to tax a company with revenue more than a highly valued startup. Fairness is too ambiguous a term I think to determine policy. Besides that, there are other monetary features to apply a progressive tax on.
And with that 0.2 billion Apple (along with several others) will make sure no such law is passed.
If a law like you propose was possible, then it would already be possible to split the monopolies. Neither can happen until workers are actually in control of the state, as opposed to the current dictatorship of monopolists.
>Now imagine that a user on one platform can interact with any of the other platforms through a single interface.
I love the spirit here, but I think everyone here is aware that outside of mainstream networks like Twitter you have other networks which are just full of rampant hate speech.
If you tell Facebook they have to support allowing hateful users to contact their own, Facebook no longer has any ability to moderate anything. I would love social media which wasn't controlled by a single Mega company, but I'm just not sure how this could exist.
I have heard of projects, say a local group of college students set up zoom socializing, which does provide a much needed alternative. But I just don't think this can scale, once you have no obligation to the group to be a decent human being, it becomes extremely easy to be nasty and mean.
I'm lucky enough to be a part of one zoom ( for now, I met the owner in real life) community. He has to personally let everyone else in to the room, and he's already had to ban a few people for over the top racism.
Before you know it everyone is meaner on social media than they'd ever be in the real world . It's at the point where I don't want to feel my mind with that, therefore I just don't partake.
If this ever was something Facebook had to do, within hours you'd be flooded with bots dming you nonsense. As is Facebook has major issues with Spam and abuse, what's the stop someone from creating a service which just sends bots in to hurl racist insults
Federated social media works around this just fine. Any server can ban any other server breaking its rules.
Yes, a federated system will inevitably be abused by malicious actors because of its inherent openness. But if it's closed the way it is now, then it is abused by the company that owns each platform. If I had to choose, I'd absolutely pick spam over ads, tracking, and dark patterns. Spam is at least easier to deal with and universally hated by everyone while most people don't even realize they're being tracked at all times.
No one forces you to use Facebook. I respect the right of Facebook to not want to be over ran with hate speech.
It's a nominal task to spin up a fresh server everytime you get banned. The only effective way to stop said spam would be for FB to have a limited white list of vetted partners. So your back where you started .
What are your choices, exactly, if all your friends use it? So you're either on Facebook, or you're missing out and inconveniencing your friends. There's currently no third option.
I still keep FB around for messaging. I wouldn't force FB open. As is hate speech is a massive issue. Your free to use a federated service if you want though
Data portability, yes. No big argument there. Back-end interoperability, yes. No more locking out TweetDeck, and common applications for all message transports.
In particular, back-end interoperability needs to be mandatory for Internet of Things stuff. The lifespan of a cloud service is short, maybe 5 years. That's a big problem for house components.
Delegability needs thought. There's bots. There's Snooping as a Service. Technically, back-end interoperabilty implies the ability to delegate. It's more of a contractual issue. Can a service forbid it? Intermediaries and aggregators have their own headaches.
> back-end interoperability needs to be mandatory for Internet of Things stuff
More than that, IoT network communications need to be snoopable by the end user if desired. There's a real threat of devices sending back data you don't want them to and even working together to exfiltrate data from a device that's otherwise blocked from the internet.
(There was a startup in the greater Seattle area working on such exfiltration capabilities at one point, euphemistically referred to as "routing at the edge". Frustratingly I can't seem to track them down right now.)
Applying laws based on MAUs doesn't seem like a reasonable approach. MAUs are a self-reported and subjectively defined metric and the MAU threshold is arbitrarily chosen. Technology laws should not be applied based on apparent popularity.
I think a better version of this legislation would apply to any corporation that collects PII or collects browser activity outside of 1st party domains, in order to serve ads to users.
It discusses 20 topics for potential legislation, listed below. Look at items 13 and 16 in the whitepaper, they go very much along the lines of what you said.
