There are no technical barriers towards implementing such governance.
He says that as though technical issues are the hard part. Of course they aren’t; it’s the sociopolitical issues, the same problems humans have been wrestling with for 6,000 years or so and making only slow progress on.
The internet was a public innovation co-opted by private interests with the aid of policymakers in Washington D.C.
The ARPAnet was an academic project of the US military-industrial complex, and largely off-limits to the public unless they were lucky enough to have access through a big corporation or university. Privatizing it, and removing the rules forbidding any commercial activity, is what enabled and triggered its explosive growth in the 1990s.
He says that as though technical issues are the hard part. Of course they aren’t; it’s the sociopolitical issues.
The piece offers paths not taken (Rodotà) and suggests options for the future (Viljoen) while almost exclusively talking about society, media, and commerce. These are indeed the hard problems.
Privatizing it, and removing the rules forbidding any commercial activity, is what enabled and triggered its explosive growth in the 1990s.
This wasn’t the choice though: 100% private or 100% government owned. 100% privatization was simply the outcome. And I’d suggest - as the piece’s author - this outcome is part of our problem today.
For example, do you think there is a better way to share culture on the internet? Say, a mixtape of rock music where the artists are treated more fairly and those who love the music find ways to connect and share their passion without being surveilled?
The only concrete thing I saw about Rodotà was “a more equitable, privacy-respecting internet will require provisions for substantive governance outside of commercial interests”, and about Viljoen “a data commons controlled by the people can be preferable to tidy corporate shopping malls.” Both of which amount to “more government regulation is needed”, which is not new and seems to be the current opinion of legislators in both the US and EU. Not to mention in China, Russia, Iran … which highlights the very substantial problems of government regulation.
When I hear “controlled by the people”, I think: which people specifically? Who decides who they are? How do they decide how to control? What happens if you disagree?
Not to mention that here “the people” means “the world’s” people, and we have had very, very little success at coming up with worldwide systems of governance, especially not over something so widely used.
Say, a mixtape of rock music where the artists are treated more fairly
Sounds like Bandcamp.
and those who love the music find ways to connect and share their passion without being surveilled?
Sounds like Signal. But how do you ensure the artists get paid if the users’ activity can’t be overseen? Is it surveillance to detect that I just sent MasterOfPuppets.zip to my friend, which contains copyrighted audio belonging to Metallica, and either bill me for it or send me a cease-and-desist?
and those who love the music find ways to connect and share their passion without being surveilled?
Sounds like Signal.
Ah glad that Viljoen’s vision for “a data
commons controlled by the people can be preferable to tidy corporate shopping malls” sounds appealing. You’re right. Signal is a step in the right direction.
Signal offers something akin to micro-digital commons. But we still need public common spaces where data can be exchanged. ActivityPub is an interesting example, but you and I agree that this isn’t a technical problem. I’ll skip over the sociopolitical reasons I don’t think ActivityPub (as it’s currently being used) is going to provide a better internet.
Corporations will never willfully yield the right to contract to individual customers. So when you ask “which people specifically” control data exchange, it’s currently an infinitesimally small number of individuals on planet earth. We cede our control to them when we click the (non-negotiable) terms and conditions. There is no disagreement. If you disagree, you don’t exist.
But this is an odd position we’re in. I am a citizen of the United States. I could speak in a public park and know my voice cannot be silenced because of my constitutional protection. This common space offers invaluable feeedom but no equivalent exists on the internet. Viljoen is simply suggesting that there is room for this sort of governance on the internet. And Tarnoff also cites politicians who were fighting for this in the 90s but were blocked.
You’re right that global governance won’t work. But the current application layer is building technology that is maximizing value for shareholders and providing very few rights for individuals.
We have the social models. We have the technology. But we’re swimming in a soup that makes it hard to see what’s possible outside of the status quo.
I think the main problem here is that only corporations seem to produce the kind of polish that users like. They are like teenagers who prefer to hang out in the mall because that’s a nicely airconditioned place, whereas the parks outside exposes them to the elements and they decided that they simply don’t like that.
