[HN Gopher] A legislative path to an interoperable internet
___________________________________________________________________
A legislative path to an interoperable internet
Author : wallflower
Score : 218 points
Date : 2020-10-18 14:41 UTC (8 hours ago)
(HTM) web link (www.eff.org)
(TXT) w3m dump (www.eff.org)
| 0xquad wrote:
| I generally support the EFF and think netizens need far more
| protections than they have, and those need to come through
| legislation. But I don't get why this mandated interoperability
| is a good idea.
|
| Mandating data portability is one thing, but having the
| government decide that a company must provide an api seems absurd
| to me (so far: it's a new idea to me).
|
| In the meantime, dear EFF: - Why hasn't the EFF created
| boilerplate privacy agreement clauses that companies could adopt
| to prove their ubiquitously claimed "utmost concern for user
| privacy"? - Why isn't there a vision of how companies could
| maintain the provenance under which each datum has been acquired
| (and therefore when they can/can't be shared/sold/etc.)? - What
| meaning does any privacy agreement have (no matter how consumer
| friendly) if it can be changed at any time? - Why do NO companies
| promise to protect user data in the event of an acquisition (in
| fact they promise the opposite).
|
| These seem like action items right down EFF's lane and I keep
| waiting year after year for the basics to be covered. I criticize
| as a friend (and small donor).
| chosen1111 wrote:
| Including sites like Gab and Bitchute?
| thekaleb wrote:
| As far as I understand it gab does use open protocols.
| ilaksh wrote:
| It's nice to see a reminder every once in awhile that some people
| in government are actually competent. It's strange that it seems
| like actions on major structural issues are so delayed and rare
| or ineffectual, but at least some people do make an appropriate
| effort sometimes.
|
| I generally don't donate to anyone but I am going to send the EFF
| a few dollars in case it helps them promote this bill.
| esoterae wrote:
| There's a number of quiet warnings in my head that this is too
| overbroad. Don't get me wrong, I think something like this should
| happen 100%. But this seems to cast too wide a net.
|
| What about my bank? They have >100M users, and with an
| app/service portal, they'll be required to be "interoperable". I
| don't want my bank or my bank info to be interoperable. I also
| don't want my bank to have an interoperability interface; as an
| internet plumber, I fully realize the first thing you need to
| have a blockage is a pipe with something in it.
|
| What about content delivery? Will I be able to play music/movies
| hosted by my subscription provider through a 3rd party? This
| calls into question some difficult problems around licensing that
| may be impossible to satisfy via existing, established contracts;
| don't paint a content provider into a corner of guaranteed
| noncompliance.
|
| Where is the definition of "interoperability"?
|
| This will be a field day for an endless bevy of corporate lawyers
| to say "Oh XYZ isn't a service with users. It's available to
| users of ABC service, which is fully compliant with the
| interoperability rules as required by blah blah."
|
| I applaud the effort and think this is a priceless next step in
| helping define where we should go next, but I'm only hearing
| possibility and daydreams, not concrete implementation.
| eitland wrote:
| > What about my bank? They have >100M users, and with an
| app/service portal, they'll be required to be "interoperable".
|
| Banks around here (Norway) are required to provide API access
| because of Eu regulations (yeay EU, sometimes you are a great
| idea even if I'm happy that we aren't a member) and I can
| already see accounts from other banks I have used before.
|
| > I also don't want my bank to have an interoperability
| interface; as an internet plumber, I fully realize the first
| thing you need to have a blockage is a pipe with something in
| it.
|
| Couldn't this be used as an argument against every
| standardization effort?
| betamaxthetape wrote:
| > What about my bank? They have >100M users, and with an
| app/service portal, they'll be required to be "interoperable".
| I don't want my bank or my bank info to be interoperable.
|
| Here in the UK we have something like that, called Open
| Banking[1]. IMHO the most noticeable benefit to consumers is
| that many of apps from the UKs largest banking providers now
| allow you to view your accounts from _all_ your banks through
| their app (traditionally you could only view accounts you held
| with that bank). I believe that some budgeting / spending-
| tracking apps also take advantage of it to amalgamate
| information from all of your accounts.
|
| [1] https://www.openbanking.org.uk/
| munfred wrote:
| If you look at section 2 of bill S.2658[0], you will see that
| the bill only applies to "Large Communications Platform
| Providers". You bank is not that. Spotify and Netflix are not
| that. The bill doesn't apply to them. And note that the current
| threshold is 100M monthly active users _in the United States_
| *. A third of the population using the communications platform
| monthly. Relevant passage of section 2: (7)
| LARGE COMMUNICATIONS PLATFORM.--The term "large communications
| platform" means a product or service provided by a
| communications provider that-- (A) generates
| income, directly or indirectly, from the collection,
| processing, sale, or sharing of user data; and
| (B) has more than 100,000,000 monthly active users in the
| United States.
|
| ---
|
| Original bill text: [0] https://www.congress.gov/bill/116th-
| congress/senate-bill/265...
