#REGULATION | Explore Tumblr posts and blogs

mostlysignssomeportents · 9 months ago

Text

Apple to EU: “Go fuck yourself”

If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2024/02/06/spoil-the-bunch/#dma

There's a strain of anti-anti-monopolist that insists that they're not pro-monopoly – they're just realists who understand that global gigacorporations are too big to fail, too big to jail, and that governments can't hope to rein them in. Trying to regulate a tech giant, they say, is like trying to regulate the weather.

This ploy is cousins with Jay Rosen's idea of "savvying," defined as: "dismissing valid questions with the insider's, 'and this surprises you?'"

https://twitter.com/jayrosen_nyu/status/344825874362810369?lang=en

In both cases, an apologist for corruption masquerades as a pragmatist who understands the ways of the world, unlike you, a pathetic dreamer who foolishly hopes for a better world. In both cases, the apologist provides cover for corruption, painting it as an inevitability, not a choice. "Don't hate the player. Hate the game."

The reason this foolish nonsense flies is that we are living in an age of rampant corruption and utter impunity. Companies really do get away with both literal and figurative murder. Governments really do ignore horrible crimes by the rich and powerful, and fumble what rare, few enforcement efforts they assay.

Take the GDPR, Europe's landmark privacy law. The GDPR establishes strict limitations of data-collection and processing, and provides for brutal penalties for companies that violate its rules. The immediate impact of the GDPR was a mass-extinction event for Europe's data-brokerages and surveillance advertising companies, all of which were in obvious violation of the GDPR's rules.

But there was a curious pattern to GDPR enforcement: while smaller, EU-based companies were swiftly shuttered by its provisions, the US-based giants that conduct the most brazen, wide-ranging, illegal surveillance escaped unscathed for years and years, continuing to spy on Europeans.

One (erroneous) way to look at this is as a "compliance moat" story. In that story, GDPR requires a bunch of expensive systems that only gigantic companies like Facebook and Google can afford. These compliance costs are a "capital moat" – a way to exclude smaller companies from functioning in the market. Thus, the GDPR acted as an anticompetitive wrecking ball, clearing the field for the largest companies, who get to operate without having to contend with smaller companies nipping at their heels:

https://www.techdirt.com/2019/06/27/another-report-shows-gdpr-benefited-google-facebook-hurt-everyone-else/

This is wrong.

Oh, compliance moats are definitely real – think of the calls for AI companies to license their training data. AI companies can easily do this – they'll just buy training data from giant media companies – the very same companies that hope to use models to replace creative workers with algorithms. Create a new copyright over training data won't eliminate AI – it'll just confine AI to the largest, best capitalized companies, who will gladly provide tools to corporations hoping to fire their workforces:

https://pluralistic.net/2023/02/09/ai-monkeys-paw/#bullied-schoolkids

But just because some regulations can be compliance moats, that doesn't mean that all regulations are compliance moats. And just because some regulations are vigorously applied to small companies while leaving larger firms unscathed, it doesn't follow that the regulation in question is a compliance moat.

A harder look at what happened with the GDPR reveals a completely different dynamic at work. The reason the GDPR vaporized small surveillance companies and left the big companies untouched had nothing to do with compliance costs. The Big Tech companies don't comply with the GDPR – they just get away with violating the GDPR.

How do they get away with it? They fly Irish flags of convenience. Decades ago, Ireland started dabbling with offering tax-havens to the wealthy and mobile – they invented the duty-free store:

https://en.wikipedia.org/wiki/Duty-free_shop#1947%E2%80%931990:_duty_free_establishment

Capturing pennies from the wealthy by helping them avoid fortunes they owed in taxes elsewhere was terribly seductive. In the years that followed, Ireland began aggressively courting the wealthy on an industrial scale, offering corporations the chance to duck their obligations to their host countries by flying an Irish flag of convenience.

