The Good And The Bad Of The ACCESS Act To Force Open APIs On Big Social Media

As people here will probably know, I am a huge proponent of a “protocols, not platforms” approach to handling questions around big tech and competition (as well as privacy, content moderation and more). I even wrote a pretty long paper about it for the Knight 1st Amendment Institute at Columbia University entitled Protocols, Not Platforms: A Technological Approach to Free Speech. So, I was definitely curious to see what Senators Warner, Hawley and Blumenthal had cooked up with their new ACCESS Act [Augmenting Compatibility and Competition by Enabling Service Switching Act] since it’s being pitched as pressuring big social media companies to open up their platforms to competitors.

I’ve been a pretty big critic of past proposals from Senator Warner, Senator Blumenthal and especially Senator Hawley, but given that the topic of this particular bill sounded like it might be in line with my suggestions about creating competition through interoperable protocols and open APIs, I thought that maybe, just maybe, these Senators might have gotten it right.

Unfortunately, that does not look to be the case. To be fair, this bill is not nearly as bad as previous efforts by (especially) Hawley and Blumenthal to regulate internet companies. Indeed, I’d almost be convinced that, unlike some of their previous bills, this one actually is legitimately trying to solve the issues associated with some internet platforms becoming too dominant, and creating a path towards more actual competition. Also, this does, at the very least, take a different approach compared to the usual tools of governments (fines, breakups, etc) and recognizes the value of interoperability and actually enabling competition.

The problem, though, is that this bill won’t actually accomplish what it hopes to do so. Because — and this is a hallmark of Hawley’s various tech bills — it seeks to regulate a dynamic and rapidly evolving market as if it’s stagnant and set in stone with little likelihood of ever changing. It also takes a very heavy handed approach, and reminds me, yet again, that Hawley seems to think he should be appointed the product manager for the internet. Also, there are much, much easier ways to accomplish what this bill seeks to accomplish — by fixing other laws, rather than by piling on new rules.

The crux of this bill is that very large internet platforms (over 100 million monthly active US-based users, which would limit it to a very small number of platforms, perhaps just Facebook, YouTube, WhatsApp, Instagram, Twitter, LinkedIn, Snapchat and Pinterest) would have to offer up an open API and data portability for others, such as smaller competitors, to access the data on the platform.

A large communications platform provider shall, for each large communications platform it operates, maintain a set of transparent, third-party-accessible interfaces (including application programming interfaces) to initiate the secure transfer of user data to a user, or to a competing communications provider acting at the direction of a user, in a structured, commonly used, and machine-readable format.

One other interesting element here is that it would set up a new class of middlemen, that users could designate to manage their privacy. I envisioned something like this both in my Columbia paper and in one of my fiction stories in the Working Futures anthology, but mandating it by law just seems weird and nonsensical. This is the type of thing that you shouldn’t need to mandate if everything else is designed properly.

The other crazy thing about this bill is that it seems to exist in a world where it doesn’t recognize how this setup conflicts with all of the other complaints — often put forth by the likes of Senators Warner, Hawley and Blumenthal — that these companies don’t do enough to protect user privacy. Yes, it hand waves at the privacy issue, by basically saying “make all your data available via an API… but make sure you keep it private.” And that’s about it. How to accomplish this without it creating a massive privacy nightmare is left unstated. Honestly, the description of the API they’re asking for sounds an awful lot like the setup Facebook used to have, which was abused by Cambridge Analytica, leading to Facebook getting hit with a $ 5 billion fine. And now these Senators — who I’m sure supported the FTC’s fine (or even perhaps wanted more) — are basically demanding that Facebook recreate the same open access plan?

Among the many bizarre and unworkable aspects of this bill is that it requires NIST — the National Institute of Standards and Technology — to come up with “standards” to make online messaging, social networking, and multimedia sharing standardized and “interoperable” within 180 days. This just goes to show that Warner, Hawley and Blumenthal (1) have never, ever been involved in the process of setting a technical standard, and (2) have no clue how many different variations there are on those three categories, which would make them fairly difficult to standardize (which is one of the many reasons attempts in the past to standardize each of those categories has failed miserably).

Finally, it’s unclear why this particular approach is needed in the first place. As we’ve discussed, the big internet companies launched the Data Transfer Project last year that already accomplishes the core aspects that this bill wants to enable, but in a more privacy-protective manner, and that’s been improving a lot.

So, yes, I actually appreciate that this is a slightly smarter approach to trying to create more interoperability — which I do think is important — but it goes about it in perhaps the least useful way possible. There are a whole bunch of better approaches, many of which we’ve discussed before:

  • Have Congress clarify that APIs are not covered by copyright (before the Supreme Court even has a chance to weigh in). Overturn the CAFC’s awful decision and you’ll get more APIs and more interoperability. This is a low-hanging fruit type of option.
  • Get rid of Section 1201 (the anti-circumvention or DRM clause) of the DMCA. This would allow for much more reverse engineering to get access to platforms, allowing more competitors to create their own interoperable systems.
  • Fix the CFAA such to overturn the Power ruling that said that a third party company couldn’t scrape Facebook’s data even with permission from the user.
  • Get rid of software patents, which can and are used to block interoperability and similar features within services.

Do those things and you’ll get your interoperability, transportabiliy, and competition without having to “mandate” it.

Permalink | Comments | Email This Story