Signal is actually a great example - tightly controlled by a corporation, does not allow any third-party servers. We are just lucky that this company happens to be benign (for the time being, as far as we know). I can’t seem to get most people to use alternatives like Matrix because the UI/UX is just not as smooth. Most people prefer Chrome (corporate-controlled) over Firefox (non-profit) because it happens to work ever so slightly better (or has done so in the past, and there’s no incentive to switch back).
Even the majority of developers are just as bad - think how most of us prefer GitHub over an e-mail based workflow. How many of us use corporate-controlled editors like VSCode or the Jetbrains IDEs over community-driven ones like Emacs/Vim or Eclipse?
The alternatives are there, but you can’t beat the money that these corporations throw at their applications. As long as the vast majority of individuals do not consciously prioritize privacy/self-sufficiency/community-driven stuff over UI, we’ve already lost the war before the first battle.
This is a great point. There is an overall misalignment in software between value and investment and the market has no answer for it. There is, of course, an XKCD explainer: https://xkcd.com/2347/.
Further, within the privacy/self-sufficiency/community-driven software spheres there is a total disinvestment in UX because of this lack of resources.
Without a market solution, I believe we have no other choice but to look elsewhere for structural support.
I could speak in a public park and know my voice cannot be silenced because of my constitutional protection.
Sure. (Unless your voice is saying something not covered by the First Amendment, like a clear immediate incitement to violence.) Whereas if you go to a private place like a mall, you could be silenced, because a property owner has the right to limit what people do on their property.
This common space offers invaluable feeedom but no equivalent exists on the internet. Viljoen is simply suggesting that there is room for this sort of governance on the internet.
I don’t understand. For about US$5 a month you can set up your own website, at any of zillions of hosts, and put whatever you want there. (Within limits, but you have to be pretty damn noxious to have trouble finding a host.)
It’s not fair to say that corporations like Facebook “control” data exchange. They just have the most market share, because they’ve made it very easy and because they enjoy the benefit of huge network effects. There is nothing stopping anyone from using freer alternatives or creating their own.
I totally agree with you that the current hegemonization of social media is awful. But I’m not hearing in what you’ve said or quoted any real path forward. If you’re talking about illegalizing what current sites do, then (a) I don’t see how to do that in a way that isn’t chilling to everyone’s liberties, and (b) I think you’d have problems of jurisdiction because there are so many countries with their own laws and so many ways to get around local limits.
I totally agree with you that the current hegemonization of social media is awful. But I’m not hearing in what you’ve said or quoted any real path forward. If you’re talking about illegalizing what current sites do, then (a) I don’t see how to do that in a way that isn’t chilling to everyone’s liberties, and (b) I think you’d have problems of jurisdiction because there are so many countries with their own laws and so many ways to get around local limits.
Well we both agree that the current hegemonization of social media is awful. And I imagine we might agree on why “awful” is an apt characterization. A lot of people agree with us but do not leave because of the network effects you previously stated. This will never change as long as all social media consists of legal entities that exist primarily to enrich a small number of shareholders. Not only is it in black and white in the articles of incorporation, we have a century of corporate history to demonstrate this.
The value of the data they own becomes far less valuable if there are competing entities with different motivations. There are a plurality of solutions - some of which can be government-owned and others that can be government-incentivized.
Government-owned examples include public broadcasting, Solid pods in Flanders, and anonymous data pools for scientific research. Government-incentivized examples include community owned gigabit internet access in rural North Dakota. People-owned examples include Wikis and data commons.
There are a lot of options and examples out there. If the current hegemonization of social media is awful, it’s worth exploring alternative legal and social options so people have more agency over their data and some leverage if they want to engage with global corporations.
As you point out, alternatives already exist; people just don’t use them, in meaningful numbers. Basically that’s because of network effects (social sites are useless if the people you want to interact with don’t use them too) and because the big sites have put a lot more work into usability and convenience. (Note how much harder it is to figure out Mastodon than Twitter.)
I feel like you’re avoiding the elephant in the room, which is the question “how do you get to a world where everyone isn’t using the same huge privacy-invading services?”
You can’t realistically have “a plurality of solutions” without interoperability. As long as FB, Twitter et al are walled gardens, they win on network effects alone. But those sites have strong reasons not to interoperate, some technical but most business; I saw this 20 years ago in the instant messaging world when AIM, Google etc refused to implement Jabber/XMPP in any meaningful way.