There are other countries who've tried this gambit – the "treasure islands" of the Caribbean, the English channel, and elsewhere – but Ireland is part of the EU. In the global competition to help the rich to get richer, Ireland had a killer advantage: access to the EU, the common market, and 500m affluent potential customers. The Caymans can hide your money for you, and there's a few super-luxe stores and art-galleries in George Town where you can spend it, but it's no Champs Elysees or Ku-Damm.

But when you're competing with other countries for the pennies of trillion-dollar tax-dodgers, any wins can be turned into a loss in an instant. After all, any corporation that is footloose enough to establish a Potemkin Headquarters in Dublin and fly the trídhathach can easily up sticks and open another Big Store HQ in some other haven that offers it a sweeter deal.

This has created a global race to the bottom among tax-havens to also serve as regulatory havens – and there's a made-in-the-EU version that sees Ireland, Malta, Cyprus and sometimes the Netherlands competing to see who can offer the most impunity for the worst crimes to the most awful corporations in the world.

And that's why Google and Facebook haven't been extinguished by the GDPR while their rivals were. It's not compliance moats – it's impunity. Once a corporation attains a certain scale, it has the excess capital to spend on phony relocations that let it hop from jurisdiction to jurisdiction, chasing the loosest slots on the strip. Ireland is a made town, where the cops are all on the take, and two thirds of the data commissioner's rulings are eventually overturned by the federal court:

https://www.iccl.ie/digital-data/iccl-2023-gdpr-report/

This is a problem among many federations, not just the EU. The US has its onshore-offshore tax- and regulation-havens (Delaware, South Dakota, Texas, etc), and so does Canada (Alberta), and some Swiss cantons are, frankly, batshit:

https://lenews.ch/2017/11/25/swiss-fact-some-swiss-women-had-to-wait-until-1991-to-vote/

None of this is to condemn federations outright. Federations are (potentially) good! But federalism has a vulnerability: the autonomy of the federated states means that they can be played against each other by national or transnational entities, like corporations. This doesn't mean that it's impossible to regulate powerful entities within a federation – but it means that federal regulation needs to account for the risk of jurisdiction-shopping.

Enter the Digital Markets Act, a new Big Tech specific law that, among other things, bans monopoly app stores and payment processing, through which companies like Apple and Google have levied a 30% tax on the entire app market, while arrogating to themselves the right to decide which software their customers may run on their own devices:

https://pluralistic.net/2023/06/07/curatorial-vig/#app-tax

Apple has responded to this regulation with a gesture of contempt so naked and broad that it beggars belief. As Proton describes, Apple's DMA plan is the very definition of malicious compliance:

https://proton.me/blog/apple-dma-compliance-plan-trap

Recall that the DMA is intended to curtail monopoly software distribution through app stores and mobile platforms' insistence on using their payment processors, whose fees are sky-high. The law is intended to extinguish developer agreements that ban software creators from informing customers that they can get a better deal by initiating payments elsewhere, or by getting a service through the web instead of via an app.

In response, Apple, has instituted a junk fee it calls the "Core Technology Fee": EUR0.50/install for every installation over 1m. As Proton writes, as apps grow more popular, using third-party payment systems will grow less attractive. Apple has offered discounts on its eye-watering payment processing fees to a mere 20% for the first payment and 13% for renewals. Compare this with the normal – and far, far too high – payment processing fees the rest of the industry charges, which run 2-5%. On top of all this, Apple has lied about these new discounted rates, hiding a 3% "processing" fee in its headline figures.

As Proton explains, paying 17% fees and EUR0.50 for each subscriber's renewal makes most software businesses into money-losers. The only way to keep them afloat is to use Apple's old, default payment system. That choice is made more attractive by Apple's inclusion of a "scare screen" that warns you that demons will rend your soul for all eternity if you try to use an alternative payment scheme.

