Cory Doctorow is a science fiction author, activist and journalist. His most recent fiction book is “The Lost Cause,” a solarpunk science fiction novel of hope amid the climate emergency, and his most recent nonfiction book is “The Internet Con: How To Seize The Means Of Computation,” a Big Tech disassembly manual from which this essay is adapted.
In 2020, 75% of Massachusetts voters voted in favor of an automotive right-to-repair ballot initiative, which would force auto manufacturers to share access to diagnostic information with car owners and independent mechanics, so any mechanic could fix your car. You wouldn’t be locked into taking it to the manufacturer.
The people of Massachusetts were pretty adamant: They wanted to choose their own mechanics. They had voted even more forcefully for a very similar right-to-repair initiative in 2012.
The problem is that right to repair only came into effect in August. The carmakers had so much ready cash (much of it accumulated by gouging drivers on maintenance) that they were able to pay an army of lawyers to challenge the law in court. In the decade since Massachusetts voters affirmed their overwhelming support for automotive right to repair, the actual state of it in Massachusetts went into freefall, with an ever-growing proportion of the cars on the road becoming inaccessible to independent mechanics. And it’s still on shaky ground, not fully enforced, and carmakers are deactivating some of the features in cars so they don’t have to share the specifics of how to repair them.
The mechanics were the first casualties of this attack. Drivers who brought their cars in for repairs would have to be turned away because the local independent mechanic just couldn’t diagnose their problems. Independent mechanics closed down shops and exited the trade — or went to work for dealerships, who had a buyer’s market for their labor and could name their prices and terms.
Drivers were the second casualty: There was no official list of all the cars that independent mechanics could fix. If you crossed your fingers and went to the local mechanic you’d used for years, there was a chance they could fix your car but a growing probability that they’d get it up on the lift and tell you they couldn’t even attempt the repair, and off to the dealership you would have to go.
Creditors and investors were the third casualties: Mechanics struggled to service their bank loans or pay back the investors who’d taken a chance on their business.
Mechanics learned not to try to buck the system. Drivers learned not to try to go around the dealership’s monopoly. The banks and investors learned never to bet against Big Car.
It didn’t have to be that way.
Imagine a contrafactual with me for a moment. Imagine if a few smart MIT kids reverse-engineered automotive diagnostic codes and designed a gadget with a $7 bill of materials, commissioned a factory in Guangzhou or Shenzhen to make a couple container loads of them, then shipped them to the U.S. They could sell those little dongles to every mechanic in the country at $100 a throw.
With margins like that, it’s not hard to imagine that there would be interested investors. Ancillary businesses — third-party parts distribution, warranties and other high-margin services — could strike at the core of the automakers’ own commercial ambitions. Perhaps just the threat of such a countermove would be sufficient to convince automakers to color within the lines and offer a managed, predictable diagnostic tool; it might erode their margins, but at least it would be on their own terms.
But if it didn’t, well, then, we’d still have the gadget. Mechanics could diagnose cars, so drivers could patronize the mechanics of their choosing. Everybody would win (except the automakers, who would lose, but honestly, fuck them).
This is what I’ve been calling “comcom” — competitive compatibility. For most of modern history, this kind of guerrilla interoperability, achieved through reverse engineering, bots, scraping and other permissionless tactics, were the norm. But a growing thicket of “IP” laws creates severe legal jeopardy for these time-honored traditions. Just one of these IP rules — the “anti-circumvention” provision in Section 1201 of 1998’s Digital Millennium Copyright Act — provides for a five-year prison sentence and a $500,000 fine for anyone who bypasses “an effective means of access control.” And that’s for a first offense!
Combining comcom and mandates (like the Massachusetts right to repair law), could create something more powerful than either is on its own. Mandates and comcom are like two-part epoxy: The mandate is strong but brittle, comcom is flexible but requires constant maintenance to keep it from bending out of shape. Together, they are strong and resilient.
Comcom was once the order of the day. Originally, there was no copyright on software at all. Then it acquired a “thin” copyright that could only be narrowly applied. Then software acquired a copyright far beyond any ever applied to literary works, musical compositions, sound recordings, photos or moving images.
The prohibition on circumventing digital rights management makes software the most copyrighted class of works in the world. Software authors (or rather, the corporations that employ them) enjoy more restrictions under copyright than the most talented composer, the most brilliant sculptor or the greatest writer.
