Here's what interoperability should look like as policy
I wrote a policy memo about mandatory interoperability
Oligopolies run much of the internet. Over the last three decades, scholars have generated an extensive literature documenting the emergence, mechanisms, and harm of this industry structure (Rietveld and Schilling, 2021), and today governments are beginning to act on this knowledge. Countries around the world--including Great Britain, the European Union, and the United States--have affixed their attention to this issue (Montjoye et al., 2019; Furman 2019; Zingales et al., 2019; Cicilline 2021; OECD 2021). They have considered a number of policy solutions, foremost among which has been mandatory interoperability. As policy analyst Chris Riley has observed, “Competition policymakers are fully aware of this dynamic and increasingly, analyses and reports indicate that the future of regulatory travel will be towards promotion of interoperability” (2020). Though there is broad consensus about the need for interoperability, there remains disagreement about the specifics of regulation, particularly in the United States. Here policy debates have centered on the recently proposed ACCESS Act, pending legislation in Congress that would require data portability and interoperability between digital platforms (Robertson 2019). In the following essay, I will add to this discussion by proposing a particular policy approach to mandating interoperability. I recommend that Congress establish a digital regulator to set standards for open Application Programming Interfaces (APIs) that would enable greater exchange of information between platforms. This regulation would significantly boost competition within digital markets by reducing the barriers to entry posed by network effects. However, it would also involve trade offs with user privacy and long-run innovation. Therefore, I emphasize that policymakers must balance these considerations through a robust process for transparently and cooperatively designing industry standards.
I begin by outlining the problem mandatory interoperability seeks to solve. Simply put, digital markets exhibit economic attributes that push them toward concentration. See the Stigler Center’s Final Report on Digital Platforms for an excellent overview of these forces (Zingales et al., 2019). Mandatory interoperability is a particularly important remedy for one of these economic features, network effects, the tendency for digital services to grow in value as their user bases expand (Hovenkamp 2021, 41). Bigger networks enhance the quality of information that platforms can offer users and advertisers, which create barriers to competition because smaller platforms lack access to the dominant network (Zingales et al. 2019, 40). Meta is perhaps the greatest beneficiary of network effects. A competing social media platform cannot offer users content posted by their Facebook friends and advertisers the ability to target fine-grained groups without first building a large network. As a result, Meta has exclusive control over a highly valuable source of information, and there is little incentive to share its bounty with others.
Mandating interoperability attempts to solve this problem. Technically, computer systems “interoperate” when they have the “ability to transfer and render useful data and other information across systems, applications, or components” (Gasser 2015, 10). Meta restricts interoperability in order to monopolize the positive feedbacks of network effects by refusing competitors access to highly valuable information like user content and data. A mandate of interoperability would force Meta to do exactly this, permitting competing platforms to share in the value that emerges from larger networks (Hovenkamp 2021, 40). In fact, mandatory interoperability would move competition into one common network, expanding the size of the whole pie (Hovenkamp 2021, 41). New platforms could then effectively compete on the merits through improving upon the services of dominant platforms within the shared network. This rationale motivates academic and regulatory interest in interoperability.
However, mandating interoperability would surely involve a number of thorny challenges. Interoperability is easy in theory, but optimism cannot ignore technical reality. The exchange of information between computer systems is governed by rules called “protocols”, and mandating interoperability would require regulating the specifics of these rules. According to Becky Chao and Ross Schulman of the Open Technology Institute, regulation could take two forms, full standardization and open APIs (2020, 8). The essential difference is that full standardization would force all platforms in a digital market conform to a single common protocol while mandating the usage of open APIs leaves some autonomy to the platforms. Policymakers must choose between these alternatives.
