Safe harbo(u)rs: A structural proposal for interop

Hey folks; here's something I want to bounce off of you.

Critics of the ACCESS Act and the DMA raise the legitimate issue that standardization can slow down innovation, and might lead to stagnation in service development.

Both of these proposals involve something that is analogous to a formal standards-setting process, which means that both will have a requirements-setting phase, resulting in a requirements document.

I think we could use these requirements to preserve the pro-competitive/pro-user elements of these acts by modifying the acts slightly.

Rather than mandating that companies must adopt the standard, the acts could specify that dominant companies must offer an interface that *satisfies the requirements*.

An interface that doesn't satisfy the requirements would be an offense under the act, and competitors and regulators would have the right to sue for compliance and damages.

The standard that the technical committee develops would be a "safe harbor" - any firm that adopts it would be presumptively safe from any enforcement action.

But when firms wanted to accomplish goals that were compatible with the requirements, but not the standard itself, they would be able to develop their own, independent APIs and use the requirements as an objective metric to assure themselves that they are not violating the law.

As part of this obligation, any firm that offered its own API could be mandated to offer a FLOSS reference implementation of a library for interacting with it.

I think that this group of technical experts could be well suited to advance this proposal. I think a lot of the "standardization is bad for innovation" critique is in bad faith and basically advances a nihilistic, "Nothing can be done, this is as good as it gets" position meant to create paralysis.

But a safe harbor proposal preserves the best of all worlds - democratically accountable (small-S) standards for interop, a (capital-S) technical standard, and the flexibility to ignore the latter provided you don't interfere with the former.

It's one of those ideas that straddles the line between tech and policy, in a good way, but might encounter headwinds because (e.g.) policymakers might not understand the distinction between requirements and standards nor its significance; and tech people might argue that an interoperator confronted with an inadequate roll-your-own standard from the likes of Facebook would face an insurmountable hurdle because going to court is impossibly hard. But orgs like EFF and FSF can and do sue over this kind of thing all the time, and the right penalties for noncompliance often mean that we don't have to.

What do you all think?

Cory

Cory

Received on Wednesday, 9 February 2022 14:14:42 UTC