But anti-circumvention is just the beginning. The thicket that blocks comcom is woven out of software patents, exotic contract theories (“tortious interference”) and trademark, trade-secrecy, noncompete, nondisclosure and cybersecurity law, as well as other laws, policies and regulations. The thicket took decades to grow. Dismantling it will be the work of decades. It’s unlikely that a single omnibus bill modifying all of these laws could pass any legislature. It would gore far too many oxen. Even if it did, the court challenges could tie up the process for years or decades.
Not that we shouldn’t try! We should! There are lots of long-term projects that deserve our commitment and attention (think: remediating climate change). But it’s not enough to pledge our- selves to long-term reform — we need action today.
How can we get comcom back while we’re waiting for decades of legislative reform to run its course? Here are three scenarios, in order of likelihood.
Binding Covenants
Companies sometimes agree not to block interoperability. For example, if your company wants to help create web standards at the World Wide Web Consortium (W3C), it has to promise not to enforce its patents against interoperators who implement the standards it helps create.
There are plenty of clubs that companies would like to join, where we can make comcom nonaggression pacts a condition of entry. Standards bodies can — and should — adopt a rule that says that members who join must make a legally binding promise not to invoke their rights under patents, copyright, anti-circumvention, trade secrecy, etc., against rivals who reverse engineer and extend their standards-compliant products, so long as this is done in service to privacy, security, usability, accessibility or competition.
But there’s a much bigger, more important club that every large company wants to be a member of: the club of companies that supply government agencies and departments.
Most governments have “procurement rules” that define the minimum standards of conduct from the suppliers that sell goods and services to them: They specify what kind of insurance these companies must carry, how they must handle private data, how they must treat their workforce, where they must manufacture their products and source their inputs from and so on.
Governments can — and should — have rules about interoperability in their procurement policies. They should require companies hoping to receive public money to supply the schematics, error codes, keys and other technical matter needed to maintain and improve the things they sell and provide to our public institutions.
That’s not a radical proposition — it’s just sound governance. Governments should spend public funds in ways that deliver value for money, and vendor lock-in does not deliver value for money.
The whole point of vendor lock-in is to give customers a stark choice: pay whatever the manufacturer is charging for software, parts, consumables and service, or throw the product away and start again. Maybe you can’t make HP give up its ink-gouging grift, but if the U.S. government announced that no federal department could buy a printer unless it accepted third-party ink, either HP would cave or one of its rivals would.
This has a long and honorable tradition. When Abraham Lincoln sourced rifles for the Union Army, he insisted that they use interoperable tooling and ammo. I mean, obviously, right? “Sorry general, we won’t be taking that fort today — the bullets we received aren’t compatible with our rifles.”
Amazingly, this is a lesson that even the U.S. Department of Defense, one of the largest employers in America and an eight-bazillion-pound gorilla in the procurements department, has forgotten. The U.S. armed forces have long permitted themselves to buy materiel with single-source components — that is, parts that are made only by a single vendor.
Shrewd private equity investors noticed this and quietly gobbled up all these single-source suppliers. Then, these conglomerates lowered the price of their single-source parts. These parts are now available below cost, which means that the primary military aerospace contractors (a handful of companies, thanks to an orgy of mergers) preferentially build aircraft, drones and other systems with parts that can only be purchased from a single supplier.
You might have predicted the next phase of the scam. While these parts are sold well below cost to the companies that build military jets, when the military needs to order those parts to fix those jets, the parts come with multi-thousand-percent markups. So long as the cost of fixing a jet is lower than the cost of replacing it, the military will pay.
Now, I happen to be a military abolitionist, but even so, I can’t see any reason that military procurements should line the pockets of private equity profiteers who have figured out how to worm their monopoly products into the military’s supply chain.
That goes double for all the peacetime public spending. Government motor pools buying cars, school districts running Google Classroom, administrative agencies getting Microsoft 365, Slack and Zoom licenses — they should extract binding promises from every one of these vendors not to attack interoperators who reverse engineer, modify and improve their products on behalf of government customers.
If every vendor selling to any branch of local, state or federal government has a binding nonaggression contract against adversarial interoperators, that opens whole swaths of products and services to reverse engineering and improvement.
The automakers will complain that there is no way that a diagnostic tool could be made readily available to every local, state and federal government agency without that tool leaking out into the hands of private-sector mechanics. They’ll point out that private-sector mechanics sometimes fix public-sector vehicles, and so they’d be entitled to purchase and use these tools for their government customers, but it would be impossible to stop them from using those same tools on the privately owned cars that their other customers bring in for maintenance.
So what?
