The UK competition authority embraces a new regulatory regime to tackle the market power of technology platforms

The three “Rs” of the platformed exponential age we live in are new rules, new rights, and new regimes. 

 

 

6 July 2020 (Chania, Crete) – As I have noted in a series of posts this past year, the new three “Rs” of the exponential age we live in are new rules, new rights, and new regimes. Last week the U.K. Competition and Markets Authority (CMA) was front-and-center on many of these issues with its call for a new regulatory regime to tackle the market power of Google and Facebook.

NOTE: The CMA issued its final report investigating online platforms and digital advertising and the massive power of these platforms, and specifically to tackle Google and Facebook’s market power. The full document is 400+ pages and it took me the weekend to digest it. But it’s pretty close to numerous drafts the CMA circulated during the process for public comment. They received 100+ detailed briefs from the platform ecosystem (naturally) and thousands of comments from the general public. Jason Kint did an excellent summary on Twitter and I have a link below.  Jason runs Digital Content Next. His company produces some of the finest proprietary research on advertising, branding, digital content, etc. and also creates private forums to explore and advance all the key issues affecting and effecting digitalization.

To its credit, the CMA seems to understand the market power in the exponential age and why it looks different to traditional market power. The CMA recognizes the increasing returns to scale of the user base they access. In brief the CMA recommends:

• new rights including greater consumer control of data

• mandatory interoperability

• increased third-party access to data

• data silos within large platforms

In my blog posts I often quote Philip Agre, especially his pioneering article from 1994 titled Surveillance and Capture which is about the way computing systems and networks “capture” data. I love the word “capture”, an implication of a measure of violence as these systems force their environment (us) into the modus of data-engines. He predicted that we’d see a permanent translation of the flux of life into machine readable bits and bytes. And without using the word “platform” but in every sense of the word meaning platform, he said this was all due to the growing reliance on data-driven decision systems, systems “that would need ever more behavioral data as they move into cyberphysical systems. It will completely overhaul our existing information infrastructure, and the thirst for data will have no end”.

NOTE: One of the things I detest about the Internet and how it has changed our thinking is the inexorable disappearance of retrospection and reminiscence from our digital lives. Our lives are increasingly lived in the present, completely detached even from the most recent of the pasts. And yet we have this enormous global information exchange at our disposal. So much of what we are experiencing now, often considered as “new”, has been addressed in detail in the past. Besides Agre, Nicholas Negroponte and his book “Being Digital”, originally published in January 1995, jumps to mind. His book provides a general history of several digital media technologies, many that Negroponte himself was directly involved in developing. He said “humanity is inevitably headed towards a future where everything that can will be digitalized (be it newspapers, entertainment, or sex) because we’ll get better at controlling those unwieldy atoms”. He introduced the concept of a virtual daily newspaper (“customized for an individual’s tastes”), predicted the advent of web feeds, personal web portals, “mobile communications in your pocket”, and that “touch-screen technology would become a dominant interface”.

But in a sense, this is hardly surprising: the social beast that has taken over our digital lives has to be constantly fed with the most trivial of ephemera. And so we oblige, treating it to countless status updates and zetabytes of multimedia (almost three thousand photos are uploaded to Facebook every second!), and the latest “business news” which is really a press release or a paid ad (and rarely disclosed as such). This hunger for the present is deeply embedded in the very architecture and business models of social networking sites. Google and Facebook and Twitter and [insert your fav social media or news feed here] are not interested in what we were doing or thinking or writing 5 years ago, or 10 years ago, or 20 years ago; it’s what we are doing or thinking about right now that the systems say “we really need to know”.

The CMA does not mention Agre but seem to track his concept that we have been “platformed”. As the CMA notes, what sets the new digital data superstars apart from historical firms is not their market dominance; many traditional companies have reached similarly commanding market shares in the past. What’s new about these companies is that they themselves are markets.