Apple defends this scare screen by saying that it will protect users from the intrinsic unreliability of third-party processors, but as Proton points out, there are plenty of giant corporations who get to use their own payment processors with their iOS apps, because Apple decided they were too big to fuck with. Somehow, Apple can let its customers spend money Uber, McDonald's, Airbnb, Doordash and Amazon without terrorizing them about existential security risks – but not mom-and-pop software vendors or publishers who don't want to hand 30% of their income over to a three-trillion-dollar company.

Apple has also reserved the right to cancel any alternative app store and nuke it from Apple customers' devices without warning, reason or liability. Those app stores also have to post a one-million euro line of credit in order to be considered for iOS. Given these terms, it's obvious that no one is going to offer a third-party app store for iOS and if they did, no one would list their apps in it.

The fuckery goes on and on. If an app developer opts into third-party payments, they can't use Apple's payment processing too – so any users who are scared off by the scare screen have no way to pay the app's creators. And once an app creator opts into third party payments, they can never go back – the decision is permanent.

Apple also reserves the right to change all of these policies later, for the worse ("I am altering the deal. Pray I don't alter it further" -D. Vader). They have warned developers that they might change the API for reporting external sales and revoke developers' right to use alternative app stores at its discretion, with no penalties if that screws the developer.

Apple's contempt extends beyond app marketplaces. The DMA also obliges Apple to open its platform to third party browsers and browser engines. Every browser on iOS is actually just Safari wrapped in a cosmetic skin, because Apple bans third-party browser-engines:

https://pluralistic.net/2022/12/13/kitbashed/#app-store-tax

But, as Mozilla puts it, Apple's plan for this is "as painful as possible":

https://www.theverge.com/2024/1/26/24052067/mozilla-apple-ios-browser-rules-firefox

For one thing, Apple will only allow European customers to run alternative browser engines. That means that Firefox will have to "build and maintain two separate browser implementations — a burden Apple themselves will not have to bear."

(One wonders how Apple will treat Americans living in the EU, whose Apple accounts still have US billing addresses – these people will still be entitled to the browser choice that Apple is grudgingly extending to Europeans.)

All of this sends a strong signal that Apple is planning to run the same playbook with the DMA that Google and Facebook used on the GDPR: ignore the law, use lawyerly bullshit to chaff regulators, and hope that European federalism has sufficiently deep cracks that it can hide in them when the enforcers come to call.

But Apple is about to get a nasty shock. For one thing, the DMA allows wronged parties to start their search for justice in the European federal court system – bypassing the Irish regulators and courts. For another, there is a global movement to check corporate power, and because the tech companies do the same kinds of fuckery in every territory, regulators are able to collaborate across borders to take them down.

Take Apple's app store monopoly. The best reference on this is the report published by the UK Competition and Markets Authority's Digital Markets Unit:

https://assets.publishing.service.gov.uk/media/63f61bc0d3bf7f62e8c34a02/Mobile_Ecosystems_Final_Report_amended_2.pdf

The devastating case that the DMU report was key to crafting the DMA – but it also inspired a US law aimed at forcing app markets open:

https://www.congress.gov/bill/117th-congress/senate-bill/2710

And a Japanese enforcement action:

https://asia.nikkei.com/Business/Technology/Japan-to-crack-down-on-Apple-and-Google-app-store-monopolies

And action in South Korea:

https://www.reuters.com/technology/skorea-considers-505-mln-fine-against-google-apple-over-app-market-practices-2023-10-06/

These enforcers gather for annual meetings – I spoke at one in London, convened by the Competition and Markets Authority – where they compare notes, form coalitions, and plan strategy:

https://www.eventbrite.co.uk/e/cma-data-technology-and-analytics-conference-2022-registration-308678625077

This is where the savvying breaks down. Yes, Apple is big enough to run circles around Japan, or South Korea, or the UK. But when those countries join forces with the EU, the USA and other countries that are fed up to the eyeballs with Apple's bullshit, the company is in serious danger.