1) Duty to clearly and conspicuously label bots
2) Duty to determine the origin of posts and/or accounts
3) Duty to identify inauthentic accounts
4) Make platforms liable for state-law torts (defamation, false light, public disclosure of private facts) for failure to take down deep fake or other manipulated audio/video content
5) Public Interest Data Access Bill
6) Require Interagency Task Force for Countering Asymmetric Threats to Democratic Institutions
7)Disclosure Requirements for Online Political Advertisements
8) Public Initiative for Media Literacy
9) Increasing Deterrence Against Foreign Manipulation
10) Information fiduciary
11) Privacy rulemaking authority at FTC
12) Comprehensive (GDPR-like) data protection legislation
13) 1st Party Consent for Data Collection
14) Statutory determination that so-called ‘dark patterns’ are unfair and deceptive trade practices
15) Algorithmic auditability/fairness
16) Data Transparency Bill
17) Data Portability Bill
18) Interoperability
19) Opening federal datasets to university researchers and qualified small businesses/startups
20) Essential Facilities Determinations
Maybe I’m missing something, but it seems to me once Democrats realize that they are literally trying to legally require Facebook rebuild the API that resulted in the Cambridge Analytica scandal they have railed against for years this bill will get dropped for dumb political reasons.
Opening up these services like this seems to be one of several prerequisites to preventing great harms, but doing so would be in conflict with a number of expedient political issues the parties have dug in on around platform censorship, data privacy, etc.
Nonsense bills like this are what will keep social media giants honest. The market won't on its own because the network effects are (largely) insurmountable.
However, Facebook has to regain the goodwill of the public and fast, or they'll be legislated out of existence through bills like these.
in case I wasn't clear, I would be thrilled if this bill passed. my point was that short-sighted political tribalism has led politicians to back themselves into corners now that will prevent it, unless the press and public are just too stupid to recognize the contradictions before it does pass.
>...email servers have been slow to adopt even basic, point-to-point encryption with STARTTLS.
You need to give more credit than that. STARTTLS adoption is well over 90% now. Yes, it is unathenticated so that it only protects against passive listening, but that is still a huge improvement.
Authentication only would apply to the mail servers anyway. Further worthwhile improvement would require authentication of end users. Not sure how you can legislate that in a useful way.
That makes me wonder if it would be reasonable for a diverse group of email providers (large and small) to announce that they will add a 1 hour delay to emails received from or sent to servers that don't support STARTTLS. Perhaps each year that delay could double, until those non-compliant services became basically unusable.
To make this change even less controversial, users could be given the option to whitelist certain email addresses so that exceptional use cases could still be supported.
I generally support the EFF and think netizens need far more protections than they have, and those need to come through legislation. But I don't get why this mandated interoperability is a good idea.
Mandating data portability is one thing, but having the government decide that a company must provide an api seems absurd to me (so far: it's a new idea to me).
In the meantime, dear EFF:
- Why hasn't the EFF created boilerplate privacy agreement clauses that companies could adopt to prove their ubiquitously claimed "utmost concern for user privacy"?
- Why isn't there a vision of how companies could maintain the provenance under which each datum has been acquired (and therefore when they can/can't be shared/sold/etc.)?
- What meaning does any privacy agreement have (no matter how consumer friendly) if it can be changed at any time?
- Why do NO companies promise to protect user data in the event of an acquisition (in fact they promise the opposite).
These seem like action items right down EFF's lane and I keep waiting year after year for the basics to be covered. I criticize as a friend (and small donor).
> generally support the EFF and think netizens need far more protections than they have, and those need to come through legislation. But I don't get why this mandated interoperability is a good idea.
It does look like a solution in search of a problem to me. Plenty of social networks have grown up while Facebook existed. Off the top of my head Twitter, Snapchat, Instagram, WhatsApp, Viber, Tiktok, Yikyak, LinkedIn.
