The Good And The Bad Of The ACCESS Act To Force Open APIs On Big Social Media
from the one-step-forward,-two-steps-back dept
As people here will probably know, I am a huge proponent of a "protocols, not platforms" approach to handling questions around big tech and competition (as well as privacy, content moderation and more). I even wrote a pretty long paper about it for the Knight 1st Amendment Institute at Columbia University entitled Protocols, Not Platforms: A Technological Approach to Free Speech. So, I was definitely curious to see what Senators Warner, Hawley and Blumenthal had cooked up with their new ACCESS Act [Augmenting Compatibility and Competition by Enabling Service Switching Act] since it's being pitched as pressuring big social media companies to open up their platforms to competitors.
I've been a pretty big critic of past proposals from Senator Warner, Senator Blumenthal and especially Senator Hawley, but given that the topic of this particular bill sounded like it might be in line with my suggestions about creating competition through interoperable protocols and open APIs, I thought that maybe, just maybe, these Senators might have gotten it right.
Unfortunately, that does not look to be the case. To be fair, this bill is not nearly as bad as previous efforts by (especially) Hawley and Blumenthal to regulate internet companies. Indeed, I'd almost be convinced that, unlike some of their previous bills, this one actually is legitimately trying to solve the issues associated with some internet platforms becoming too dominant, and creating a path towards more actual competition. Also, this does, at the very least, take a different approach compared to the usual tools of governments (fines, breakups, etc) and recognizes the value of interoperability and actually enabling competition.
The problem, though, is that this bill won't actually accomplish what it hopes to do so. Because -- and this is a hallmark of Hawley's various tech bills -- it seeks to regulate a dynamic and rapidly evolving market as if it's stagnant and set in stone with little likelihood of ever changing. It also takes a very heavy handed approach, and reminds me, yet again, that Hawley seems to think he should be appointed the product manager for the internet. Also, there are much, much easier ways to accomplish what this bill seeks to accomplish -- by fixing other laws, rather than by piling on new rules.
The crux of this bill is that very large internet platforms (over 100 million monthly active US-based users, which would limit it to a very small number of platforms, perhaps just Facebook, YouTube, WhatsApp, Instagram, Twitter, LinkedIn, Snapchat and Pinterest) would have to offer up an open API and data portability for others, such as smaller competitors, to access the data on the platform.
A large communications platform provider shall, for each large communications platform it operates, maintain a set of transparent, third-party-accessible interfaces (including application programming interfaces) to initiate the secure transfer of user data to a user, or to a competing communications provider acting at the direction of a user, in a structured, commonly used, and machine-readable format.
One other interesting element here is that it would set up a new class of middlemen, that users could designate to manage their privacy. I envisioned something like this both in my Columbia paper and in one of my fiction stories in the Working Futures anthology, but mandating it by law just seems weird and nonsensical. This is the type of thing that you shouldn't need to mandate if everything else is designed properly.
The other crazy thing about this bill is that it seems to exist in a world where it doesn't recognize how this setup conflicts with all of the other complaints -- often put forth by the likes of Senators Warner, Hawley and Blumenthal -- that these companies don't do enough to protect user privacy. Yes, it hand waves at the privacy issue, by basically saying "make all your data available via an API... but make sure you keep it private." And that's about it. How to accomplish this without it creating a massive privacy nightmare is left unstated. Honestly, the description of the API they're asking for sounds an awful lot like the setup Facebook used to have, which was abused by Cambridge Analytica, leading to Facebook getting hit with a $5 billion fine. And now these Senators -- who I'm sure supported the FTC's fine (or even perhaps wanted more) -- are basically demanding that Facebook recreate the same open access plan?
Among the many bizarre and unworkable aspects of this bill is that it requires NIST -- the National Institute of Standards and Technology -- to come up with "standards" to make online messaging, social networking, and multimedia sharing standardized and "interoperable" within 180 days. This just goes to show that Warner, Hawley and Blumenthal (1) have never, ever been involved in the process of setting a technical standard, and (2) have no clue how many different variations there are on those three categories, which would make them fairly difficult to standardize (which is one of the many reasons attempts in the past to standardize each of those categories has failed miserably).
Finally, it's unclear why this particular approach is needed in the first place. As we've discussed, the big internet companies launched the Data Transfer Project last year that already accomplishes the core aspects that this bill wants to enable, but in a more privacy-protective manner, and that's been improving a lot.
So, yes, I actually appreciate that this is a slightly smarter approach to trying to create more interoperability -- which I do think is important -- but it goes about it in perhaps the least useful way possible. There are a whole bunch of better approaches, many of which we've discussed before:
- Have Congress clarify that APIs are not covered by copyright (before the Supreme Court even has a chance to weigh in). Overturn the CAFC's awful decision and you'll get more APIs and more interoperability. This is a low-hanging fruit type of option.