Yes, markets have been around for millennia; they are not an invention of the data age. But digital data superstar firms don’t operate traditional markets; theirs are rich with data. It’s why data protection is futile. Cesar Ghali of the Computer Science Department at the University of California Irvine has done a study of the networking architecture of social media (and media in general) and the dissemination/flow of information, looking at the collection of personal data and targeted advertising, and news sites, among others. In a nutshell … and you have certainly heard this before, especially from me … he says:

In today’s digital world, we’re continuing to upload more of our personal information to all of these interwebs in exchange for convenience. As such, some degree of information governance should be necessary to protect us. Companies should be held accountable for misusing people’s data. But this data is flowing into silos we are totally unaware of. This is the nature of the data beast. Besides, we do not really care to any serious degree. Why? Because the likes of Amazon and Facebook and Google generally making your life easier and/or better means the very algorithms that enable this need to be fueled by massive amounts of data. The more data they have, the more capable and sophisticated they become. And we’ll keep feeding them. Because they make life easy. It’s that simple.

Platformization has become the order of the day in every domain, not just Facebook/Google/social media. Agriculture, retail trade, transportation, tourism, banking, finance, on-demand services: name it, and you can spot it. This shift has fostered monopolistic tendencies and market concentration across the economy.

As Stacy Mitchell (a brilliant journalist whose focus in on concentrated economic power) said over four years ago in her in-depth report on Big Tech’s platform power (with a focus on Amazon’s power, scope and impact) : “we are going to have a multi-trillion-dollar monopoly … hiding in plain sight.”

The new three Rs, part deux

 

Last year when I was attending DEF CON in Las Vegas, I befriended a chap I will call “Insider”, a guy who works for one of the GAFAs (Google, Amazon, Facebook, Apple) but who provides journalists insider information on a “no attribution” basis to make their reporting more authoritative. Ok, he gets a nice dinner. But no cash. Through his use of an authentication key he is able to work his way through layer upon layer of authentication checks in his employer’s databases. Once he showed me how his company can track/collect all the many parts of my digital existence (and how I can create false data avatars to throw off GAFA’s scent, tricks I still use today).

That these companies have ridiculous, mind-boggling amounts of data on each of us is certainly no surprise. As he told me:

Once your data hits our servers, thousands of different copies fly off in all directions. I’m not even too sure where this data ends up. Nobody does. Kinda why the GDPR is pretty pointless, plus all these other privacy laws bubbling up in the U.S. Because once you’re exposed to one bit of the data collection operation you’re exposed to all bits of the operation. What we do is build what I call a “data cube” about you. I’m using all kinds of bits of information, pulling in more data from thousands of servers, putting it all together, then burying it all in machine readable code.

This data need is so copious within this tech giant, so woven into its DNA, that “Insider” needs to task thousands of computers spread across data farms and clusters all over the world to actually find and pull together all the information that is technically out there about you. This data universe, the creation of your “data cube”, is what all companies want. So now you understand how important it is to a company like Amazon.

But the really big point he made was this:

Privacy is not the real biggie. It’s that we have … well, the whole system has … control, infrastructural power. We control the computers, we collect, non-stop, data data data. But we also control of the system. It’s not the large datasets that give us power. It’s the whole system. We have the best visibility, the best ability to see the entire data-means-action framework.

This is exactly what Michael Veale has been banging on about for years. Michael and my “Insider” both talk about “infrastructural power”. Michael is a lecturer in digital rights and regulation in the faculty of laws, University College London, and today he is testifying at the UK Information Commissioner (ICO) hearing on COVID-19 contact tracing, privacy, and databases.

NOTE: I wrote about Michal two years ago. He has written quite a bit about the flaws in the EU’s General Data Protection Regulation (GDPR). His main focus has been “right to an explanation” in the GDPR simply does present the remedy to algorithmic harms, particularly in many of the “algorithmic war stories” that have shaped recent attitudes in this domain: “The GDPR is restrictive, unclear, or even paradoxical concerning when any explanation-related right can be triggered and shows the drafters lacked all meaningful information about the logic of processing.”