| JoshTriplett wrote:
| > (A) generates income, directly or indirectly, from the
| collection, processing, sale, or sharing of user data; and
|
| OK, this is _substantially_ better than any other proposal I
| 've seen. It means that any platform that _doesn 't_ make
| money off of user data (e.g. one that makes money in some
| more ethical way) is exempt.
| megous wrote:
| Delegability: Yes, please. :) I like writing a small apps that
| scrape some service's data to my local DB and then use the data
| locally (being able to combine them in my own ways).
|
| Imagine a postgresql database where bunch of these scraping
| interfaces load data into per-service schemas, and you can then
| join/union across schemas, integrating data from several
| different online services in creative ways.
|
| Too bad this bill is targeted at huge services only. Though those
| are mostly the ones that try to obfuscate and hinder access to
| data.
|
| I can already use up one hand counting the webistes that just
| deleted all user contributed content or disappeared for other
| reasons where if I didn't do this, the content would be lost
| completely to me. Or services (like online banking) that just
| offer 2-3 year history, and you need to pay to access older data.
|
| Just allow users to write their own clients.
| Animats wrote:
| Data portability, yes. No big argument there. Back-end
| interoperability, yes. No more locking out TweetDeck, and common
| applications for all message transports.
|
| In particular, back-end interoperability needs to be mandatory
| for Internet of Things stuff. The lifespan of a cloud service is
| short, maybe 5 years. That's a big problem for house components.
|
| Delegability needs thought. There's bots. There's Snooping as a
| Service. Technically, back-end interoperabilty implies the
| ability to delegate. It's more of a contractual issue. Can a
| service forbid it? Intermediaries and aggregators have their own
| headaches.
| upofadown wrote:
| >...email servers have been slow to adopt even basic, point-to-
| point encryption with STARTTLS.
|
| You need to give more credit than that. STARTTLS adoption is well
| over 90% now. Yes, it is unathenticated so that it only protects
| against passive listening, but that is still a huge improvement.
|
| Authentication only would apply to the mail servers anyway.
| Further worthwhile improvement would require authentication of
| end users. Not sure how you can legislate that in a useful way.
| dane-pgp wrote:
| > STARTTLS adoption is well over 90% now.
|
| That makes me wonder if it would be reasonable for a diverse
| group of email providers (large and small) to announce that
| they will add a 1 hour delay to emails received from or sent to
| servers that don't support STARTTLS. Perhaps each year that
| delay could double, until those non-compliant services became
| basically unusable.
|
| To make this change even less controversial, users could be
| given the option to whitelist certain email addresses so that
| exceptional use cases could still be supported.
| offtop5 wrote:
| >Now imagine that a user on one platform can interact with any of
| the other platforms through a single interface.
|
| I love the spirit here, but I think everyone here is aware that
| outside of mainstream networks like Twitter you have other
| networks which are just full of rampant hate speech.
|
| If you tell Facebook they have to support allowing hateful users
| to contact their own, Facebook no longer has any ability to
| moderate anything. I would love social media which wasn't
| controlled by a single Mega company, but I'm just not sure how
| this could exist.
|
| I have heard of projects, say a local group of college students
| set up zoom socializing, which does provide a much needed
| alternative. But I just don't think this can scale, once you have
| no obligation to the group to be a decent human being, it becomes
| extremely easy to be nasty and mean.
|
| I'm lucky enough to be a part of one zoom ( for now, I met the
| owner in real life) community. He has to personally let everyone
| else in to the room, and he's already had to ban a few people for
| over the top racism.
|
| Before you know it everyone is meaner on social media than they'd
| ever be in the real world . It's at the point where I don't want
| to feel my mind with that, therefore I just don't partake.
|
| If this ever was something Facebook had to do, within hours you'd
| be flooded with bots dming you nonsense. As is Facebook has major
| issues with Spam and abuse, what's the stop someone from creating
| a service which just sends bots in to hurl racist insults
| grishka wrote:
| Federated social media works around this just fine. Any server
| can ban any other server breaking its rules.
|
| Yes, a federated system will inevitably be abused by malicious
| actors because of its inherent openness. But if it's closed the
| way it is now, then it is abused by the company that owns each
| platform. If I had to choose, I'd absolutely pick spam over
| ads, tracking, and dark patterns. Spam is at least easier to
| deal with and universally hated by everyone while most people
| don't even realize they're being tracked at all times.
| offtop5 wrote:
| You can also just not use social media.
|
| No one forces you to use Facebook. I respect the right of
| Facebook to not want to be over ran with hate speech.
|
| It's a nominal task to spin up a fresh server everytime you
| get banned. The only effective way to stop said spam would be
| for FB to have a limited white list of vetted partners. So
| your back where you started .
| grishka wrote:
| > You can also just not use social media.
|
| And use what instead?
|
| > No one forces you to use Facebook.
|
| What are your choices, exactly, if all your friends use it?