- Get rid of Section 1201 (the anti-circumvention or DRM clause) of the DMCA. This would allow for much more reverse engineering to get access to platforms, allowing more competitors to create their own interoperable systems.
- Fix the CFAA such to overturn the Power ruling that said that a third party company couldn't scrape Facebook's data even with permission from the user.
- Get rid of software patents, which can and are used to block interoperability and similar features within services.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: access act, apis, competition, interoperability, josh hawley, mark warner, platforms, privacy, protocols, richard blumenthal, social media, transportability
Companies: facebook, google, linkedin, twitter, youtube
Reader Comments
Subscribe: RSS
View by: Time | Thread
"Have Congress clarify that APIs are not covered by copyright &
Get rid of software patents."
Hmmmm. It doesn't take an oracle to see some difficulties in making THAT happen.
[ link to this | view in chronology ]
How can the government dictate what software a company writes? Are they going to create the API that each of these companies must implement? Can they even do that (legally, not technically)? Doesn't this run afoul of the 1st Amendment?
[ link to this | view in chronology ]
Re:
Yes, the Government making peoples speech free and accessible could be a problem. Who do you want to silence first?
[ link to this | view in chronology ]
I hate this usurped government and its neverending barage of laws, restrictions and regulations that are choking the life out of my country.
[ link to this | view in chronology ]
Just a clarifictation, if you would.....
"....Get rid of Section 1201 (the anti-circumvention or DRM clause) of the DMCA. This would allow for much more reverse engineering to get access to platforms..."
Wait, what? What about the Chinese, who do this on a daily basis? Why is their reverse engineering ok, but software engineers (like myself), who spend years creating software to earn a living, have to now surrender things that we created so everybody and their brother can make money off of our creations? Or, am I misunderstanding what you're saying?
[ link to this | view in chronology ]
Re: Just a clarifictation, if you would.....
Wait, what? What about the Chinese, who do this on a daily basis?
I'm pretty sure this won't make the Chinese copy any more code than they already do.
[ link to this | view in chronology ]
Re: Just a clarifictation, if you would.....
Removing that provision wouldn't make it any more legal to copy the protected work than it already was. If someone cracked the protection on your code and started using it in their product, you could sue them for that regardless of Section 1201. You just couldn't sue them merely for cracking the protection if what they did with the code was something that would've been legal absent the protection (eg. analyzing the code for exploitable vulnerabilities and reporting them (which I understand some companies don't like, but as a professional software engineer myself I have to say "Tough shit, fix your damned code.")).
[ link to this | view in chronology ]
Re: Just a clarifictation, if you would.....
You are misunderstanding what I'm saying.
Nothing in removing 1201 changes anything like you suggested. It just means that someone can't sue someone for copyright infringement just because they got around DRM.
[ link to this | view in chronology ]
Re: Re: Just a clarifictation, if you would.....
@Mike, @TKnarr: Thank you both for your clarifications. Now the entire article makes more sense! Then I am in agreement with Mike's original article.
We do provide APIs for our software, which we document and provide to our users at no cost. Many of our users LIKE using the APIs, and therefore want to do more business with us. I'd much rather have the extra business because I provided a service (or product function) that customers WANT, rather than be TOLD to do by the gov't......
[ link to this | view in chronology ]
Re: Just a clarifictation, if you would.....
[ link to this | view in chronology ]
Providing the data via an API while keeping it private in the sense the law uses seems to me to be fairly straightforward: the API is authenticated via application-specific tokens that the user can generate and give to third parties to use on their behalf. See Github's personal access tokens for an example. OAuth can also be used to do this.
[ link to this | view in chronology ]
Yes, yes, do those 4, and
Run an education campaign that explains to the citizenry how standards make wonderful sense for the technical disciplines.
See this internet? It would not be anywhere near as amazing and vibrant without all of the interoperability standards, TCP, IP, HTTP, HTTPS (which relies on standardized cryptography), ...
[ link to this | view in chronology ]
Re: Yes, yes, do those 4, and
To an extent.... part of the reason we have such interoperability in modern browsers is due to various browsers failing the Acid2 and Acid3 tests. The companies behind the various browsers then updated them to have those features working correctly in order to pass those tests...
Going on that Precedent, the idea worked because the test itself acted as the standard. If a browser failed, it would be cast in a negative light.
Congress lacks the knowledge and ability to create a common goal point, nor would the social media companies be likely to care.
[ link to this | view in chronology ]
The lipstick is slipping off the pig
Authoritarians. Gotta love 'em.
[ link to this | view in chronology ]
Does the ACCESS Act give back control of feeds to users?
[ link to this | view in chronology ]
A large communications platform provider shall, for each large communications platform it operates, maintain a set of transparent, third-party-accessible interfaces (including application programming interfaces) to initiate the secure transfer of user data to a user, or to a competing communications provider acting at the direction of a user, in a structured, commonly used, and machine-readable format.
This sounds like someone in the government wants this data easily comprehensible for personal viewing!
[ link to this | view in chronology ]