American companies now need foreign permission to do business on the internet. Congress is about to make it worse. It doesn’t have to be that way.
A lot has been said about the excesses of Big Tech, and there’s no disputing they have a lot to account for. While they started out with good intentions, their business models rely too heavily on our basest instincts. They wanted to help us build communities, but their tools enabled communities of hate and polarization. In their quest for growth, they stole our attention. They experimented with our social structures, and some of those experiments went dangerously awry. And they made a lot of money in the process.
At the same time, these companies have created tremendous value and brought undeniable benefits to every corner of the world. The ecosystems they have created support millions of people, and ease the lives of hundreds of millions more. Their work has spawned a digital evolution that has completely re-engineered the world economy, creating efficiency that has released trillions of dollars to fuel global growth. Not even the most cynical critic wants to reverse the clock and go back to a world before smartphones and internet search.
Something has to change, however. The recklessness that made the internet what it is needs to give way to something more mature and disciplined. We need rules, and the means to enforce them. We need to tame the worst excesses online, but also reinforce those foundational services that have become part and parcel of our modern economy. We need to protect the entrepreneurial spirit that brought innovators together to build businesses and create wealth, but we need to stem the greed that can follow.
We need a “grown-up” internet. We need better rules and better policing. We need order and good governance, but we’re getting something else, instead.
The US has been asleep as a growing patchwork of bad internet regulations started sweeping the planet. We’ve already lived through the splitting off of China, and the growing fissures around Russia, Turkey, and others. What was once conceived of as a global network linking people and places is now less global, and more dividing than it is linking. The Splinternet – the complete balkanization of the internet into regional and national networks – is all but inevitable now, and America should prepare itself for the changes this will bring.
How did we get to this point? While it started with regimes guided by repression and intolerance, it’s the global political obsession with large platform companies that is driving the tragedy to its inevitable end. Countries are competing to extend their internet laws globally to capture the digital economy’s wealth through fines and taxes, and to impose their values beyond their borders. Most, like the EU, claim that their cause is morally just; exporting their (better) values to the benefit of the (backward) international community. How can that be wrong?
It’s a sad fact that due to the structure of the global internet, digital companies are ripe for international exploitation of this kind. The internet’s reach creates a market for digital services that is unconstrained by national boundaries. Every country the internet touches can claim jurisdiction. Any content that washes up on digital shores exists inside every country and becomes subject to everyone’s oversight. While this has been true from the internet’s birth, what’s new is the push to tax digital goods where they’re found, and to fine digital companies for local infractions based on their global wealth. National greed, digital success, and a global political desire to take on Big Tech is leading us towards the tragedy of the digital commons. We will be the first and last generation to taste the opportunity of a fully interconnected world.
While China’s great firewall was the first case study for the future internet, GDPR was the first indication that the Splinternet was destined to spread. Europe’s privacy experiment proved that it was possible to unilaterally impose digital regulations on foreign companies in their home markets. It opened the door to regulatory opportunities for massive fines when tax revenue was scarce and provided the legal leverage for future extortion by labelling transatlantic data flows as a violation of the new law. The shakedown was simple: first, force Americans to comply with EU law everywhere they do business, or lose access to the EU market. Then re-use the same threat to coerce the US government to give EU citizens American rights. The end result is that the EU is now in charge of US privacy law.
And we thanked them for it since we’re too dysfunctional to write a national law of our own.
Once the camel’s nose is in the tent, however, things seldom stop. The next wave of inbound regulation will pollute free speech, introduce foreign control of US companies, and threaten national security. Under the EU’s latest internet regulations, the Digital Services Act and the Digital Markets Act, Europe will use the GDPR model to define what content is illegal, and likely what is unacceptable, online – globally. They also plan to confiscate and redistribute the data and digital assets of American internet giants to European upstarts, force EU data to be held in Europe by EU companies, and through fines or taxes to drain the wealth of any digital firm that finds future success and has the temerity to allow even a single European onto their service. This sounds extreme, and it actually is, and to make matters worse Congress is thinking of embracing this model themselves despite the fact that Americans already are beholden to Europe’s law.
I, for one, welcome our many new global overlords.
The path we’re on will result in internet companies, wherever they are physically based, falling under the digital jurisdiction of many regional and national laws. It’s obvious from China and the EU example that these laws will be in conflict with one another, and that digital companies will be unable to comply with all of them at the same time (given the internet’s lack of respect for national boundaries). There are two paths forward: build global consensus on values and practices on the internet, or put up digital boundaries to maintain local control. The first of these is unlikely, to say the least.
A balkanized Internet is now inevitable, and already in place in much of the world. The great firewall has proven that it is possible to place digital boundaries atop geographical ones. Many authoritarian countries maintain only a few severable links with global networks and use their power to throttle or extinguish content and services they disapprove of. Democratic countries are now regulating encryption, content, and speech in the name of national security or, alternatively, “fundamental human rights.” With the enactment of Europe’s DSA and DMA (and possibly America’s equivalent), the firewall will go up in the Atlantic as well. From there the two regional networks will start to diverge as local rules drift further apart.