| So you're either on Facebook, or you're missing out and
| inconveniencing your friends. There's currently no third
| option.
| Dahoon wrote:
| >You can also just not use social media.
|
| Have you tried that? Lots of stuff that shouldn't be on
| Facebook is, like state/government/etc. using it for lots
| of different purposes. It's like saying "you could also
| just not have a phone/computer/internet/heat".
| root_axis wrote:
| Applying laws based on MAUs doesn't seem like a reasonable
| approach. MAUs are a self-reported and subjectively defined
| metric and the MAU threshold is arbitrarily chosen. Technology
| laws should not be applied based on apparent popularity.
|
| I think a better version of this legislation would apply to any
| corporation that collects PII or collects browser activity
| outside of 1st party domains, in order to serve ads to users.
| munfred wrote:
| This has actually also be proposed by Mark Warner in 2018 on a
| whitepaper titled "Potential Policy Proposals for Regulation of
| Social Media and Technology Firms":
| https://www.warner.senate.gov/public/_cache/files/d/3/d32c2f...
|
| It discusses 20 topics for potential legislation, listed below.
| Look at items 13 and 16 in the whitepaper, they go very much
| along the lines of what you said. 1) Duty to
| clearly and conspicuously label bots 2) Duty to
| determine the origin of posts and/or accounts 3) Duty
| to identify inauthentic accounts 4) Make platforms
| liable for state-law torts (defamation, false light, public
| disclosure of private facts) for failure to take down deep fake
| or other manipulated audio/video content 5) Public
| Interest Data Access Bill 6) Require Interagency Task
| Force for Countering Asymmetric Threats to Democratic
| Institutions 7)Disclosure Requirements for Online
| Political Advertisements 8) Public Initiative for Media
| Literacy 9) Increasing Deterrence Against Foreign
| Manipulation 10) Information fiduciary 11)
| Privacy rulemaking authority at FTC 12) Comprehensive
| (GDPR-like) data protection legislation 13) 1st Party
| Consent for Data Collection 14) Statutory determination
| that so-called 'dark patterns' are unfair and deceptive trade
| practices 15) Algorithmic auditability/fairness
| 16) Data Transparency Bill 17) Data Portability Bill
| 18) Interoperability 19) Opening federal datasets to
| university researchers and qualified small businesses/startups
| 20) Essential Facilities Determinations
| ThePhysicist wrote:
| Data portability in the GDPR aimed at this (as the article says),
| but it was far too weak to have any effect and it seems no one
| cares about really implementing it. The only services that
| implemented something that resembles data portability are e-mail
| providers, and there it works mostly because there already is an
| underyling protocol that is built with federation in mind.
|
| We really need more open protocols to make this happen. A doable
| strategy could be too look at markets with a lot of existing
| solutions (e.g. chat, task management, note taking, scheduling,
| document management, file syncing) and force the players to
| formulate a protocol that everyone adheres to. Since that will
| take a long time it's probably only doable for the core services,
| but having something like this e.g. for chat services would be
| incredibly useful.
| munfred wrote:
| Here is the full text of the ACCESS Act of 2019 bill:
| https://www.congress.gov/bill/116th-congress/senate-bill/265...
|
| I highly recommend that everyone reads it - it is extremely
| short, well written, and probably the single most important piece
| of legislation to HN folks in the past decade.
|
| As the bill is right now, it require communications platforms
| with 100M monthly active users in the US to make their services
| interoperable with other platforms. The bill presumes that
| platforms using open protocols already (like email) are fine.
| Facebook and it's messenger platform is likely to be the only one
| meeting the threshold.
|
| I'm not American, but if you are and you care, I would suggest
| you to call your representative and explain why you support (or
| not) this bill. Remember that as it goes through congress, it
| can, and most likely will, be heavily edited or gutted to fit the
| many competing interests whispering in their ears. If you think
| the bill is good as is, tell them that! Personally, I think the
| bill is perfect, except for the 100M user threshold to start
| demand compatibility, which I think should be lowered to 10M.
| camgunz wrote:
| This bill is pretty smart (agreed about the limit though, I'd
| even put it at 1M MAU). Could it be we're finally at a point
| where Congress is listening to competent tech lobbying instead
| of just megacorp media/tech companies?
| munfred wrote:
| I'm every bit as surprised as you. I don't think it's a
| significant fraction of congress though, I think it's
| specifically senator Mark Warner. He did work with tech
| before, and my take is that he knows what he is talking about
| and was waiting for a good political moment to present such
| unpalatable proposals (unpalatable to the tech companies,
| that is).
|
| See his Wikipedia article: https://en.wikipedia.org/wiki/Mark
| _Warner#Early_life,_educat...
|
| Last year he (meaning, most likely his staff under his
| supervision) put out a "whitepaper" outlining 20 possible
| proposals to regulate social media and tech companies.
| Notably, 4 of the things discussed were introduced as bills
| in one form or another.