I recommend the latter approach, enforcing open APIs, because it better optimizes between expanding competition and trade-offs with privacy and innovation. For clarity of analysis, it is useful to define “API”. An API is “a set of well-defined ways to interact with a [computer] system to take some action, to get some response from the system, or often both” (Chao and Schuman 2020, 9). It is essentially a collection of protocols that act as a shared vocabulary for computer communication (Sharma 2019, 7). Mandating open APIs is a weaker intervention than full standardization. A world of open APIs leaves platforms some latitude to determine their own procedures for accessing information from the network, provided they are publicly disclosed, aligned with technical specifications, and not abused to exclude competitors (Gasser 2015, 20-21). A useful distinction between mandatory open APIs and full standardization is that the former regulates a higher level of the tech stack, not the application itself but the layer of abstraction above that permits different applications to interface. Open APIs therefore represent a lighter regulatory touch, which adds less friction to platforms innovating at lower levels of the stack or implementing systems to protect security. As such, requiring platforms to adopt open APIs would expand interoperability and competition but preserve a measure of useful autonomy for the platforms.
Open APIs, however, do not entirely avoid the challenges of interoperability. There is still some devil in the technical details. Theoretically, any form of interoperability will create privacy concerns simply because it increases and complicates the flow of information, resulting in more vectors of danger (Gasser 2015, 20). Useful context for this discussion is that web APIs currently power 83% of internet traffic and represent 90% of the attack surface (Olaussen 2020, 9). APIs are already known to create vulnerabilities, so it is not hard to imagine the security dangers mandatory widespread usage of open APIs could pose for user privacy. For instance, several open APIs were responsible for Facebook losing the data of more than 50 million users to Cambridge Analytica in 2018 (Fruchter et al., 2018). Widespread usage of open APIs across the internet might make routine security issues more common, including exposure of (e.g.) user passwords or personal information. Interoperability would certainly amplify the privacy risks of being online.
But these problems are not unfamiliar. Entire industries and academic disciplines have emerged to solve the security vulnerabilities created by interoperability (Olaussen 2020). The internet itself is nothing more than a standard way to interconnect disparate networks (Wheeler et al., 2020, 45). It is one colossal interoperable system. It is already common practice for digital markets to coalesce around common specifications so that new technologies can interoperate (Hemphill and Vonortas 2005). This process of “standardization”, which is crucial for digital innovation, involves the “pursuit of conformity of all elements of products, processes, formats, or procedures that make up [an] industry standard” (Hemphill and Vonortas 2005, 129). In the parlance of standardization, mandating the usage of open APIs by platforms is an “interface compatibility standard”, which governs the specification of how two or more components work together (Hemphill and Vonortas 2005, 129). In setting a standard for open APIs, policymakers would have to consider the construction of security systems from the outset, i.e., how platforms could implement access controls that are high in quality and minimally obstructive to information exchange (Olaussen 2020, 15). Luckily, regulators can look to the example of Open Banking, a recent innovation that employs open APIs to facilitate the exchange of financial information between banks, consumers, and other third-parties (Kassab and Laplante 2022). Financial regulators, particularly those from the United Kingdom, have great experience setting standards for the transmission of sensitive data, design and maintenance of open APIs, and security aspects of APIs (Ziegler 2021). American policymakers would be wise to learn from this success.
Security vulnerabilities are not the only pitfall of regulating interoperability. Negative consequences to innovation also exist. Many critics worry that detailed standards for computer protocols may hinder innovation (Gasser 2015; Kerber and Schweitzer 2017). There are three rationales for this concern. First, requiring that platforms make their APIs commonly available would lower their ability to individually benefit from the resources they spend developing the technology (Kerber and Schwietzer 2017, 5). Second, collective conformity to a particular standard mandated by government would add inertia to the chosen technology, potentially “locking” it in over the long run (Gasser 2015, 22). And third, lowering levels of concentration might lessen “Schumpeterian” innovation, the development of radical, disruptive technologies in order to compete for complete market dominance (Gasser 2015, 17; Kerber and Schweitzer 2017, 9). As a concrete example, mandating interoperability might have made it harder for Instagram to use the novel camera technology of smartphones when it was competing with Facebook for leadership of the social networking market. Of course, none of these arguments account for the innovation that would be unlocked by greater competition (Zingales et al., 2019), but they do point to an important component of mandatory interoperability: standard-setting.
