Four boring ways to regulate Big Tech

For a couple of weeks a while back, there was a brief bubble of media personalities pressing the case for “breaking up” Big Tech. In a current events cycle dominated by news of Russian hacking, institutions under siege, “fake news” and the like, the GAFA companies’ ascent to global dominance is now seen by some as a precursor to an episode of Black Mirror, rather than the sunny tech-optimistic future we all enjoyed in the mid-aughts.

But when you get into the details of what such a “breakup” might actually entail, things get murky very quickly. What would breaking up Google or Facebook actually look like? Amazon is not AT&T; Google is not Standard Oil. A breakup based on, say, geography is nonsensical on face for an internet company. Moreover, these consumer-facing companies are dominant mostly on the basis of consumer choice, not simply lock-in, like a Microsoft Windows/Internet Explorer sort of scenario. (No one uses Google Maps because Apple Maps just isn’t accessible. Google’s product is just demonstrably superior.) In any case, public support for breaking up Big Tech isn’t very high anyway.

Instead, a more practical, and probably effective, approach to protecting consumers, citizens, markets, our political system and society at large would be through plain, old, boring regulatory action, both through existing statutes and feasible new ones. Here are four possible ways to do that.

1 – Data Protection

The United States is still mostly a Wild West when it comes to individuals’ rights or control over how their personal data is used. That is to say – you don’t really have any.

Data breaches have become so common that it would be surprising if your name and personal information – addresses, phone numbers, credit cards, Social Security numbers and much more – weren’t in some hacker’s database, offered for sale on the darkweb right now. Often, these breaches occur because of breathtaking negligence by professional staff, with the knowledge and even blessing of executive leadership. When hacks are discovered, often years after the fact, companies may pay a pittance in fines and payouts – or not. The CIO may lose his/her job – or not. In most ways, the negligent handling and eventual theft of deeply personal and potentially sensitive data is considered more a PR issue, not truly a critical business risk, for most U.S. companies today.

The exposure and sale of so much personal information is harmful in many obvious ways to individual privacy, which underlies everything from commerce to the nature of a free society. When you consider the costs of exposing individuals’ sensitive data, like medical or financial information, the consequences could be grave. There are separate laws in place protecting those classes of data, but they are old and in dire need of overhaul for the 21st century.

To that end, the United States should create its own Data Protection Authority, based on the EU model. Like the European ones, the U.S. DPA would not be a “technical” agency, but rather, a legal and enforcement body. The DPA should, in part, be responsible for creating and enforcing a set of data management and protection principles, similar to how the SEC does with Generally Accepted Accounting Principles (GAAP). Just as any public company must adhere to GAAP accounting standards, any company that collects and stores private customer data should adhere to the DPA’s published rules. Any company that suffered a data breach would be compelled to report it, perhaps confidentially, to the DPA. Meaningful fines and other enforcement mechanisms should be in place to ensure compliance.

Personally, I think we’re one major data breach at a Google or Facebook away from overwhelming public support for a proposal like this one.

2 – Tax reform (but really this time)

Tax avoidance has always kept a large swath of Fortune 500 Finance departments employed, but the GAFA companies have taken this game to another level. By exploiting obscure loopholes and constructing elaborate internal schemes for routing revenue, Big Tech makes a mockery of American corporate taxes. Between 2007 and 2015, for example, Facebook, a massively profitable corporation, paid a whopping 3.8% in U.S. federal, state, local and foreign taxes, combined. Amazon’s rate was only 13%, and Google’s was 16%. This is outrageous.

Of course, all companies “play the game” when it comes to taxes, but the extent to which Big Tech contorts its financial structure is truly egregious. These firms do not need what amounts to a big tax subsidy from the public treasury (or have you not seen Amazon’s latest office spheres?). The U.S. is missing out on billions of uncollected tax, and many of the wealthiest people in the world are the direct beneficiaries.

The solution is only partly legislative – obviously, Congress should resist lobbyist pressure and eliminate many of tech’s favorite loopholes. At the same time, if the IRS were properly resourced, the right leadership there could capture a lot of value simply by scrutinizing these companies’ tax filings.

3 – Mandate cooperation

As they say, “the internet is the crime scene of the 21st century.” And yet, many of our authorities are still working in analog.

The FBI has a backlog tens of thousands deep of mobile devices that are critical to the prosecution of major crimes. Yet they can’t access any of them because of vendor encryption (which, of course, is a big part of the reason why criminals chose them in the first place). Local law enforcement is even worse equipped to face this challenge. Make no mistake: with digital communications “going dark” because of encryption, investigating and prosecuting serious crime is becoming much more difficult. (I wrote something about this a while back about Apple’s resistance to cooperating with the FBI.) This pressures some authorities to resort to more aggressive, even questionably legal, tactics to uncover evidence, but for most, it means that evidence simply isn’t available.

Most digital platform companies like Google, Facebook or Twitter already have staff that are tasked to respond to things like court orders and regulator demands, but they do so with resistance. Facebook, in particular, has been cited for its foot-dragging and reluctance to cooperate with Congressional investigators. Part of this is cultural – these companies see government as adversarial. But part of it is also that there’s little formal legal framework to facilitate this cooperation. These companies rightly fear legal consequences from users, shareholders or others, or the risk of revealing too much to competitors, if they provide too much transparency to government authorities. American authorities, that is. When other governments with a less solicitous attitude demand cooperation – the Chinese, say, or Germans – they get it, without all the dissembling.

As more and more of our society exists in online platforms like Google, Facebook, Twitter and others, and our lives are mediated on digital devices, the government must either assert some form of equivalent right to enforce laws there, or effectively cede its role beyond the physical realm. The U.S. government has a proper role in, say, requiring social platforms to crack down on foreign influence campaigns, or stopping bot users from influencing public policy, or even simply preventing fraud. The laws governing this relationship are typically decades or even a century old, dating back to the telegraph, and are woefully inadequate.

4 – Non-discrimination

Big Tech is overwhelmingly white/asian and male. It has both a racial and gender discrimination problem that is widely acknowledged, even by companies themselves. And yet, we’re told, there’s simply nothing to be done. It’s impossible to make any progress. And even if there were, it’s companies themselves that must do the changing.

I bet that if the Justice Department’s Civil Rights Division took a mind to investigating the hiring practices in Big Tech, they’d have a lot to say about that. The political will to do so, however, is lacking.

Back on planet Earth…

It’s one of those quirks of fate that such a meteoric technological change in how society is ordered has occurred in the same era as increasing political dysfunction. This has been good for Big Tech, and arguably bad for consumer protection.

Big, complicated regulatory arrangements with powerful and complex industries like Tech are terribly difficult to hammer out even in calmer political times. In times like these, when bipartisan cooperation is nil and both parties are flush with corporate funding, they’re pretty much impossible. I suspect that this is the same calculation GAFA firms have made, which is why they are pressing their advantage as long as they have it.

But Big Tech knows this situation will not last forever, and they’re getting out ahead of it already. GAFA firms are ramping up their lobbying spending by double digits, each year, to “educate” lawmakers. While still not spending as much as industries like energy or pharma, as “tech” grows to touch almost every industry, its lobbying budgets will grow accordingly. Just watch.


Related posts:


I send out a semi-regular update with the more interesting stuff I've read and written. Learn more about it and read old issues, or just sign up below. I won't spam you - promise.