|
| I posted about them last year, see the discussion and links
| here: https://news.ycombinator.com/item?id=21389809
| dangus wrote:
| > Facebook and it's messenger platform is likely to be the only
| one meeting the threshold.
|
| And iMessage! There should absolutely be a requirement to have
| it interoperate with other platforms.
| goBackwards00 wrote:
| I don't support this as, excepting in medical and large infra
| where common languages improve important outcomes, API
| interoperability of consumer bullshit is an arbitrary goal.
|
| We keep legislating pointless high level goals.
|
| I'd rather legislate high level goals like M4A, free education.
|
| I refuse to put political agency into logistical normalization
| for big business who can afford to do it themselves.
|
| And I don't believe forcing social norms on humans is
| acceptable in general. Indeed, I think it's a truism our
| biology will always resist.
|
| This is bill is too narrowly scoped to web technologists
| concerns. After 20+ years in software, I've learned
| technologists are no more important to any big picture as
| anyone else.
|
| Air travel and medical science did this on their own. There's
| no reason private enterprise of dubious value to society need
| governments mandates for trading gifs.
|
| It's electrons in a circuit already. There's your generic
| interface.
|
| Given recent economic success and shallow human egos, software
| people have slid into a dopamine fueled circular mirage,
| decoupled from reality.
| vsskanth wrote:
| Can interoperability and data portability still be
| legislatively mandated if APIs were ruled copyrightable in the
| Supreme Court (Oracle vs Google) ?
|
| Can monopolies go further and claim their user graph and user
| data is also under copyright ?
| xg15 wrote:
| As the courts only interpret the existing law, couldn't the
| bill simply restrict the copyright on APIs enough to avoid
| those kind of contradictions?
| chabad360 wrote:
| Sure, the bill would need to include a clause that specifies
| that the API must not be copyrighted, or something to that
| effect.
| nobody9999 wrote:
| >Sure, the bill would need to include a clause that
| specifies that the API must not be copyrighted, or
| something to that effect.
|
| I don't believe that would be an issue, since Federal
| government works are not entitled to copyright and are in
| the public domain[0].
|
| [0] https://en.wikipedia.org/wiki/Copyright_status_of_works
| _by_t...
| munfred wrote:
| Those are good questions. My take is that it would be similar
| in spirit to the way government can act to prevent price
| gouging with drug patents. Notice that platforms are allowed
| to charge and regulate access to the API, but it has to be
| "reasonable". Here is what is stated on section 4 on
| interoperability:
|
| ------------
|
| SEC. 4. INTEROPERABILITY.
|
| (a) General Duty Of Large Communications Platform Providers.
| --A large communications platform provider shall, for each
| large communications platform it operates, maintain a set of
| transparent, third-party-accessible interfaces (including
| application programming interfaces) to facilitate and
| maintain technically compatible, interoperable communications
| with a user of a competing communications provider.
|
| (b) General Duty Of Competing Communications Providers.--A
| competing communications provider that accesses an
| interoperability interface of a large communications platform
| provider shall reasonably secure any user data it acquires,
| processes, or transmits.
|
| (c) Interoperability Obligations For Large Communications
| Platform Providers.--
|
| (1) IN GENERAL.--In order to achieve interoperability under
| subsection (a), a large communications platform provider
| shall fulfill the duties under paragraphs (2) through (6) of
| this subsection.
|
| (2) NON-DISCRIMINATION.--
|
| (A) IN GENERAL.--A large communications platform provider
| shall facilitate and maintain interoperability with competing
| communications services for each of its large communications
| platforms through an interoperability interface, based on
| fair, reasonable, and nondiscriminatory terms.
|
| (B) REASONABLE THRESHOLDS, ACCESS STANDARDS, AND FEES.--
|
| (i) IN GENERAL.--A large communications platform provider may
| establish reasonable thresholds related to the frequency,
| nature, and volume of requests by a competing communications
| provider to access resources maintained by the large
| communications platform provider, beyond which the large
| communications platform provider may assess a reasonable fee
| for such access.
|
| (ii) USAGE EXPECTATIONS.--A large communications platform
| provider may establish fair, reasonable, and
| nondiscriminatory usage expectations to govern access by
| competing communications providers, including fees or
| penalties for providers that exceed those usage expectations.
|
| (iii) LIMITATION ON FEES AND USAGE EXPECTATIONS.--Any fees,
| penalties, or usage expectations assessed under clauses (i)
| and (ii) shall be reasonably proportional to the cost,
| complexity, and risk to the large communications platform
| provider of providing such access.
|
| (iv) NOTICE.--A large communications platform provider shall
| provide public notice of any fees, penalties, or usage
| expectations that may be established under clauses (i) and
| (ii), including reasonable advance notice of any changes.
|
| (v) SECURITY AND PRIVACY STANDARDS.--A large communications
| platform provider shall, consistent with industry best
| practices, set privacy and security standards for access by
| competing communications services to the extent reasonably
| necessary to address a threat to the large communications
| platform or user data, and shall report any suspected
| violations of those standards to the Commission.