So are you going to force them to interoperate with any and all players? With what sort of laws? And who decides on the standards for interop? Those are huge questions and I don’t know the answers.
So are you going to force them to interoperate with any and all players? With what sort of laws?
Forcing isn’t really an option. Neither is the aforementioned Russia/China-style regulation. The fox is guarding the hen house. From legislation to research, tech money (and power) is pervasive. It’s not going away. Not sure why we’re even entertaining this fantasy.
There’s a more subtle solution that is the result of several different vectors. First, you have the natural life cycles of tech ecosystems. The academic Clayton Christensen calls this “Disruption Theory.” The pundit Cory Doctorow calls this “Enshittification.” Whatever you call it, there is an observable phenomenon where large companies have trouble adapting to different ecosystems because of their corporate bylaws and current customers. This moment of change is an opportunity.
The ecosystem changes because of changes in technology and legislation. Clumsy laws designed within a captured legislative process usually don’t hold power to account, but they do have subtle consequences. The cost of warehousing personal data is changing because of the GDPR and the CCPA. Companies are starting to process claims that require the (expensive) removal of individual information. They don’t want emails and lawyers at every step. So we are seeing adoption in automation (such as the Data Rights Protocol).
Historical examples include the behaviors of IBM and Microsoft after they faced antitrust. Neither faced any immediate, meaningful consequences as a result of their proven anti-competitive behavior. But scholars have argued that it changed each company’s long-term strategies and made room for new players.
The ecosystem also changes because of grassroots citizen efforts that align with powerful companies. Think of the impact of Linux in the server market. A short list of today’s equivalent open source efforts in personal data interoperability would be Self Sovereign Identity, Verifiable Credentials, and Solid.
The ecosystem also changes because of citizen efforts within government. This includes the adoption of aforementioned technologies (and others) by governments and enterprises. Consumer products follow.
XMPP took place in a different setting. Adoption of the open standard failed in the 2000s and now I have to have (literally) 10 different messaging apps on my phone. All of which do the same thing. None of which can talk to the other. It’s terrible.
But let’s take a different setting, before the emergence of the Clintonian internet that I wrote about - the 1980s Protocol Wars. There were a plurality of options. Open standards like OSI and extremely well-financed private options like DECNET and IBM’s SNA which where deeply entrenched within powerful organizations. The ultimate winner, as we know, was TCP/IP. Another open standard. This could happen only because the power dynamics were very different before ~1995.
As you point out, alternatives already exist; people just don’t use them, in meaningful numbers.
Give it time. The first desktop computer was sold in 1965. But it wasn’t until 1977 that at viable market emerged. That’s 12 years for a greenfield technology. The tech is here. People are adopting it. The social setting is different. But this is a longer road. We’re paving it right now. I’m suggesting we don’t make the same mistake we did in the 1990s (with an outcome that was presaged, by the way, by Stefano Rodotà). If we don’t want everyone “using the same huge privacy-invading services,” we need to build from different principles.
a more equitable, privacy-respecting internet will require provisions for substantive governance outside of commercial interests
There’s a part of me that’s deeply sympathetic to this, but it’s not the pragmatic part.
I’ve run a niche web forum for almost a decade now, to me it very much embodies what the author describes as the “digital equivalent of parks and town squares”, something small and non-commercial, run by a member of a community as a service to the community. Over the years I’ve come to know a few other website operators in a similar space. And the consensus is that it’s a bleak space to be in. In general user acquisition basically doesn’t happen. The historical sources of user inflow to forums (chiefly search results) is a trickle, we consistently bleed users to subreddits, facebook groups, the figurative “shopping malls” of the internet. Word of mouth is really the only thing that works, but if you run e.g. an audiophile forum where most your users are there because the public at large just really doesn’t care that much, then word of mouth is only worth so much.
Anyway, that to say, among people in the niche, independent, town-square like community space, I don’t think lack of government regulation is really perceived by anyone as the issue. It probably is an issue at some level, as a consumer I do appreciate privacy legislation, but as a keeper of the commons it doesn’t help me keep my community stay alive and it causes all sorts of headaches that sometimes border on existential threats for independently run communities. Commercial tech companies may not like privacy legislation but they are wholly equipped to deal with regulation. When you’re some guy who runs a thing because you want people you’ve been talking to for years to have a place to talk that isn’t facebook you’re probably not excited to field the legal questions that come along with “what does the GDPR mean for me?”. I just don’t understand how anyone could expect a non-commercial internet to emerge as a result of legislation that raises the fiscal barrier to participation in the form of legal uncertainty.
