Internet Con

Cory Doctorow: The Internet Con: How to Seize the Means of Computation ISBN:9781804291245

Summary (see excepts for details)

  • framing: interop vs lock-in
  • there are 2 sprongs of attack
    • legal
      • active improvements (see Ch8 below)
      • killing existing hopeless messes: DMCA
    • comcom
      • as legal work moves forward - hopefully an early legal win is to decriminalize comcom or at least ignore it
      • as protection against backsliding and cheating



This is a book for people who want to destroy Big Tech. It’s not a book for people who want to tame Big Tech. There’s no fixing Big Tech.

Forty years ago, we shot antitrust law in the guts, and we let companies led by mediocre idiots no better than their forebears establish monopolies

Notably, tech giants today are able to wield the law against interoperators: new technologies that plug into their services, systems and platforms. That’s a privilege that none of yesterday’s easily toppled tech giants had

Today’s tech giants have not invented an interop-proof computer. They’ve invented laws that make interoperability illegal unless they give permission for it. A new, complex thicket of copyright, patent, trade secret, noncompete and other IP rights has conjured up a new offense we can think of as “felony contempt of business model”

network effects are merely how Big Tech gets big. Switching costs are how Big Tech stays big

Interoperability lowers switching costs

There are a lot of things we should do to fix Big Tech: change the rules for mergers, pass comprehensive privacy legislation, ban deceptive “dark patterns” and break up big companies into smaller, competing firms These will take a long time*

By contrast, interop is immediate. Make it legal for new technologies to plug into existing ones

This is a book that explains:
What interoperability is
How interoperability works
How we can get interoperability
How we can mitigate interoperability’s problems

1. How Big Tech Got Big

5. Standards and Mandates: What’s Behind the Shield of Boringness?*

So, let’s force them to interoperate

That’s what laws like the ACCESS Act (US) and Digital Markets Act (EU) propose to do: they propose technology “mandates” that force the largest tech companies to provide a reliable, standardized “interface” to their systems for interoperators to use.

Standards are infrastructure. Infrastructure casts a long shadow

standards organizations are generally optimized for corporate capture

A hot area for the past three decades has been “patent ambushes”—when a corporate member of a standards committee pushes to ensure that its own technology is integrated into the standard, not revealing that it had filed a patent on those techniques until after the standard is published

Patent ambushes are against the rules, but other forms of standards capture are fair game: for example, if the chair, co-chair and secretary all come from a single company (or a duopoly), that’s fine, despite the fact that this means that the largest companies are literally setting the agenda

6. Adversarial Interop: Guerrilla Warfare and Reverse Engineering

Recall the story of Steve Jobs and the iWork suite

The version of Office that Microsoft offered for the Mac was insultingly terrible, and often incapable of reading and writing Office files created on Windows

Steve Jobs didn’t go on bent knee to Bill Gates and beg for a better version of Office for Mac. Instead, he tasked some of his programmers to reverse engineer the Office file formats.

Reverse engineering is at the core of adversarial interoperability—the kind of interoperability that is undertaken against the wishes of the originators of some product or service.

better name, we came up with “Competitive Compatibility,” or comcom. “Comcom” is everything “adversarial interoperability” isn’t: short, easy to say, punchy and easy to spell

Big companies that have cooked up extractive, monopolistic business models—from forcing you to buy expensive printer ink, to forcing you to use their app store to add features to your phone, to forcing you to stay inside their surveillance perimeter in order to socialize with your friends and family—like to stress all the ways that “bad guys” do adversarial interoperability.

They blithely conflate the engineer who figures out how to finesse a printer into accepting cheap ink refills with the criminal who shuts down all the IT systems in a cancer ward, and demand that Something Be Done

Trademark empowers companies to act on behalf of their customers: companies are empowered to use the courts to shut down copycats who behave in a deceptive manner—who market their products and services in a way that is “likely to give rise to confusion.”

The corollary is that trademark does not protect companies from rivals who use their marks in ways that don’t deceive their customers, even if that ends up hurting the companies that hold the trademarks

Enter Apple. Apple is one of the leading opponents of interoperability.*

Apple had led a coalition of manufacturers that successfully lobbied against eighteen different state-level right-to-repair laws that would have forced Apple to supply independent repair depots with parts, manuals and access to the error codes generated by Apple customers’ devices.

Once you’re inside the phone’s guts, get a magnifying glass and start checking out the parts. They’re precisely manufactured to extremely fine tolerances—and they are engraved with minuscule (and even microscopic) Apple logos. As noted, almost no one will ever see these—they are not there for human consumption. They exist for the purposes of invoking trademark. Apple claims that anyone who harvests these parts and ships them to the United States is violating its trademarks

Apple uses patent to prevent the independent manufacture of some parts; it uses anti-circumvention to prevent the independent installation of other parts; it uses contractual arrangements with recyclers to ensure that most used phones are not broken down for parts; it uses trademark to block the re-importation of parts that have escaped the recyclers’ shredders. This is what I mean when I say there’s a “thicket” of laws that stand in the way of interoperability.