To address concerns for security and innovation that would arise during implementation of an interoperability mandate, I recommend the establishment of a digital regulator to set standards for open APIs and enforce their usage by platforms. Digital markets are very novel, technical, rapidly changing, and highly diverse (Hovenkamp 2021, 5), so it is crucial that an interoperability mandate include a robust process for setting and revising technology standards over time. It is noteworthy the extent to which the ACCESS act does not adequately consider this aspect of mandatory interoperability (Masnick 2019). It would simply give NIST 180 days to establish standards for a variety of digital platforms (Kelly 2019). Though the act would designate a specific committee to create standards for each dominant platform, as proposed the committees would likely be opaque to the public and very ad hoc in the long term (Doctorow 2021). If enacted, this approach appears ripe to result in security issues and technological lock-in.
A robust process can avoid these risks. Interoperability would radically change the internet, so its implementation requires collective coordination. Policymakers must work cooperatively with stakeholders from many segments of society, including industry, advocacy, and academia (Wheeler et al., 2020). Standard-setting organizations are already very common, but they usually operate during the adoption of new technologies (Hemphill and Vonortas 2005). In addition, their operation is often inadequately transparent and exclusive to non-members (Whitaker 2016). In the context of digital platforms, standardization runs up against path dependencies and established interests within existing technologies that must be accounted for by regulation. Mandatory interoperability would require a comprehensive and transparent standard-setting process.
Concretely, a digital regulator could mandate the participation of industry and other societal groups within a standards council charged with setting specifications for open APIs. I follow Wheeler and colleagues in emphasizing that this body should work cooperatively and focus on managing the risks of greater interoperability (2020), particularly through careful attention to security standards. This body should respond to concerns about hampering innovation by establishing a structure to review and revise standards for open APIs over time (Wheeler et al., 2020, 52-53). In addition, the mandate should only extend to dominant platforms that are systemically important due to their market power (Wheeler et al., 2020, 43). By following this approach, mandatory interoperability would be agile and responsive to underlying changes in digital markets. Effective implementation of interoperability would enhance its benefits for competition and minimize its harms to user privacy and innovation.
Policymakers must confront the oligopolies that control much of the internet. Concentration results in less choice and diversity for users, which amplifies privacy violations, misinformation, and political polarization. Mandatory interoperability would alleviate network effects, a significant barrier to entry, opening up new forms of entertainment and community in the process. Though it is not without trade-offs--including with security and innovation--pairing an approach of open APIs with a robust process for standard-setting would ease these concerns. In this form, mandating interoperability would contribute to the creation of a more open internet.
References
Chao, Becky, and Ross Schulman. “Promoting Platform Interoperability.” New America Open Technology Institute, May 2020. https://docs.house.gov/meetings/JU/JU05/20210225/111247/HHRG-117-JU05-20210225-SD008.pdf.
Cicilline, David N. “Competition Is at the Heart of Facebook’s Privacy Problem.” Wired. Accessed December 29, 2021. https://www.wired.com/story/competition-is-at-the-heart-of-facebooks-privacy-problem/
Doctorow, Cory. “Improving the ACCESS Act.” Medium (blog), June 21, 2021. https://doctorow.medium.com/improving-the-access-act-b11d6bded12f.
Fruchter, Nathaniel, Michael Specter, and Ben Yuan. “Facebook/Cambridge Analytica: Privacy Lessons and a Way Forward.” Internet Policy Research Initiative at MIT (blog), March 20, 2018. https://internetpolicy.mit.edu/blog-2018-fb-cambridgeanalytica/.
Furman, Jason. “Unlocking Digital Competition, Report of the Digital Competition Expert Panel,” 2019. https://www.gov.uk/government/publications/unlocking-digital-competition-report-of-the-digital-competition-expert-panel.
Gasser, Urs. “Interoperability in the Digital Ecosystem.” Berkman Center for Internet & Society at Harvard University, 2015. https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2639210.