And this isn’t to say I think the GDPR is terrible or privacy regulation is categorically bad. But there’s a cost to regulation, and the more of it you have the harder it is for non-commercial providers to enter a market. If your concern is a commercialized internet then regulation is probably going to go in the opposite direction. Unless we’re talking about trust-busting, which we all know is never going to happen in the US.
He says that as though technical issues are the hard part. Of course they aren’t; it’s the sociopolitical issues, the same problems humans have been wrestling with for 6,000 years or so and making only slow progress on.
The ARPAnet was an academic project of the US military-industrial complex, and largely off-limits to the public unless they were lucky enough to have access through a big corporation or university. Privatizing it, and removing the rules forbidding any commercial activity, is what enabled and triggered its explosive growth in the 1990s.
The piece offers paths not taken (Rodotà) and suggests options for the future (Viljoen) while almost exclusively talking about society, media, and commerce. These are indeed the hard problems.
This wasn’t the choice though: 100% private or 100% government owned. 100% privatization was simply the outcome. And I’d suggest - as the piece’s author - this outcome is part of our problem today.
For example, do you think there is a better way to share culture on the internet? Say, a mixtape of rock music where the artists are treated more fairly and those who love the music find ways to connect and share their passion without being surveilled?
The only concrete thing I saw about Rodotà was “a more equitable, privacy-respecting internet will require provisions for substantive governance outside of commercial interests”, and about Viljoen “a data commons controlled by the people can be preferable to tidy corporate shopping malls.” Both of which amount to “more government regulation is needed”, which is not new and seems to be the current opinion of legislators in both the US and EU. Not to mention in China, Russia, Iran … which highlights the very substantial problems of government regulation.
When I hear “controlled by the people”, I think: which people specifically? Who decides who they are? How do they decide how to control? What happens if you disagree?
Not to mention that here “the people” means “the world’s” people, and we have had very, very little success at coming up with worldwide systems of governance, especially not over something so widely used.
Sounds like Bandcamp.
Sounds like Signal. But how do you ensure the artists get paid if the users’ activity can’t be overseen? Is it surveillance to detect that I just sent MasterOfPuppets.zip to my friend, which contains copyrighted audio belonging to Metallica, and either bill me for it or send me a cease-and-desist?
Ah glad that Viljoen’s vision for “a data commons controlled by the people can be preferable to tidy corporate shopping malls” sounds appealing. You’re right. Signal is a step in the right direction.
Signal offers something akin to micro-digital commons. But we still need public common spaces where data can be exchanged. ActivityPub is an interesting example, but you and I agree that this isn’t a technical problem. I’ll skip over the sociopolitical reasons I don’t think ActivityPub (as it’s currently being used) is going to provide a better internet.
Corporations will never willfully yield the right to contract to individual customers. So when you ask “which people specifically” control data exchange, it’s currently an infinitesimally small number of individuals on planet earth. We cede our control to them when we click the (non-negotiable) terms and conditions. There is no disagreement. If you disagree, you don’t exist.
But this is an odd position we’re in. I am a citizen of the United States. I could speak in a public park and know my voice cannot be silenced because of my constitutional protection. This common space offers invaluable feeedom but no equivalent exists on the internet. Viljoen is simply suggesting that there is room for this sort of governance on the internet. And Tarnoff also cites politicians who were fighting for this in the 90s but were blocked.
You’re right that global governance won’t work. But the current application layer is building technology that is maximizing value for shareholders and providing very few rights for individuals.
We have the social models. We have the technology. But we’re swimming in a soup that makes it hard to see what’s possible outside of the status quo.
I think the main problem here is that only corporations seem to produce the kind of polish that users like. They are like teenagers who prefer to hang out in the mall because that’s a nicely airconditioned place, whereas the parks outside exposes them to the elements and they decided that they simply don’t like that.