It’s not the government’s job to figure out how to protect automakers’ cockamamie repair-rigging schemes. It’s the government’s job to prudently administer public finances and public procurements. If automakers can’t bear the emotional (or financial) strain of knowing that their customers have the option to entrust their car repairs to someone other than their authorized service depots, then those automakers can find a less emotionally taxing trade to pursue. Or they can just forego all public customers and take massive losses — some other automaker will choose to deal on terms in accord with good public procurement policy.
But they’re right. If governments demand that companies promise not to sue or harass interoperators doing comcom on behalf of public-sector policies, it will create a vast pool of comcom tools out there that will inevitably leak into all our hands.
State Limits On Contract
One-sided, bullying contracts are a major impediment to comcom. Companies use nondisclosure, noncompete, trade-secrecy, terms-of-service and “tortious interference” claims to prevent their competitors from offering interoperable products and services. They argue that these rivals can’t even begin to reverse engineer their products without first “agreeing” to a contract in the form of a clickthrough or shrinkwrap license.
Then they argue that even if someone somehow does manage to reverse engineer their products without being trapped by one of these “agreements,” that any comcom tool they provide to the public is “tortious interference.” Translation: Any customer who uses a comcom tool has already “agreed” not to do so when they clicked “I Agree” at the bottom of some endlessly scrolling garbage novella of legalese. Under the “tortious interference” theory, the interoperator is in the wrong because they’re abetting those customers to break their “agreements” with the original company.
Contract law is mostly regulated by states, and every state has its own set of contractual terms that are considered unenforceable; some states even ban certain terms from appearing in contracts. Take California, where noncompete agreements were mostly unenforceable and, as of October, unlawful. That has been hugely important to the history of the state.
The first semiconductor company in California was founded by William Shockley, who shared a Nobel Prize for figuring out how to make transistors, a key step in the development of computing technology. Shockley Semiconductor Laboratory opened for business in 1955 and recruited brilliant technologists to work on semiconductor devices, but closed in 1968. It never made a successful microchip.
That’s because William Shockley was more or less a Nazi.
Shockley was an ardent eugenicist who devoted his energy to touring America and offering Black women shares of his Nobel prize money if they promised to be sterilized and thus removed from the gene pool. He was a brooding, paranoid, hateful man, prone to wiretapping his employees and even his family, and his company struggled to develop any sort of high-tech products, much less bring them to market.
Working for William Shockley was no fun. But because California banned noncompetes, eight of Shockley’s top engineers (“The Treacherous Eight,” in tech lore) were free to quit their terrible jobs, raise investment capital and start Fairchild Semiconductor, the first successful microchip company in Silicon Valley.
Fairchild was a nerd’s playground — at first. But as time went by, the company ossified, coming under the sway of a straitlaced management committee, prompting two of the company’s top engineers to quit and start their own company. They swiftly devastated the ranks of Fairchild, poaching the best of their former colleagues to work for them at their startup, which they called Intel.
Contract law is a powerful lever for encouraging — or starving — competition. California’s policy of blocking noncompetes gave us Silicon Valley. Massachusetts’s tolerance for noncompetes left the state’s once-promising tech sector in California’s dust. Neither Massachusetts nor California had a monopoly on companies founded by bad people with good ideas — but if you were unfortunate enough to join one of those companies in Massachusetts, you were stuck working for them. Until 2018, if you quit, you had to leave your chosen field for three years until your noncompete expired. Massachusetts startups became a place where good ideas went to die, dragging skilled technologists behind them.
When modern companies seek to block comcom, contract law is a powerful weapon. Terms of service can be invoked to ban users from availing themselves of interoperable tools (from third-party ink to third-party parts to ad blockers for social media), which also opens the door to tortious interference claims against the companies who make comcom tools.
Noncompetes can be invoked (in most states) to prevent former employees from striking out on their own with interoperable products that help their previous employers’ customers pay less and get more from the services they use. Trade secrets and nondisclosure can be invoked even when no noncompete exists, as a means of preventing former employees from directly competing with interoperable products and services.
All of these can be moderated by state-level rules on contracting; by banning certain terms or declaring them unenforceable, states could kick open the doors to Big Tech’s biggest silos. What’s more, given the concentration of tech in a few geographic regions in the U.S. (and the problems associated with moving elsewhere), changes in just a few states could make a huge difference for people across America, and the world. Pass bills in California, New York and Washington and you’d be much of the way there. Throw in Texas and Massachusetts and you’d have nearly every base covered.
These changes would be good for business! Admittedly, they’d be bad for giant, stagnant monopolists, but they’d be good for all the small businesses that would nibble them to death with a thousand comcom products that shifted value back to users and workers and away from big institutional shareholders.