Hemphill, Thomas, and Nicholas Vonortas. “U.S. Antitrust Policy, Interface Compatibility Standards, and Information Technology.” Knowledge, Technology & Policy, 2005. https://link.springer.com/article/10.1007/s12130-005-1028-5.
Hovenkamp, Herbert. “Antitrust and Platform Monopoly.” Yale Law Journal 130, no. 8 (June 2021): 1952–2050.
Kelly, Makena. “Congress Could Require Facebook to Build More Open APIs under New Bill.” The Verge, October 22, 2019. https://www.theverge.com/2019/10/22/20926742/mark-warner-josh-hawley-facebook-access-zuckerberg-data-portability-open-api-interoperability.
Kerber, Wolfgang, and Heike Schweitzer. “Interoperability in the Digital Economy.” Journal of Intellectual Property, Information Technology and Electronic Commerce Law 8, no. 1 (2017): 39–58.
Masnick, Mike. “The Good And The Bad Of The ACCESS Act To Force Open APIs On Big Social Media.” Techdirt. (blog), 2019. https://www.techdirt.com/articles/20191022/18012743247/good-bad-access-act-to-force-open-apis-big-social-media.shtml.
OECD. “Data Portability, Interoperability and Digital Platform Competition.” OECD Competition Committee Discussion Paper, 2021. https://www.oecd.org/daf/competition/data-portability-interoperability-and-digital-platform-competition-2021.pdf.
Olaussen, Marius Glenn. “Towards a Security Design Pattern for Web APIs,” 2020. https://www.duo.uio.no/handle/10852/84288.
Rietveld, Joost, and Melissa A. Schilling. “Platform Competition: A Systematic and Interdisciplinary Review of the Literature.” Journal of Management 47, no. 6 (July 1, 2021): 1528–63. https://doi.org/10.1177/0149206320969791.
Riley, Chris. “Unpacking Interoperability in Competition.” Journal of Cyber Policy 5, no. 1 (January 2, 2020): 94–106. https://doi.org/10.1080/23738871.2020.1740754.
Robertson, Adi. “How Would Opening up Facebook Change the Internet?” The Verge, October 23, 2019. https://www.theverge.com/2019/10/23/20926792/facebook-access-act-interoperability-data-portability-warner-hawley-bill-explainer.
Sharma, Chinmayi. “Concentrated Digital Markets, Restrictive APIs, and the Fight for Internet Interoperability.” University of Memphis Law Review 50, no. 2 (June 7, 2019): 68. https://doi.org/10.2139/ssrn.3400980.
Wheeler, Tom, Phil Verveer, and Gene Kimmelman. “New Digital Realities; New Oversight Solutions in the U.S.: The Case for a Digital Platform Agency and a New Approach to Regulatory Oversight.” Harvard Kennedy School Shorenstein Center on Media, Politics, and Public Policy, 2020. https://shorensteincenter.org/wp-content/uploads/2020/08/New-Digital-Realities_August-2020.pdf.
Whitaker, Kanevskaia. “Technology Standard-Setting Under the Lens of Global Administrative Law: Accountability, Participation and Transparency of Standard-Setting Organizations.” TILEC Discussion Paper No. 2016-016. Centre for IT & IP Law, July 21, 2016. https://doi.org/10.2139/ssrn.2812464.
Ziegler, Tania. “Implementation of Open Banking Protocols Around the World.” In The Palgrave Handbook of Technological Finance, edited by Raghavendra Rau, Robert Wardrop, and Luigi Zingales, 751–79. Cham: Springer International Publishing, 2021. https://doi.org/10.1007/978-3-030-65117-6_27.
Zingales, Luigi, Guy Rolnik, and Filippo Lancieri. “Stigler Committee on Digital Platforms: Final Report.” University of Chicago Booth Stigler Center, September 2019.https://www.chicagobooth.edu/-/media/research/stigler/pdfs/digital-platforms---committee-report---stigler-center.pdf.