It's not clear what the practical impact of forced interoperability means. It (probably) upends the current revenue model. Who is going to maintain the back end API when the revenue is captured by the front end?
Delegability: Yes, please. :) I like writing a small apps that scrape some service's data to my local DB and then use the data locally (being able to combine them in my own ways).
Imagine a postgresql database where bunch of these scraping interfaces load data into per-service schemas, and you can then join/union across schemas, integrating data from several different online services in creative ways.
Too bad this bill is targeted at huge services only. Though those are mostly the ones that try to obfuscate and hinder access to data.
I can already use up one hand counting the webistes that just deleted all user contributed content or disappeared for other reasons where if I didn't do this, the content would be lost completely to me. Or services (like online banking) that just offer 2-3 year history, and you need to pay to access older data.
The proposal makes no mention of who owsn the data and what it's worth. Why not instead legislate the ownership of the data by the users? The users should decide whether take their data, exclusively or not, to the platform they like more, or even better, to the platform that pays them more. Posts, friendships, pictures etc , all of this is valuable IP that can be traded with social networks. Let them compete who is going to win more users on a monetary basis. It's time we move on from the model that mercilessly squeezes user's IP for profit while giving back only "free services". The cost of free services has dropped substantially, yet the compensation of users has remained steadily at $0
Official summary: To require the Securities and Exchange Commission to promulgate regulations relating to the disclosure of certain commercial data, and for other purposes.
It applies to “commercial data operators”, defined as entities offering consumer online services or a data broker with over 100M monthly users in the United States for most months over the last year. It says that they must routinely provide each user with an estimate of how much they think that users data is worth for the operator, and clearly describe the data collected and how it is used, as well as allow users to delete their data.
It also says that operators must disclose every quarter to the SEC the “material value” of the user data they hold, contracts they have for collection and use of data, and the value of anything else the SEC determines is necessary. It puts the SEC in charge of figuring out a valuation methodology for the data. It also says the SEC should amend the rules for disclosures from public companies that classify as data operators to include information on how data held by them: how it is protected, liabilities, sources, revenue generated, large contracts or acquisitions of data.
For public companies I believe this would significantly change how they must do their accounting, since they must treat data as an asset. It could have significant impacts on their market cap, which could be real (since more information will be available) or just a result of the new reporting rules affecting their listed assets.
Data portability in the GDPR aimed at this (as the article says), but it was far too weak to have any effect and it seems no one cares about really implementing it. The only services that implemented something that resembles data portability are e-mail providers, and there it works mostly because there already is an underyling protocol that is built with federation in mind.
We really need more open protocols to make this happen. A doable strategy could be too look at markets with a lot of existing solutions (e.g. chat, task management, note taking, scheduling, document management, file syncing) and force the players to formulate a protocol that everyone adheres to. Since that will take a long time it's probably only doable for the core services, but having something like this e.g. for chat services would be incredibly useful.
I have been wishing for a regulation like this for years. This would be one of the biggest game changers ever, but it is hard to imagine how realistic such a scenario would be because technology moves so fast and facebook fucks up even the apis they are willing to provide all the time. But we need to try at least to tear down the walled gardens and digital despotism of google facebook and apple.
It's nice to see a reminder every once in awhile that some people in government are actually competent. It's strange that it seems like actions on major structural issues are so delayed and rare or ineffectual, but at least some people do make an appropriate effort sometimes.
I generally don't donate to anyone but I am going to send the EFF a few dollars in case it helps them promote this bill.
As the bill S.2658 text currently stands [0], if iMessage has more than 100M monthly active users, then yes. It is hard to find such statistics on a quick search, but the surest way to make sure it applies to iMessage is to call your representative and tell them the threshold should be lowered from 100M to 10M MAU :)
What did you find? I only see a global number, but this proposal requires 100million MUA in the USA
With some quick searches, multiplying iPhone's 39% marketshare with 328million Americans gets me to 127million, but that's probably too high - not everyone has a smartphone, and how many users actually use iMessage at least once a month, and not say, WhatsApp exclusively ?