It's true that Apple has convinced a bunch of its customers that buying a phone from a multi-trillion-dollar corporation makes you a member of an oppressed religious minority:

https://pluralistic.net/2024/01/12/youre-holding-it-wrong/#if-dishwashers-were-iphones

Some of those self-avowed members of the "Cult of Mac" are willing to take the company's pronouncements at face value and will dutifully repeat Apple's claims to be "protecting" its customers. But even that credulity has its breaking point – Apple can only poison the well so many times before people stop drinking from it. Remember when the company announced a miraculous reversal to its war on right to repair, later revealed to be a bald-faced lie?

https://pluralistic.net/2023/09/22/vin-locking/#thought-differently

Or when Apple claimed to be protecting phone users' privacy, which was also a lie?

https://pluralistic.net/2022/11/14/luxury-surveillance/#liar-liar

The savvy will see Apple lying (again) and say, "this surprises you?" No, it doesn't surprise me, but it pisses me off – and I'm not the only one, and Apple's insulting lies are getting less effective by the day.

Image: Alex Popovkin, Bahia, Brazil from Brazil (modified) https://commons.wikimedia.org/wiki/File:Annelid_worm,_Atlantic_forest,_northern_littoral_of_Bahia,_Brazil_%2816107326533%29.jpg

CC BY 2.0 https://creativecommons.org/licenses/by/2.0/deed.en

Hubertl (modified) https://commons.wikimedia.org/wiki/File:2015-03-04_Elstar_%28apple%29_starting_putrefying_IMG_9761_bis_9772.jpg

CC BY-SA 4.0 https://creativecommons.org/licenses/by-sa/4.0/deed.en

602 notes · View notes

mostlysignssomeportents · 5 months ago

Text

How to design a tech regulation

TONIGHT (June 20) I'm live onstage in LOS ANGELES for a recording of the GO FACT YOURSELF podcast. TOMORROW (June 21) I'm doing an ONLINE READING for the LOCUS AWARDS at 16hPT. On SATURDAY (June 22) I'll be in OAKLAND, CA for a panel (13hPT) and a keynote (18hPT) at the LOCUS AWARDS.

It's not your imagination: tech really is underregulated. There are plenty of avoidable harms that tech visits upon the world, and while some of these harms are mere negligence, others are self-serving, creating shareholder value and widespread public destruction.

Making good tech policy is hard, but not because "tech moves too fast for regulation to keep up with," nor because "lawmakers are clueless about tech." There are plenty of fast-moving areas that lawmakers manage to stay abreast of (think of the rapid, global adoption of masking and social distancing rules in mid-2020). Likewise we generally manage to make good policy in areas that require highly specific technical knowledge (that's why it's noteworthy and awful when, say, people sicken from badly treated tapwater, even though water safety, toxicology and microbiology are highly technical areas outside the background of most elected officials).

That doesn't mean that technical rigor is irrelevant to making good policy. Well-run "expert agencies" include skilled practitioners on their payrolls – think here of large technical staff at the FTC, or the UK Competition and Markets Authority's best-in-the-world Digital Markets Unit:

https://pluralistic.net/2022/12/13/kitbashed/#app-store-tax

The job of government experts isn't just to research the correct answers. Even more important is experts' role in evaluating conflicting claims from interested parties. When administrative agencies make new rules, they have to collect public comments and counter-comments. The best agencies also hold hearings, and the very best go on "listening tours" where they invite the broad public to weigh in (the FTC has done an awful lot of these during Lina Khan's tenure, to its benefit, and it shows):

https://www.ftc.gov/news-events/events/2022/04/ftc-justice-department-listening-forum-firsthand-effects-mergers-acquisitions-health-care

But when an industry dwindles to a handful of companies, the resulting cartel finds it easy to converge on a single talking point and to maintain strict message discipline. This means that the evidentiary record is starved for disconfirming evidence that would give the agencies contrasting perspectives and context for making good policy.