8. Jam Today: How We’ll Get There

In 2022, the EU passed the Digital Markets Act (DMA), mandating interoperability between Big Tech services and upstarts (what competition regulators call “new market entrants”): co-ops, startups, nonprofits and other alternatives

In the USA, the ACCESS Act has been introduced in two consecutive legislative sessions and at one point looked set to pass in 2022, though now that’s looking less likely

Imagine if comcom was on the scene

Perhaps just the threat of such a countermove would be sufficient to convince automakers to color within the lines and offer a managed, predictable third-party diagnostic tool offering that might erode their margins, but at least on their own terms.

That’s what I mean when I talk about combining comcom and mandates to create something more powerful than either on their own

Comcom was once the order of the day. Originally, there was no copyright on software at all. Then it acquired a “thin” copyright that could only be narrowly applied. Then, software acquired a copyright far beyond any ever applied to literary works, musical compositions, sound recordings, photos or moving images

The prohibition on circumventing digital rights management, or DRM—embodied in Section 1201 of the DMCA

The thicket took decades to grow. Dismantling it is the work of decades. It’s unlikely that a single omnibus bill modifying all of these laws could pass any legislature

How can we get comcom back while we’re waiting for decades of legislative reform to run its course? Here are three scenarios, in order of likelihood

Binding Covenants

Standards bodies can—and should—adopt a rule that says that members who join must make a legally binding promise not to invoke their rights under patents, copyright, anti-circumvention, trade secrecy, etc., against rivals who reverse engineer and extend their standards-compliant products, so long as this is done in service to privacy, security, usability, accessibility or competition.

But there’s a much bigger, more important club that every large company must be a member of: the club of companies that supply government agencies and departments.

Governments can—and should—have rules about interoperability in their procurement policies

Amazingly, this is a lesson that even the US Department of Defense, the largest employer in America and an eight bazillion– pound gorilla in the procurements department, has forgotten. The US armed forces have long permitted themselves to buy materiel with single-source components

State Limits on Contract

even if someone somehow does manage to reverse engineer their products without being trapped by one of these “agreements,” that any comcom tool they provide to the public is “tortious interference.” Translation: any customer who uses a comcom tool has already “agreed” not to do so when they clicked “I Agree” at the bottom of some endlessly scrolling garbage-novella of legalese. Under the “tortious interference” theory, the interoperator is in the wrong because they’re abetting those customers to break their “agreements” with the original company.

Contract law is mostly regulated by states

When modern companies seek to block comcom, contract law is a powerful weapon. Terms of service can be invoked to ban users from availing themselves of interoperable tools

All of these can be moderated by state-level rules on contracting; simply by banning certain terms, or declaring them unenforceable, states could kick open the doors to Big Tech’s biggest silos

Adult Supervision

Earlier, I talked about the pending US ACCESS Act and the successful EU Digital Markets Act, powerful legislation that would force the biggest tech companies to open up their silos by making available APIs

one major weakness: the API has to be run by the big company

the tech giants cheat all the time

One thing those lawyers will eventually do is offer a settlement: “Let’s just resolve this like reasonable people, and spare everyone all that delay and court expense, shall we?”

Here’s the settlement we should offer them: a special master. A special master is a court-appointed guardian who supervises the conduct of a company

The Interoperator’s Defense

9. What about Privacy?

Tech bosses pay these security experts a lot of money to defend us all from these external threats. But one thing tech bosses will never pay security experts to do is defend us from the tech bosses themselves

OG App is an “alternative Instagram client.”

Just hours after OG App’s launch, Apple yanked it from the App Store. A few days later, Google kicked it out of Google Play, the app store for Android

Back in 2008, Facebook sold itself as the privacy-friendly alternative to MySpace—and it was!

The GDPR has been plagued by weak enforcement, preferentially wielded against smaller firms who can’t afford to fight back.

the regulators didn’t have the resources to engage in long legal battles with tech giants, so they went after the little guys. Easy pickings

Despite this weak enforcement (and despite shoehorned, ill-starred clauses in the GDPR like the “right to be forgotten”), the core of the GDPR is solid (How? This seems like wishful-thinking/bullshit.)

How do you keep enforcers from joining the Chickenshit Club? That’s the rub, isn’t it? I’ll tell you how not to do it: by preserving the giant tech companies intact on the grounds that they need to be more powerful than most governments if they are to muster the resources to defend our privacy. Any company more powerful than the government is a company the government won’t be able to hold to account

Edited:    |       |    Search Twitter for discussion