Signal is actually a great example - tightly controlled by a corporation, does not allow any third-party servers. We are just lucky that this company happens to be benign (for the time being, as far as we know). I can’t seem to get most people to use alternatives like Matrix because the UI/UX is just not as smooth. Most people prefer Chrome (corporate-controlled) over Firefox (non-profit) because it happens to work ever so slightly better (or has done so in the past, and there’s no incentive to switch back).
Even the majority of developers are just as bad - think how most of us prefer GitHub over an e-mail based workflow. How many of us use corporate-controlled editors like VSCode or the Jetbrains IDEs over community-driven ones like Emacs/Vim or Eclipse?
The alternatives are there, but you can’t beat the money that these corporations throw at their applications. As long as the vast majority of individuals do not consciously prioritize privacy/self-sufficiency/community-driven stuff over UI, we’ve already lost the war before the first battle.
This is a great point. There is an overall misalignment in software between value and investment and the market has no answer for it. There is, of course, an XKCD explainer: https://xkcd.com/2347/.
Further, within the privacy/self-sufficiency/community-driven software spheres there is a total disinvestment in UX because of this lack of resources.
Without a market solution, I believe we have no other choice but to look elsewhere for structural support.
Sure. (Unless your voice is saying something not covered by the First Amendment, like a clear immediate incitement to violence.) Whereas if you go to a private place like a mall, you could be silenced, because a property owner has the right to limit what people do on their property.
I don’t understand. For about US$5 a month you can set up your own website, at any of zillions of hosts, and put whatever you want there. (Within limits, but you have to be pretty damn noxious to have trouble finding a host.)
It’s not fair to say that corporations like Facebook “control” data exchange. They just have the most market share, because they’ve made it very easy and because they enjoy the benefit of huge network effects. There is nothing stopping anyone from using freer alternatives or creating their own.
I totally agree with you that the current hegemonization of social media is awful. But I’m not hearing in what you’ve said or quoted any real path forward. If you’re talking about illegalizing what current sites do, then (a) I don’t see how to do that in a way that isn’t chilling to everyone’s liberties, and (b) I think you’d have problems of jurisdiction because there are so many countries with their own laws and so many ways to get around local limits.
Well we both agree that the current hegemonization of social media is awful. And I imagine we might agree on why “awful” is an apt characterization. A lot of people agree with us but do not leave because of the network effects you previously stated. This will never change as long as all social media consists of legal entities that exist primarily to enrich a small number of shareholders. Not only is it in black and white in the articles of incorporation, we have a century of corporate history to demonstrate this.
The value of the data they own becomes far less valuable if there are competing entities with different motivations. There are a plurality of solutions - some of which can be government-owned and others that can be government-incentivized.
Government-owned examples include public broadcasting, Solid pods in Flanders, and anonymous data pools for scientific research. Government-incentivized examples include community owned gigabit internet access in rural North Dakota. People-owned examples include Wikis and data commons.
There are a lot of options and examples out there. If the current hegemonization of social media is awful, it’s worth exploring alternative legal and social options so people have more agency over their data and some leverage if they want to engage with global corporations.
As you point out, alternatives already exist; people just don’t use them, in meaningful numbers. Basically that’s because of network effects (social sites are useless if the people you want to interact with don’t use them too) and because the big sites have put a lot more work into usability and convenience. (Note how much harder it is to figure out Mastodon than Twitter.)
I feel like you’re avoiding the elephant in the room, which is the question “how do you get to a world where everyone isn’t using the same huge privacy-invading services?”
You can’t realistically have “a plurality of solutions” without interoperability. As long as FB, Twitter et al are walled gardens, they win on network effects alone. But those sites have strong reasons not to interoperate, some technical but most business; I saw this 20 years ago in the instant messaging world when AIM, Google etc refused to implement Jabber/XMPP in any meaningful way.
So are you going to force them to interoperate with any and all players? With what sort of laws? And who decides on the standards for interop? Those are huge questions and I don’t know the answers.
Forcing isn’t really an option. Neither is the aforementioned Russia/China-style regulation. The fox is guarding the hen house. From legislation to research, tech money (and power) is pervasive. It’s not going away. Not sure why we’re even entertaining this fantasy.