|
| (C) PROHIBITED CHANGES TO INTERFACES.--A change to an
| interoperability interface or terms of use made with the
| purpose, or substantial effect, of unreasonably denying
| access or undermining interoperability for competing
| communications services shall be considered a violation of
| the duty under subparagraph (A) to facilitate and maintain
| interoperability based on fair, reasonable, and
| nondiscriminatory terms.
|
| (3) FUNCTIONAL EQUIVALENCE.--A large communications platform
| provider that maintains interoperability between its own
| large communications platform and other products, services,
| or affiliated offerings of such provider shall offer a
| functionally equivalent version of that interface to
| competing communications services.
|
| (4) INTERFACE INFORMATION.--
|
| (A) IN GENERAL.--Not later than 120 days after the date of
| enactment of this Act, a large communications platform
| provider shall disclose to competing communications providers
| complete and accurate documentation describing access to the
| interoperability interface required under this section.
|
| (B) CONTENTS.--The documentation required under subparagraph
| (A)--
|
| (i) is limited to interface documentation necessary to
| achieve development and operation of interoperable products
| and services; and
|
| (ii) does not require the disclosure of the source code of a
| large communications platform.
|
| (5) NOTICE OF CHANGES.--A large communications platform
| provider shall provide reasonable advance notice to a
| competing communications provider, which may be provided
| through public notice, of any change to an interoperability
| interface maintained by the large communications platform
| provider that will affect the interoperability of a competing
| communications service.
|
| (6) NON-COMMERCIALIZATION BY A LARGE COMMUNICATIONS PLATFORM
| PROVIDER.--A large communications platform provider may not
| collect, use, or share user data obtained from a competing
| communications service through the interoperability interface
| except for the purposes of safeguarding the privacy and
| security of such information or maintaining interoperability
| of services.
|
| (d) Non-Commercialization By A Competing Communications
| Provider.--A competing communications provider that accesses
| an interoperability interface may not collect, use, or share
| user data obtained from a large communications platform
| provider through the interoperability interface except for
| the purposes of safeguarding the privacy and security of such
| information or maintaining interoperability of services.
|
| (e) Exemption For Certain Services.--The obligations under
| this section shall not apply to a product or service by which
| a large communications platform provider does not generate
| any income or other compensation, directly or indirectly,
| from collecting, using, or sharing user data.
| vsskanth wrote:
| So Sec.4.2.B.iii says the large communication providers are
| allowed to charge a fee to access the network but doesn't
| say anything about the same charges being applicable to
| themselves. Wouldn't this create a competitive advantage to
| the larger network ?
|
| Also, it seems awfully similar to the treatment for
| cellular communication providers. What are the differences
| here ? Or would Verizon/ATT be rolled into this since the
| statute just mentions large communications provider ?
| jkarneges wrote:
| > the bill is perfect, except for the 100M user threshold to
| start demand compatibility, which I think should be lowered to
| 10M
|
| I kinda like the high number, as it means the spirit is to
| prevent monopolies, which is one of the most compelling reasons
| for regulations to exist. Make the number too low, and it would
| invite criticism from people about regulations being
| overbearing. I don't know if that number is 100M, 10M, or 1M,
| but just something to be mindful about.
|
| My sense is that if Facebook is legally forced to interop, then
| all other smaller/future players will voluntarily interop
| anyway.
| xg15 wrote:
| Different strokes for different folks as they say, but I
| don't think "preventing monopolies" has to be the only
| motivation of this bill. I think interopability (and as a
| consequence, greatly improved customer choice and
| competition) is a value in its own right.
| WanderPanda wrote:
| I am not too sure you can have that cake AND eat it
| (historical datapoints suggest otherwise I think)
| xg15 wrote:
| Please explain.
| laser wrote:
| The anti-monopoly benefits of interoperability can be
| offset by the regulatory capture of forced
| interoperability if companies too small are subject to
| such rules, placing them at a disadvantage relative to
| largest players and increasing the likelihood that the
| status quo remains in place. That's the "Can't have your
| cake and eat it too" that's being referred to above I
| think--in other words, if you regulate the second-tier
| like the first-tier, the second-tier will never have a
| chance at becoming the first tier.
| nobody9999 wrote:
| I think this bill is a great idea. it doesn't address all the
| issues associated with locking users into these sites, and the
| attendant influence and market power of them, but it's a good
| start.
|
| I just emailed my senators and representative urging them to
| support this bill. In those emails (the text of which is
| reproduced below), I address some of the reasons I think it's a
| good idea and make some suggestions for amendments to it.
|
| What additional reasons do you have for supporting (or not) this
| bill, and what other amendments would you suggest?
|
| Text of email to my House/Senate representatives:
|
| I strongly urge you to support the ACCESS Act (S.2658 -
| Augmenting Compatibility and Competition by Enabling Service
| Switching Act of 2019) introduced by Senator Warner and encourage
| your colleagues to do so as well.