The US has no choice but to regain sovereignty over its digital future. Imposing European values on America or American values on the EU is incompatible with our foundational laws. American companies are already working to carve off their European assets and isolate their EU services. In time, the two markets will only be served from local, digital shores. But duplicating Europe’s regulatory excess in the U.S. would be a grave mistake. The fact that there are bills circulating in Congress that borrow from catastrophic EU proposals should scare us all. The EU is hardly the model of
digital innovation America should look up to.
Europe’s DSA forces digital companies to police free speech globally based on European standards. This is dangerous and unworkable as a global model. It is incompatible with the U.S. Constitution and inconsistent with how U.S. content is regulated in all other aspects of American life. The EU is already entertaining thoughts of extending the law to regulate all speech. A U.S. equivalent would be both unconstitutional and in conflict with Europe’s law as applied to U.S. companies. It would leave U.S. companies in a double bind: comply with EU law and be in violation of US law, or ignore EU law and suffer the fines and forfeiture the EU chooses to impose. Or the easier business decision of abandoning one market or the other, or splitting the business. Up goes the firewall.
Europe’s DMA forces companies to underwrite European competitors by giving up their assets, sharing their intellectual property, and accepting EU government control of their business strategy – it too is unworkable as a global model. It presupposes that government control over digital markets is the path to European Digital Sovereignty, and thus it targets U.S. companies and extorts their cooperation in their own imprisonment. Rather than comply by changing their global practices, internet companies will simply abandon hollowed-out EU businesses they no longer control. A U.S. equivalent would be the greatest act of industrial socialization the country has ever seen.
I lead the Developers Alliance, a global software developer advocacy organization that works to protect opportunities for developers and their companies to thrive. Today’s internet provides developers the unique ability to reach global markets and billions of consumers, no matter where the company itself is based on where its employees reside. Developers rely on ecosystem partners like Big Tech companies for tools, funding, marketing and operational help, and ultimately for the “aura” of brands that are known and respected (though not always trusted) around the world. If app stores fail, millions of third-party developers will be out of work while established brands thrive. If digital platforms are broken up or throttled, consumer costs will rise, choices will be constrained, and new service creation will dry up. It is my fundamental fear that politicians and bureaucrats are so blinded by their zeal to hamstring big tech, and so uninformed of how digital ecosystems actually work, that they are about to cross wires and crash the system.
There is now universal agreement that the old internet must change. While the digital economy has created untold benefits for society, it has come at a cost. Rather than promoting a connected world of shared understanding and togetherness, the experiment has gone badly astray leaving the world more polarized and yet inextricably unable to leave each other alone or look away. There is no quiet solitude in which to reflect and heal.
Coercive regulation and market controls are not the answer. Internet regulation focused on transparency, consumer empowerment, and accountability for all digital participants is a viable alternative to promote digital prosperity without drawing on conflicting value systems. Each of these levers can operate independently inside a region’s economy without forcing others to adopt foreign values and ideals. Before we outlaw business cases or tear down ecosystems, we should start by surfacing the signals consumers need to steer markets through their own choices.
We already see transparency as a tool to build trust, enforce privacy norms, and protect markets from bad actors. The GDPR provided us with one valuable service: it catalyzed activity inside Big Tech to bring privacy forward as a feature. Every online platform is now equipped with tools, settings, and filters that provide users insights and control over their data. Public pressure has pushed these features into browsers, and now into smartphone operating systems. Innovations like privacy labels can only emerge when pressure towards transparency bumps up against business goals of keeping and satisfying consumers.
I firmly believe that a free market, complete with informed consumer choice, is the single best way to influence corporate behavior in ways that are beneficial to consumers. Given the choice between equivalent services with different privacy practices, consumers are perfectly able to make informed choices based on what they give for what they get. By building a competitive market for privacy, consumers can retake control of how much, or how little, attention companies pay to their data concerns. Regulation can be saved for those instances where transparency is lacking, or where deceit and misinformation emerge.
We also need to build accountability into the internet, so those bad actors cannot hide and to balance actions against consequences. This is the area of the greatest leverage for good, and it is being sadly overlooked in a quest to regulate yesterday’s internet excesses and score political points. The emergence, again from the smartphone sector, or digital IDs and login authentication will provide a major building block for accountable and attributable online behavior. I remain convinced that people behave better when they know their families are watching.
Congress is about to embark on a heated debate about the future of Big Tech and by extension the future of the internet. I am encouraged that the discussion is finally going to take place, but I’m alarmed that the EU is being used as a model. Everything the U.S. does is emboldening the catastrophic reforms being proposed overseas. While it would be best for the developer community and consumers if the two regions could find harmony in a common set of rules, it is inevitable that a period of fragmentation will precede that more optimal outcome. The EU is intent on digital sovereignty, which cannot occur without bringing digital isolation as well. The U.S., by finally waking to the reality that regulation could be beneficial, has over-rotated and will soon discover that the absence of a global digital market is far more of a concern than yesterday’s excesses here at home.
I urge Congress to move incrementally, but with purpose, towards building the foundation for consumer-centered digital economy regulation. Proposals that enforce transparency, consumer choice, market forces, and accountability in all market actors would go a long way towards a stable framework on which to build.