There’s a more subtle solution that is the result of several different vectors. First, you have the natural life cycles of tech ecosystems. The academic Clayton Christensen calls this “Disruption Theory.” The pundit Cory Doctorow calls this “Enshittification.” Whatever you call it, there is an observable phenomenon where large companies have trouble adapting to different ecosystems because of their corporate bylaws and current customers. This moment of change is an opportunity.
The ecosystem changes because of changes in technology and legislation. Clumsy laws designed within a captured legislative process usually don’t hold power to account, but they do have subtle consequences. The cost of warehousing personal data is changing because of the GDPR and the CCPA. Companies are starting to process claims that require the (expensive) removal of individual information. They don’t want emails and lawyers at every step. So we are seeing adoption in automation (such as the Data Rights Protocol).
Historical examples include the behaviors of IBM and Microsoft after they faced antitrust. Neither faced any immediate, meaningful consequences as a result of their proven anti-competitive behavior. But scholars have argued that it changed each company’s long-term strategies and made room for new players.
The ecosystem also changes because of grassroots citizen efforts that align with powerful companies. Think of the impact of Linux in the server market. A short list of today’s equivalent open source efforts in personal data interoperability would be Self Sovereign Identity, Verifiable Credentials, and Solid.
The ecosystem also changes because of citizen efforts within government. This includes the adoption of aforementioned technologies (and others) by governments and enterprises. Consumer products follow.
XMPP took place in a different setting. Adoption of the open standard failed in the 2000s and now I have to have (literally) 10 different messaging apps on my phone. All of which do the same thing. None of which can talk to the other. It’s terrible.
But let’s take a different setting, before the emergence of the Clintonian internet that I wrote about - the 1980s Protocol Wars. There were a plurality of options. Open standards like OSI and extremely well-financed private options like DECNET and IBM’s SNA which where deeply entrenched within powerful organizations. The ultimate winner, as we know, was TCP/IP. Another open standard. This could happen only because the power dynamics were very different before ~1995.
Give it time. The first desktop computer was sold in 1965. But it wasn’t until 1977 that at viable market emerged. That’s 12 years for a greenfield technology. The tech is here. People are adopting it. The social setting is different. But this is a longer road. We’re paving it right now. I’m suggesting we don’t make the same mistake we did in the 1990s (with an outcome that was presaged, by the way, by Stefano Rodotà). If we don’t want everyone “using the same huge privacy-invading services,” we need to build from different principles.
There’s a part of me that’s deeply sympathetic to this, but it’s not the pragmatic part.
I’ve run a niche web forum for almost a decade now, to me it very much embodies what the author describes as the “digital equivalent of parks and town squares”, something small and non-commercial, run by a member of a community as a service to the community. Over the years I’ve come to know a few other website operators in a similar space. And the consensus is that it’s a bleak space to be in. In general user acquisition basically doesn’t happen. The historical sources of user inflow to forums (chiefly search results) is a trickle, we consistently bleed users to subreddits, facebook groups, the figurative “shopping malls” of the internet. Word of mouth is really the only thing that works, but if you run e.g. an audiophile forum where most your users are there because the public at large just really doesn’t care that much, then word of mouth is only worth so much.
Anyway, that to say, among people in the niche, independent, town-square like community space, I don’t think lack of government regulation is really perceived by anyone as the issue. It probably is an issue at some level, as a consumer I do appreciate privacy legislation, but as a keeper of the commons it doesn’t help me keep my community stay alive and it causes all sorts of headaches that sometimes border on existential threats for independently run communities. Commercial tech companies may not like privacy legislation but they are wholly equipped to deal with regulation. When you’re some guy who runs a thing because you want people you’ve been talking to for years to have a place to talk that isn’t facebook you’re probably not excited to field the legal questions that come along with “what does the GDPR mean for me?”. I just don’t understand how anyone could expect a non-commercial internet to emerge as a result of legislation that raises the fiscal barrier to participation in the form of legal uncertainty.
And this isn’t to say I think the GDPR is terrible or privacy regulation is categorically bad. But there’s a cost to regulation, and the more of it you have the harder it is for non-commercial providers to enter a market. If your concern is a commercialized internet then regulation is probably going to go in the opposite direction. Unless we’re talking about trust-busting, which we all know is never going to happen in the US.
This is all fine and good, but he still needs to get Peter Gregory’s work and Gavin Belsin’s patent.