World After Capital: Bots for All of Us (Informational Freedom)

NOTE: I have been posting excerpts from my book World After Capital. Currently we are on the Informational Freedom section and the previous excerpt was on Internet Access. Today looks at the right to be represented by a bot (code that works on your behalf).

Bots for All of Us

Once you have access to the Internet, you need software to connect to its many information sources and services. When Sir Tim Berners-Lee first invented the World Wide Web in 1989 to make information sharing on the Internet easier, he did something very important [95]. He specified an open protocol, the Hypertext Transfer Protocol or HTTP, that anyone could use to make information available and to access such information. By specifying the protocol, Berners-Lee opened the way for anyone to build software, so-called web servers and browsers that would be compatible with this protocol. Many did, including, famously, Marc Andreessen with Netscape. Many of the web servers and browsers were available as open source and/or for free.

The combination of an open protocol and free software meant two things: Permissionless publishing and complete user control. If you wanted to add a page to the web, you didn’t have to ask anyone’s permission. You could just download a web server (e.g. the open source Apache), run it on a computer connected to the Internet, and add content in the HTML format. Voila, you had a website up and running that anyone from anywhere in the world could visit with a web browser running on his or her computer (at the time there were no smartphones yet). Not surprisingly, content available on the web proliferated rapidly. Want to post a picture of your cat? Upload it to your webserver. Want to write something about the latest progress on your research project? No need to convince an academic publisher of the merits. Just put up a web page.

People accessing the web benefited from their ability to completely control their own web browser. In fact, in the Hypertext Transfer Protocol, the web browser is referred to as a “user agent” that accesses the Web on behalf of the user. Want to see the raw HTML as delivered by the server? Right click on your screen and use “view source.” Want to see only text? Instruct your user agent to turn off all images. Want to fill out a web form but keep a copy of what you are submitting for yourself? Create a script to have your browser save all form submissions locally as well.

Over time, popular platforms on the web have interfered with some of the freedom and autonomy that early users of the web used to enjoy. I went on Facebook the other day to find a witty note I had written some time ago on a friend’s wall. It turns out that Facebook makes finding your own wall posts quite difficult. You can’t actually search all the wall posts you have written in one go; rather, you have to go friend by friend and scan manually backwards in time. Facebook has all the data, but for whatever reason, they’ve decided not to make it easily searchable. I’m not suggesting any misconduct on Facebook’s part—that’s just how they’ve set it up. The point, though, is that you experience Facebook the way Facebook wants you to experience it. You cannot really program Facebook differently for yourself. If you don’t like how Facebook’s algorithms prioritize your friends’ posts in your newsfeed, then tough luck, there is nothing you can do.

Or is there? Imagine what would happen if everything you did on Facebook was mediated by a software program—a “bot”—that you controlled. You could instruct this bot to go through and automate for you the cumbersome steps that Facebook lays out for finding past wall posts. Even better, if you had been using this bot all along, the bot could have kept your own archive of wall posts in your own data store (e.g., a Dropbox folder); then you could simply instruct the bot to search your own archive. Now imagine we all used bots to interact with Facebook. If we didn’t like how our newsfeed was prioritized, we could simply ask our friends to instruct their bots to send us status updates directly so that we can form our own feeds. With Facebook on the web this was entirely possible because of the open protocol, but it is no longer possible in a world of proprietary and closed apps on mobile phones.

Although this Facebook example might sound trivial, bots have profound implications for power in a networked world. Consider on-demand car services provided by companies such as Uber and Lyft. If you are a driver today for these services, you know that each of these services provides a separate app for you to use. And yes you could try to run both apps on one phone or even have two phones. But the closed nature of these apps means you cannot use the compute power of your phone to evaluate competing offers from the networks and optimize on your behalf. What would happen, though, if you had access to bots that could interact on your behalf with these networks? That would allow you to simultaneously participate in all of these marketplaces, and to automatically play one off against the other.

Using a bot, you could set your own criteria for which rides you want to accept. Those criteria could include whether a commission charged by a given network is below a certain threshold. The bot, then, would allow you to accept rides that maximize the net fare you receive. Ride sharing companies would no longer be able to charge excessive commissions, since new networks could easily arise to undercut those commissions. For instance, a network could arise that is cooperatively owned by drivers and that charges just enough commission to cover its costs. Likewise, as a passenger using a bot could allow you to simultaneously evaluate the prices between different car services and choose the service with the lowest price for your current trip. The mere possibility that a network like this could exist would substantially reduce the power of the existing networks.

We could also use bots as an alternative to anti-trust regulation to counter the overwhelming power of technology giants like Google or Facebook without foregoing the benefits of their large networks. These companies derive much of their revenue from advertising, and on mobile devices, consumers currently have no way of blocking the ads. But what if they did? What if users could change mobile apps to add Ad-Blocking functionality just as they can with web browsers?