|
| The bill requires that large communications platforms such as
| Facebook and Twitter provide mechanisms for other platforms to
| interoperate with their platforms.
|
| This is important for several reasons:
|
| 1. The sheer size of these platforms lock your constituents into
| them, creating huge barriers to entry for competitors and
| stifling competition in the Social netwotking market;
|
| 2. The ACCESS Act would create a mechanism for other platforms to
| interoperate with these huge platforms, some of which already
| exist and others which could provide users not only with superior
| capabilities, but also with the ability to exert more control
| over their personal data and information (cf. Diaspora,
| https://joindiaspora.org );
|
| 3. These huge platforms have enormous control, not only over the
| news and information that their users see, but also over the
| marketplaces created by their sheer size. Requiring them to
| freely interoperate provides an opportunity to create a true
| public commons divorced from any particular corporate entity;
|
| 4. As we've seen in the recent (and not so recent) past, these
| platforms exert an enormous amount of influence and have a huge
| economic impact on us. As such, there have been calls to break up
| these companies to limit that impact and influence. I posit that
| creating an environment which will significantly reduce barriers
| to entry into this space will encourage competition and limit the
| impact/influence of these corporations, while creat new
| opportunities, new jobs and a broader set of voices on the
| Internet.
|
| I'd further urge you to introduce amendments to this bill to
| accomplish the following:
|
| 1. Reduce the size of impacted platforms from 100,000,000 users
| to 100,000. This would allow a rich ecosystem of communication
| and social networking platforms that can interact and give
| everyone an opportunity to connect with others in a
| decentralized, open way. It would also provide strong incentives
| for entrepreneurship in this space and encourage innovation and
| competition;
|
| 2. In addition to tasking the National Institute for Standards
| and Technology with creating the protocols and interfaces
| required to implement this bill, invite the Internet Engineering
| Task Force (IETF) to participate as well. The IETF
| (https://ietf.org/about/ ) are the people who have, for more than
| 30 years, been developing, documenting and implementing the
| technical standards that have made the Internet the economic and
| cultural dynamo it is today.
|
| Please make this a priority, because broad-based, open
| communication, discussion and the potential for enhanced personal
| privacy are critical to our democracy and cultural cohesion.
| cblconfederate wrote:
| The proposal makes no mention of who owsn the data and what it's
| worth. Why not instead legislate the ownership of the data by the
| users? The users should decide whether take their data,
| exclusively or not, to the platform they like more, or even
| better, to the platform that pays them more. Posts, friendships,
| pictures etc , all of this is valuable IP that can be traded with
| social networks. Let them compete who is going to win more users
| on a monetary basis. It's time we move on from the model that
| mercilessly squeezes user's IP for profit while giving back only
| "free services". The cost of free services has dropped
| substantially, yet the compensation of users has remained
| steadily at $0
| crazygringo wrote:
| I think the goals here are laudable, but the cynic in me worries
| about the details.
|
| Data portability is easy to implement (and has been by some
| companies).
|
| But back-end interoperability and delegability are tricky not
| just because of technical challenges (those can be solved), but
| mainly because of _abuse and spam_.
|
| If, all of a sudden, any other service can like and comment on
| Facebook posts without having a Facebook account... I don't see
| how this doesn't become a spam/abuse-fest overnight.
|
| My $0.02 is that there's a much simpler solution hiding in plain
| sight: just stop giving legal copyright/hacking/ToS protection to
| sites with third-party-generated content that the site didn't
| license.
|
| In other words, if someone wants to build an app that downloads
| your Spotify playlist data by impersonating you... or scrape
| Craigslist listings... or copy Yelp reviews... then _nothing is
| legally in the way_. Not copyright, not anti-hacking laws, not
| ToS.
|
| Services are free to rate-limit or ban you if they catch you...
| but if you can get around that then the information/interaction
| is yours.
|
| This feels like a much more "free market" approach. It doesn't
| rely on trying to build laws that will be bad compromises and
| outdated by the time they're passed. Rather it involves _undoing_
| existing laws and protections that are producing harm.
|
| (To be clear, copyright still applies to things that are paid for
| or licensed -- movies, songs, articles, etc.)
| ClumsyPilot wrote:
| Banning people using an API doesn't sound very free market
|
| The ideas of "Free market" evolved before EULA type bullshit
| did, I don't think original creators of the idea would approve
| of them.
| [deleted]
| crazygringo wrote:
| To the contrary -- the "free" in "free market" refers to
| freedom. So if a service wants to ban a user, then that's
| pretty much the definition of a free market.
|
| Similarly, a user is free to try to get around the ban by
| using a different IP address, etc.
|
| Both sides here would be free to do what they want without
| the law taking sides. But at a technical level, because anti-
| scraping measures aren't that hard to defeat, it means that
| users and competitors will be the primary beneficiaries here.
| ClumsyPilot wrote:
| So I am ok to use my 'freedom' and pay someone to cut your
| supply of cement, so that you can't compete with me in
| construction? Where is the boundary between 'free market'
| and narket manipulation, and how do you prove the latter?