I have a hardtime imagining users with a MacBook or iPad but not having an iPhone adding a significant number of iMessage users
But the question was if there are a 100 million MAU in the US, let alone how to find that information in a simple google search. I couldn't find any breakout of iMessage users per country
> In addition, ad-driven platforms often curate information in ways that benefit advertisers, not users. The ways Facebook, Twitter, and Youtube present content are designed to maximize engagement and drive up quarterly earnings.
Can someone describe a model for these services that doesn’t depend on advertising?
I think this bill is a great idea. it doesn't address all the issues associated with locking users into these sites, and the attendant influence and market power of them, but it's a good start.
I just emailed my senators and representative urging them to support this bill. In those emails (the text of which is reproduced below), I address some of the reasons I think it's a good idea and make some suggestions for amendments to it.
What additional reasons do you have for supporting (or not) this bill, and what other amendments would you suggest?
Text of email to my House/Senate representatives:
I strongly urge you to support the ACCESS Act (S.2658 - Augmenting Compatibility and Competition by Enabling Service Switching Act of 2019) introduced by Senator Warner and encourage your colleagues to do so as well.
The bill requires that large communications platforms such as Facebook and Twitter provide mechanisms for other platforms to interoperate with their platforms.
This is important for several reasons:
1. The sheer size of these platforms lock your constituents into them, creating huge barriers to entry for competitors and stifling competition in the Social netwotking market;
2. The ACCESS Act would create a mechanism for other platforms to interoperate with these huge platforms, some of which already exist and others which could provide users not only with superior capabilities, but also with the ability to exert more control over their personal data and information (cf. Diaspora, https://joindiaspora.org );
3. These huge platforms have enormous control, not only over the news and information that their users see, but also over the marketplaces created by their sheer size. Requiring them to freely interoperate provides an opportunity to create a true public commons divorced from any particular corporate entity;
4. As we've seen in the recent (and not so recent) past, these platforms exert an enormous amount of influence and have a huge economic impact on us. As such, there have been calls to break up these companies to limit that impact and influence. I posit that creating an environment which will significantly reduce barriers to entry into this space will encourage competition and limit the impact/influence of these corporations, while creat new opportunities, new jobs and a broader set of voices on the Internet.
I'd further urge you to introduce amendments to this bill to accomplish the following:
1. Reduce the size of impacted platforms from 100,000,000 users to 100,000. This would allow a rich ecosystem of communication and social networking platforms that can interact and give everyone an opportunity to connect with others in a decentralized, open way. It would also provide strong incentives for entrepreneurship in this space and encourage innovation and competition;
2. In addition to tasking the National Institute for Standards and Technology with creating the protocols and interfaces required to implement this bill, invite the Internet Engineering Task Force (IETF) to participate as well. The IETF (https://ietf.org/about/ ) are the people who have, for more than 30 years, been developing, documenting and implementing the technical standards that have made the Internet the economic and cultural dynamo it is today.
Please make this a priority, because broad-based, open communication, discussion and the potential for enhanced personal privacy are critical to our democracy and cultural cohesion.
I highly recommend that everyone reads it - it is extremely short, well written, and probably the single most important piece of legislation to HN folks in the past decade.
As the bill is right now, it require communications platforms with 100M monthly active users in the US to make their services interoperable with other platforms. The bill presumes that platforms using open protocols already (like email) are fine. Facebook and it’s messenger platform is likely to be the only one meeting the threshold.
I'm not American, but if you are and you care, I would suggest you to call your representative and explain why you support (or not) this bill. Remember that as it goes through congress, it can, and most likely will, be heavily edited or gutted to fit the many competing interests whispering in their ears. If you think the bill is good as is, tell them that! Personally, I think the bill is perfect, except for the 100M user threshold to start demand compatibility, which I think should be lowered to 10M.