Many people decry ad-blocking as an attack on journalism that dooms the independent web, but that’s an overly pessimistic view. In the early days, the web was full of ad-free content published by individuals. In fact, individuals first populated the web with content long before institutions joined in. When they did, they brought with them their offline business models, including paid subscriptions and of course advertising. Along with the emergence of platforms such as Facebook and Twitter with strong network effects, this resulted in a centralization of the web. More and more content was produced either on a platform or moved behind a paywall.

Ad-blocking is an assertion of power by the end-user, and that is a good thing in all respects. Just as a judge recently found that taxi companies have no special right to see their business model protected, neither do ad-supported publishers [96]. And while in the short term this might prompt publishers to flee to apps, in the long run it will mean more growth for content that is paid for by end-users, for instance through a subscription, or even crowdfunded (possibly through a service such as Patreon).

To curtail the centralizing power of network effects more generally, we should shift power to the end-users by allowing them to have user agents for mobile apps, too. The reason users don’t wield the same power on mobile is that native apps relegate end-users once again to interacting with services just using our eyes, ears, brain and fingers. No code can execute on our behalf, while the centralized providers use hundreds of thousands of servers and millions of lines of code. Like a web browser, a mobile user-agent could do things such as strip ads, keep copies of my responses to services, let me participate simultaneously in multiple services (and bridge those services for me), and so on. The way to help end-users is not to have government smash big tech companies, but rather for government to empower individuals to have code that executes on their behalf.

What would it take to make bots a reality? One approach would be to require companies like Uber, Google, and Facebook to expose all of their functionality, not just through standard human usable interfaces such as apps and web sites, but also through so-called Application Programming Interfaces (APIs). An API is for a bot what an app is for a human. The bot can use it to carry out operations, such as posting a status update on a user’s behalf. In fact, companies such as Facebook and Twitter have APIs, but they tend to have limited capabilities. Also, companies presently have the right to control access so that they can shut down bots, even when a user has clearly authorized a bot to act on his or her behalf.

Why can’t I simply write code today that interfaces on my behalf with say Facebook? After all, Facebook’s own app uses an API to talk to their servers. Well in order to do so I would have to “hack” the existing Facebook app to figure out what the API calls are and also how to authenticate myself to those calls. Unfortunately, there are three separate laws on the books that make those necessary steps illegal.

The first is the anti-circumvention provision of the DMCA. The second is the Computer Fraud and Abuse Act (CFAA). The third is the legal construction that by clicking “I accept” on a EULA (End User License Agreement) or a set of Terms of Service I am actually legally bound. The last one is a civil matter, but criminal convictions under the first two carry mandatory prison sentences.

So if we were willing to remove all three of these legal obstacles, then hacking an app to give you programmatic access to systems would be possible. Now people might object to that saying those provisions were created in the first place to solve important problems. That’s not entirely clear though. The anti circumvention provision of the DMCA was created specifically to allow the creation of DRM systems for copyright enforcement. So what you think of this depends on what you believe about the extent of copyright (a subject we will look at in the next section).

The CFAA too could be tightened up substantially without limiting its potential for prosecuting real fraud and abuse. The same goes for what kind of restriction on usage a company should be able to impose via a EULA or a TOS. In each case if I only take actions that are also available inside the company’s app but just happen to take these actions programmatically (as opposed to manually) why should that constitute a violation?

But, don’t companies need to protect their encryption keys? Aren’t “bot nets” the culprits behind all those so-called DDOS (distributed denial of service) attacks? Yes, there are a lot of compromised machines in the world, including set top boxes and home routers that some are using for nefarious purposes. Yet that only demonstrates how ineffective the existing laws are at stopping illegal bots. Because those laws don’t work, companies have already developed the technological infrastructure to deal with the traffic from bots.

How would we prevent people from adopting bots that turn out to be malicious code? Open source seems like the best answer here. Many people could inspect a piece of code to make sure it does what it claims. But that’s not the only answer. Once people can legally be represented by bots, many markets currently dominated by large companies will face competition from smaller startups.

Legalizing representation by a bot would eat into the revenues of large companies, and we might worry that they would respond by slowing their investment in infrastructure. I highly doubt this would happen. Uber, for instance, was recently valued at $50 billion. The company’s “takerate” (the percentage of the total amount paid for rides that they keep) is 20%. If competition forced that rate down to 5%, Uber’s value would fall to $10 billion as a first approximation. That is still a huge number, leaving Uber with ample room to grow. As even this bit of cursory math suggests, capital would still be available for investment, and those investments would still be made.

That’s not to say that no limitations should exist on bots. A bot representing me should have access to any functionality that I can access through a company’s website or apps. It shouldn’t be able to do something that I can’t do, such as pretend to be another user or gain access to private posts by others. Companies can use technology to enforce such access limits for bots; there is no need to rely on regulation.

Even if I have convinced you of the merits of bots, you might still wonder how we might ever get there from here. The answer is that we can start very small. We could run an experiment with the right to be represented by a bot in a city like New York. New York’s municipal authorities control how on demand transportation services operate. The city could say, “If you want to operate here, you have to let drivers interact with your service programmatically.” And I’m pretty sure, given how big a market New York City is, these services would agree.