Tech industry shills have a favorite tactic: whenever there's any proposal that would erode the industry's profits, self-serving experts shout that the rule is technically impossible and deride the proposer as "clueless."

This tactic works so well because the proposers sometimes are clueless. Take Europe's on-again/off-again "chat control" proposal to mandate spyware on every digital device that will screen everything you upload for child sex abuse material (CSAM, better known as "child pornography"). This proposal is profoundly dangerous, as it will weaken end-to-end encryption, the key to all secure and private digital communication:

https://www.theguardian.com/technology/article/2024/jun/18/encryption-is-deeply-threatening-to-power-meredith-whittaker-of-messaging-app-signal

It's also an impossible-to-administer mess that incorrectly assumes that killing working encryption in the two mobile app stores run by the mobile duopoly will actually prevent bad actors from accessing private tools:

https://memex.craphound.com/2018/09/04/oh-for-fucks-sake-not-this-fucking-bullshit-again-cryptography-edition/

When technologists correctly point out the lack of rigor and catastrophic spillover effects from this kind of crackpot proposal, lawmakers stick their fingers in their ears and shout "NERD HARDER!"

https://memex.craphound.com/2018/01/12/nerd-harder-fbi-director-reiterates-faith-based-belief-in-working-crypto-that-he-can-break/

But this is only half the story. The other half is what happens when tech industry shills want to kill good policy proposals, which is the exact same thing that advocates say about bad ones. When lawmakers demand that tech companies respect our privacy rights – for example, by splitting social media or search off from commercial surveillance, the same people shout that this, too, is technologically impossible.

That's a lie, though. Facebook started out as the anti-surveillance alternative to Myspace. We know it's possible to operate Facebook without surveillance, because Facebook used to operate without surveillance:

https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3247362

Likewise, Brin and Page's original Pagerank paper, which described Google's architecture, insisted that search was incompatible with surveillance advertising, and Google established itself as a non-spying search tool:

http://infolab.stanford.edu/pub/papers/google.pdf

Even weirder is what happens when there's a proposal to limit a tech company's power to invoke the government's powers to shut down competitors. Take Ethan Zuckerman's lawsuit to strip Facebook of the legal power to sue people who automate their browsers to uncheck the millions of boxes that Facebook requires you to click by hand in order to unfollow everyone:

https://pluralistic.net/2024/05/02/kaiju-v-kaiju/#cda-230-c-2-b

Facebook's apologists have lost their minds over this, insisting that no one can possibly understand the potential harms of taking away Facebook's legal right to decide how your browser works. They take the position that only Facebook can understand when it's safe and proportional to use Facebook in ways the company didn't explicitly design for, and that they should be able to ask the government to fine or even imprison people who fail to defer to Facebook's decisions about how its users configure their computers.

This is an incredibly convenient position, since it arrogates to Facebook the right to order the rest of us to use our computers in the ways that are most beneficial to its shareholders. But Facebook's apologists insist that they are not motivated by parochial concerns over the value of their stock portfolios; rather, they have objective, technical concerns, that no one except them is qualified to understand or comment on.

There's a great name for this: "scalesplaining." As in "well, actually the platforms are doing an amazing job, but you can't possibly understand that because you don't work for them." It's weird enough when scalesplaining is used to condemn sensible regulation of the platforms; it's even weirder when it's weaponized to defend a system of regulatory protection for the platforms against would-be competitors.

Just as there are no atheists in foxholes, there are no libertarians in government-protected monopolies. Somehow, scalesplaining can be used to condemn governments as incapable of making any tech regulations and to insist that regulations that protect tech monopolies are just perfect and shouldn't ever be weakened. Truly, it's impossible to get someone to understand something when the value of their employee stock options depends on them not understanding it.

None of this is to say that every tech regulation is a good one. Governments often propose bad tech regulations (like chat control), or ones that are technologically impossible (like Article 17 of the EU's 2019 Digital Single Markets Directive, which requires tech companies to detect and block copyright infringements in their users' uploads).