|
| This happens all the time, Intel, paid computer
| manufacturers not to use AMD chips.
|
| As for the bans and circumvention idea - I would like a
| stable and reliable system that's guaranteed to work, not a
| constant game of cat and mouse.
| klyrs wrote:
| > I would like a stable and reliable system that's
| guaranteed to work, not a constant game of cat and mouse.
|
| I'd love if the internet wasn't a neverending cat and
| mouse game... but what about spam?
| klyrs wrote:
| "If you're going to be an asshole to my customers, gtfo of my
| bar" predates the concept of an EULA, and IMO, the freedom of
| association is a necessary component of a free market.
| xg15 wrote:
| > _Services are free to rate-limit or ban you if they catch
| you... but if you can get around that then the information
| /interaction is yours._
|
| So what you're saying is, you'd like to encourage a
| technological arms race between intrusion detection systems and
| hackers, without any legal repercussions for either side - and
| this should somehow be in the interests of users.
|
| I don't know why we'd need a "free market" approach, but this
| is just lawlessness.
|
| The result will be that legitimate users get the worst of both
| worlds: If I want to download my own Spotify playlist myself,
| I'll be out of luck - because my dead-simple Wget call will be
| no match for Spotify's bot detection. There is nothing I could
| legally do to make Spotify give me a copy of my own playlist -
| I'll have to pay some third-party service that has the
| necessary know-how to evade the detection and scrape the data
| for me.
|
| Meanwhile, some hacker could use the same service to
| impersonate me or steal my data - and I'd again have no legal
| recourse because, hey, no protection, what the hacker did was
| perfectly legal.
|
| Why would I want any of this?
| crazygringo wrote:
| We already have that technological arms-race, and users
| already win. Just look at the continuing existence of
| "youtube-dl" for example.
|
| Fundamentally services can't be too restrictive and still
| work, so users come out ahead.
|
| Also while hacking into a system is legal, theft/fraud/etc.
| is not. If the hacker does anything with your data, there are
| already laws against that.
| sjy wrote:
| The article advocates for this, calling it "competitive
| compatibility," but noting "it's not enough to legalize
| competitive compatibility, since the platforms have such an
| advantage in technical resources that serious competitors'
| attempts to interoperate face enormous engineering challenges."
| jaggirs wrote:
| This is good and all, but there is a much simpler solution to
| this problem and others:
|
| Progressive taxation of companies
|
| I know this sounds outrageous, but hear me out. What if
| monopolies split _themselves_? Wouldn 't that be great? Does the
| same company really have to make the phone _and_ the charger? No,
| but there are 2 reasons apple does:
|
| 1. Collaboration between the phone department and the charger
| department is slightly easier.
|
| 2. They can abuse their monopoly on iphone chargers to force you
| to pay more for them.
|
| Apple makes about 30 billion on iphones per quarter. Assuming all
| iphones were $600 (which they arent) and everyone uses 2 chargers
| per iphone (because the first one broke) priced at $20, apple
| would be making $2 billion from chargers.
|
| Say, if they didn't abuse their monopoly position for chargers
| they would make only $1.8 billion from them.
|
| This is $2.0 billion - $1.8 billion = $0.2 billion less revenue.
|
| Now if you just tax apple progressively such that taxes for 32
| billion in revenue are more than $0.2 billion higher than paying
| taxes for 30 billion in revenue, apple will split into
| iphoneapple and chargerapple by themselves!
|
| Now in practice you might not want to tax revenue but for example
| the value of the company or something else.
|
| Also you don't want the 'split' companies to still behave like
| they are one company, this means that you want the split-off
| company to have different shareholders from the main company,
| because otherwise they would just behave in mutual interest.
|
| More in line with the topic, netflix might decide to split into a
| 'movie suggestions algorithm' service and a 'movie streaming'
| company.
|
| Google would split into a gazillions of different companies.
|
| But some interoperable internet legislature might be a little
| more realistic :)
| lucian1900 wrote:
| And with that 0.2 billion Apple (along with several others)
| will make sure no such law is passed.
|
| If a law like you propose was possible, then it would already
| be possible to split the monopolies. Neither can happen until
| workers are actually in control of the state, as opposed to the
| current dictatorship of monopolists.
| IshKebab wrote:
| Sure, Apple will split into iPhoneApple and ChargerApple...
| after signing an exclusive 100 year contract for ChargerApple
| to be the sole supplier of chargers to Apple, for a fixed
| price, blah blah blah trivial workaround.
| pessimizer wrote:
| If we think the advantages of monopoly power are undesirable,
| we should tax them. Don't fine them for _abusing_ monopoly
| power; it 's an asset, tax them just for _having it._ Same
| thing that Sanders said about the banks - tax them for simply
| being large, and they 'll break themselves up.
|
| edit: If walled gardens had to pay taxes on their moats, they'd
| stop digging them.