His testimony to the ICO will be that privacy is hardly the issue. On his blog over the weekend he noted:

It’s commonly said that in the digital world, data is power. This simple view might apply to a company collecting data through an app or a website, such as a supermarket, but doesn’t faithfully capture the source of power of the firms controlling the hardware and software platforms these apps and websites run on. Using privacy technologies, such as “federated” or “edge” computing, Apple and Google can understand and intervene in the world, while truthfully saying they never saw anybody’s personal data.

Data is just a means to an end, and new, cryptographic tools are emerging that let those firms’ same potentially problematic ends be reached without privacy-invasive means. These tools give those controlling and co-ordinating millions or even billions of computers the monopolistic power to analyse or shape communities or countries, or even to change individual behaviour, such as to privately target ads based on their most sensitive data — without any single individual’s data leaving their phone. It’s not just ad targeting: privacy technologies could spotlight the roads where a protest is planned, the areas or industries likely to harbour undocumented migrants, or the spots in an oppressive country most likely to be illegal LGBT clubs — not personal data, but data with serious consequences nonetheless.

This approach is effectively what underpins the Apple-Google contact-tracing system. It’s great for individual privacy, but the kind of infrastructural power it enables should give us sleepless nights. Countries that expect to deal a mortal wound to tech giants by stopping them building data mountains are bulls charging at a red rag. In all the global crises, pandemics and social upheavals that may yet come, those in control of the computers, not those with the largest datasets, have the best visibility and the best – and perhaps the scariest — ability to change the world.

What should really happen? Law should be puncturing and distributing this power, and giving it to individuals, communities and, with appropriate and improved human-rights protections, to governments. But to do so, we’d need new digital rights. Today, data protection and privacy laws are so easily dodged or circumvented by technical assurances of confidentiality. We cannot escape the giants’ walled gardens. And we are trapped by the features that underlie the inherent complexity of digital networks because few understand, or bother to try to understand, the socio-technical configurations that bind us.

His last point is the most intriguing to me because it speaks to my study of networks and digital capitalism which forces you to step outside the usual lanes and cross disciplines, social silos, and cultural boundaries. I became enthralled with networks a few years ago when I did a deep dive into cyber security and cyber war, using them for mapping dataflow or to reverse engineer legacy systems, under the tutelage of mavens at Crowdstrike and FireEye. Once you learn about networks, you will see them everywhere.

Last week I finally finished Barabási’s classic text:

 

Three things from the book stand:

1. Complex systems exhibit common mechanisms which means that there may be a common and simple explanation for network formation. I find it fascinating that different networks obey fundamental laws.

2. If you attack hubs, you can easily fragment a network into islands, weakening the overall system. This has so many uses to help and harm. You can use this to cure disease, fight terrorism, or wage war. You can use this knowledge to attack or defend.

3. You can use networks to make predictions. We can use networks to predict what music you will like, what you’ll follow, what you’ll buy, how malware will evolve, or how COVID will spread.

It also explains why the tech giants have brought together extraordinary teams of thousands of data scientists (Amazon alone has 3,500+ based on leaked emails). It’s why specialized data science emerged to recognise patterns, establish links, discover consistencies or anomalies or whatever was useful in this seething chaos of raw data.

As I noted above, when my “Insider” showed be a lot of these pieces about me I realized what I actually had done … the real or primary things that I had done … were not as important as the inferences, the conclusions, the probabilistic guesses about what I might likely do next. And that’s something that you can never know about until somebody shows it to you.

It is why I am so cynical about the GDPR. I think Big Tech (its lawyers and lobbyists) played this perfectly: “Yes, let’s focus on protections designed to provide oversight and control over how data is collected and processed. Let’s talk about the ‘right to be forgotten’. Yes, it’s all about people’s privacy, identity, reputation, and autonomy”.

Big Tech kept our eyes off the real ball: protections not about the inputs, but the outputs of data processing. And the incredible extent and complexity of the digital network. .