But the fact that scalesplainers use the same argument to criticize both good and bad regulations makes the waters very muddy indeed. Policymakers are rightfully suspicious when they hear "that's not technically possible" because they hear that both for technically impossible proposals and for proposals that scalesplainers just don't like.

After decades of regulations aimed at making platforms behave better, we're finally moving into a new era, where we just make the platforms less important. That is, rather than simply ordering Facebook to block harassment and other bad conduct by its users, laws like the EU's Digital Markets Act will order Facebook and other VLOPs (Very Large Online Platforms, my favorite EU-ism ever) to operate gateways so that users can move to rival services and still communicate with the people who stay behind.

Think of this like number portability, but for digital platforms. Just as you can switch phone companies and keep your number and hear from all the people you spoke to on your old plan, the DMA will make it possible for you to change online services but still exchange messages and data with all the people you're already in touch with.

I love this idea, because it finally grapples with the question we should have been asking all along: why do people stay on platforms where they face harassment and bullying? The answer is simple: because the people – customers, family members, communities – we connect with on the platform are so important to us that we'll tolerate almost anything to avoid losing contact with them:

https://locusmag.com/2023/01/commentary-cory-doctorow-social-quitting/

Platforms deliberately rig the game so that we take each other hostage, locking each other into their badly moderated cesspits by using the love we have for one another as a weapon against us. Interoperability – making platforms connect to each other – shatters those locks and frees the hostages:

https://www.eff.org/deeplinks/2021/08/facebooks-secret-war-switching-costs

But there's another reason to love interoperability (making moderation less important) over rules that require platforms to stamp out bad behavior (making moderation better). Interop rules are much easier to administer than content moderation rules, and when it comes to regulation, administratability is everything.

The DMA isn't the EU's only new rule. They've also passed the Digital Services Act, which is a decidedly mixed bag. Among its provisions are a suite of rules requiring companies to monitor their users for harmful behavior and to intervene to block it. Whether or not you think platforms should do this, there's a much more important question: how can we enforce this rule?

Enforcing a rule requiring platforms to prevent harassment is very "fact intensive." First, we have to agree on a definition of "harassment." Then we have to figure out whether something one user did to another satisfies that definition. Finally, we have to determine whether the platform took reasonable steps to detect and prevent the harassment.

Each step of this is a huge lift, especially that last one, since to a first approximation, everyone who understands a given VLOP's server infrastructure is a partisan, scalesplaining engineer on the VLOP's payroll. By the time we find out whether the company broke the rule, years will have gone by, and millions more users will be in line to get justice for themselves.

So allowing users to leave is a much more practical step than making it so that they've got no reason to want to leave. Figuring out whether a platform will continue to forward your messages to and from the people you left there is a much simpler technical matter than agreeing on what harassment is, whether something is harassment by that definition, and whether the company was negligent in permitting harassment.

But as much as I like the DMA's interop rule, I think it is badly incomplete. Given that the tech industry is so concentrated, it's going to be very hard for us to define standard interop interfaces that don't end up advantaging the tech companies. Standards bodies are extremely easy for big industry players to capture:

https://pluralistic.net/2023/04/30/weak-institutions/

If tech giants refuse to offer access to their gateways to certain rivals because they seem "suspicious," it will be hard to tell whether the companies are just engaged in self-serving smears against a credible rival, or legitimately trying to protect their users from a predator trying to plug into their infrastructure. These fact-intensive questions are the enemy of speedy, responsive, effective policy administration.