| Fnoord wrote:
| The way it works now is as follows:
|
| * Monopolies by themselves are OK
|
| * Abusing monopoly power in one market to leverage an unfair
| advantage in another market is NOT OK.
|
| In the case of the latter there ain't a tax (the irony is
| that large behemoths are already avoiding paying their fair
| tax). A tax lcould also morally legalize the behaviour (moral
| is important in antitrust behaviour look at the claws/lobby
| of tobacco firms).
|
| On the contrary, it is a fine by a government subjected by a
| court of law. Every government has to start this lawsuit
| themselves though. It takes a lot of effort, time, money. On
| top of the fine, action as a result of being found guilty can
| be demanded as well (see history of US phone companies).
| munfred wrote:
| I find this idea really interesting! Do you have any reference
| on studies that have looked into the idea or places that have
| implemented it?
| cvdub wrote:
| Would this apply to iMessage?
| munfred wrote:
| As the bill S.2658 text currently stands [0], if iMessage has
| more than 100M monthly active users, then yes. It is hard to
| find such statistics on a quick search, but the surest way to
| make sure it applies to iMessage is to call your representative
| and tell them the threshold should be lowered from 100M to 10M
| MAU :)
|
| [0] https://www.congress.gov/bill/116th-congress/senate-
| bill/265...
| thekaleb wrote:
| A quick Google search shows that iMessage does have the
| prerequisite 100 million active users.
| unilynx wrote:
| What did you find? I only see a global number, but this
| proposal requires 100million MUA in the USA
|
| With some quick searches, multiplying iPhone's 39%
| marketshare with 328million Americans gets me to
| 127million, but that's probably too high - not everyone has
| a smartphone, and how many users actually use iMessage at
| least once a month, and not say, WhatsApp exclusively ?
| sedatk wrote:
| iMessage exists on iPad and Macbooks too.
| klyrs wrote:
| > If Facebook is to make its encrypted chat services
| interoperable with third parties, it must reserve the right to
| aggressively fix bugs and patch vulnerabilities. Sometimes, this
| will make it difficult for competitors to keep up, but protocol
| security is not something we can afford to sacrifice.
|
| This looks like a barn door, not a loophole. What would stop
| major players from updating their proprietary protocol on a daily
| basis? The overhead of staying on top of a dozen big social media
| sites' protocols would be absurd.
|
| I agree with the need for security, and I see that the industry
| has failed to update email; but I see that more as a consequence
| of the industry continually trying to "disrupt" email through the
| creation of walled gardens.
| munfred wrote:
| As pointed out, in section 4 of S.2658 this is explicitly
| prohibited:
|
| C) PROHIBITED CHANGES TO INTERFACES.--A change to an
| interoperability interface or terms of use made with the
| purpose, or substantial effect, of unreasonably denying access
| or undermining interoperability for competing communications
| services shall be considered a violation of the duty under
| subparagraph (A) to facilitate and maintain interoperability
| based on fair, reasonable, and nondiscriminatory terms.
| chabad360 wrote:
| From what I understood from the content of the bill, it seems
| that there is a clause that prevents companies from
| aggressively modifying their API to prevent interoperability.
| Lammy wrote:
| Fun fact: Within Facebook's task-tracking system there is/was a
| "wishlist"-priority task with planned details for how to change
| Messenger's MQTT protocol to break third-party clients if need
| be. As far as I know this was never acted upon because Pidgin-
| like third-party clients never became popular for Messenger
| MQTT like they were for the old now-deprecated XMPP Messenger
| gateway.
| fiddlerwoaroof wrote:
| Wait, FB Messenger has a semi-standard API now?
| oconnor663 wrote:
| No, it used to support XMPP, but that support was
| eventually removed:
| https://news.ycombinator.com/item?id=9266769
| fiddlerwoaroof wrote:
| I knew about that: the talk of MQTT made me think that
| there was some improvement in the situation.
| Lammy wrote:
| I wouldn't call it that, but this might be usable for you:
| https://github.com/dequis/purple-facebook
|
| Or maybe not: https://github.com/dequis/purple-
| facebook/issues/496
|
| https://www.facebook.com/notes/facebook-
| engineering/building...
| munfred wrote:
| No it doesn't, you need to impersonate an user and login
| with your password in order to relay messages outside of FB
| messenger. That said, it has been done:
| https://github.com/tulir/mautrix-facebook
| ViViDboarder wrote:
| As I'm reading S4c2c it looks like this would be prohibited.
|
| https://www.congress.gov/bill/116th-congress/senate-bill/265...
| klyrs wrote:
| That's certainly the intent, but as it's written, (by my lay-
| reading) it appears that the burden of proof would rest upon
| a single change, and not a sequence of changes -- any one may
| be innocuous, but their sum may not be. And where a single
| actor may not run afoul, I can imagine a conspiracy of big
| players making changes which collectively burden smaller
| players. I would _greatly_ prefer a consortium or better, an
| independent standards body.
___________________________________________________________________
(page generated 2020-10-18 23:00 UTC)