But there's more than one way to attain interoperability. Interop doesn't have to come from mandates, interfaces designed and overseen by government agencies. There's a whole other form of interop that's far nimbler than mandates: adversarial interoperability:

https://www.eff.org/deeplinks/2019/10/adversarial-interoperability

"Adversarial interoperability" is a catch-all term for all the guerrilla warfare tactics deployed in service to unilaterally changing a technology: reverse engineering, bots, scraping and so on. These tactics have a long and honorable history, but they have been slowly choked out of existence with a thicket of IP rights, like the IP rights that allow Facebook to shut down browser automation tools, which Ethan Zuckerman is suing to nullify:

https://locusmag.com/2020/09/cory-doctorow-ip/

Adversarial interop is very flexible. No matter what technological moves a company makes to interfere with interop, there's always a countermove the guerrilla fighter can make – tweak the scraper, decompile the new binary, change the bot's behavior. That's why tech companies use IP rights and courts, not firewall rules, to block adversarial interoperators.

At the same time, adversarial interop is unreliable. The solution that works today can break tomorrow if the company changes its back-end, and it will stay broken until the adversarial interoperator can respond.

But when companies are faced with the prospect of extended asymmetrical war against adversarial interop in the technological trenches, they often surrender. If companies can't sue adversarial interoperators out of existence, they often sue for peace instead. That's because high-tech guerrilla warfare presents unquantifiable risks and resource demands, and, as the scalesplainers never tire of telling us, this can create real operational problems for tech giants.

In other words, if Facebook can't shut down Ethan Zuckerman's browser automation tool in the courts, and if they're sincerely worried that a browser automation tool will uncheck its user interface buttons so quickly that it crashes the server, all it has to do is offer an official "unsubscribe all" button and no one will use Zuckerman's browser automation tool.

We don't have to choose between adversarial interop and interop mandates. The two are better together than they are apart. If companies building and operating DMA-compliant, mandatory gateways know that a failure to make them useful to rivals seeking to help users escape their authority is getting mired in endless hand-to-hand combat with trench-fighting adversarial interoperators, they'll have good reason to cooperate.

And if lawmakers charged with administering the DMA notice that companies are engaging in adversarial interop rather than using the official, reliable gateway they're overseeing, that's a good indicator that the official gateways aren't suitable.

It would be very on-brand for the EU to create the DMA and tell tech companies how they must operate, and for the USA to simply withdraw the state's protection from the Big Tech companies and let smaller companies try their luck at hacking new features into the big companies' servers without the government getting involved.

Indeed, we're seeing some of that today. Oregon just passed the first ever Right to Repair law banning "parts pairing" – basically a way of using IP law to make it illegal to reverse-engineer a device so you can fix it.

https://www.opb.org/article/2024/03/28/oregon-governor-kotek-signs-strong-tech-right-to-repair-bill/

Taken together, the two approaches – mandates and reverse engineering – are stronger than either on their own. Mandates are sturdy and reliable, but slow-moving. Adversarial interop is flexible and nimble, but unreliable. Put 'em together and you get a two-part epoxy, strong and flexible.

Governments can regulate well, with well-funded expert agencies and smart, adminstratable remedies. It's for that reason that the administrative state is under such sustained attack from the GOP and right-wing Dems. The illegitimate Supreme Court is on the verge of gutting expert agencies' power:

https://www.hklaw.com/en/insights/publications/2024/05/us-supreme-court-may-soon-discard-or-modify-chevron-deference

It's never been more important to craft regulations that go beyond mere good intentions and take account of adminsitratability. The easier we can make our rules to enforce, the less our beleaguered agencies will need to do to protect us from corporate predators.

If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2024/06/20/scalesplaining/#administratability

Image: Noah Wulf (modified) https://commons.m.wikimedia.org/wiki/File:Thunderbirds_at_Attention_Next_to_Thunderbird_1_-_Aviation_Nation_2019.jpg

CC BY-SA 4.0 https://creativecommons.org/licenses/by-sa/4.0/deed.en

#pluralistic #cda #ethan zuckerman #platforms #platform decay #enshittification #eu #dma #right to repair #transatlantic #administrability #regulation #big tech #scalesplaining #equilibria #interoperability #adversarial interoperability #comcom

99 notes · View notes