Adult Supervision
There is pending legislation called the U.S. ACCESS Act, which has a successful equivalent in the EU Digital Markets Act; it is a powerful bill that would force the biggest tech companies to open up their silos by making available APIs (gateways for exchanging information with their users). This is meant to allow interoperability without the messiness and unreliability of comcom.
But while an API sounds like a reliable way for users who quit a platform to go on communicating with the people they left behind there, it has one major weakness: The API has to be run by the big company, and it is designed to erode that company’s monopoly profits by directly enabling its competitors to eat its lunch by luring away its most valuable users.
This creates a powerful incentive for the tech companies to cheat — and there are so many hard-to-detect ways to do so. They could slow things down to a crawl and blame too much traffic. They could throw out a lot of spurious error messages and shake their heads in bewilderment. They could introduce random dropped messages — say, 3% of the overall traffic, which would make everything kind of suck but be hard to decisively identify.
The tech giants cheat all the time. They are pathologically incapable of not cheating. Whether it’s privacy law, competition law, labor law, environmental law — you name it, they cheat on it. But they also kind of suck at it. They keep getting caught. A disgruntled employee blows the whistle, for example, or the conspirators just get sloppy.
When a tech giant cheats on the ACCESS Act or the Digital Markets Act, and when it gets caught, it will have to pay a very large fine. These laws are designed to hurt. Obviously, cheaters will throw lawyers at the problem. When the fine runs into the billions, it’s rational to spend hundreds of millions on outside counsel to get it reduced. One thing those lawyers will eventually do is offer a settlement: “Let’s just resolve this like reasonable people, and spare everyone all that delay and court expenses, shall we?”
Here’s the settlement we should offer them: a special master. A special master is a court-appointed guardian who supervises the conduct of a company or individual as part of a court procedure or settlement.
This person would act as adult supervision for cheating tech companies. Before a tech giant could sue or threaten another company, the special master would have to sign off on it, to make sure that the lawsuit was about a true infringement and not merely a way to prevent a competitor from doing some comcom to help the cheater’s customers get more privacy, usability, accessibility or equity.
This is like having a corporate parole officer, someone who has to approve any moves outside the usual routine. It’s a very big step to take, but very big companies demand very big steps.
Once a company has adult supervision, would-be interoperators are on a much surer footing. They can reverse engineer, scrape and take other comcom measures and know that the tech giant they’re nibbling away at can’t bring the law to bear against them, provided that they can make a case to the special master that they’re acting on behalf of the users. That’s an assurance that technologists can bring to investors or crowd-funders or granting agencies, opening up space for startups, social enterprises, nonprofits and co-ops to provide interoperable services.
The Interoperator’s Defense
This one is way out there, but it’s a potentially valid shortcut. Rather than reforming copyright, trademark, contract, patent, trade-secrecy, cybersecurity and other laws so they can’t be used to obstruct comcom, we just create a legal defense against claims under these laws (and others).
Here’s how that defense works: A company could sue you for breaking one of these laws, but in the early stages of the trial, you can put forward the defense that you were engaged in interoperability that furthered user privacy, security, accessibility or other legitimate interests. If the judge decides that’s what you were doing, the case ends.
This means that companies still get their day in court. They can still use the law to shut down people who hack their service and hurt their users. But interoperators also get a day in court. They can use a relatively cheap, relatively fast legal process to get past otherwise punitively expensive and time-consuming courtroom fights with monopolists whose legal budgets are effectively unlimited — who might be willing to spend otherwise irrational sums of money getting the courts to put interoperators out of business because that will scare off future comcom upstarts.
Interop mandates and comcom are no substitutes for traditional antitrust remedies like corporate breakups. There’s just nothing fair about massive, deep-pocketed companies operating app stores and competing with the companies that sell apps in those stores, or selling e-books and also competing with the authors and publishers who publish on their e-book stores, or serving search results and also competing with the companies listed in those results, or operating a social media network and also a bunch of other social media networks.
But breakups take a long-ass time. Consider the breakup of AT&T. At first it looks like it took eight or so years: from 1974, when the Justice Department filed its antitrust lawsuit, to 1982, when the breakup was finalized. That’s extremely misleading! In truth, U.S. competition regulators first took on AT&T in 1913, 69 years before the company was finally broken up. For most of the intervening decades, AT&T was fending off some kind of attempt to tame it.
We have monopolies — lots of them, in every sector, including tech. With monopolies, an ounce of prevention is worth a ton of cure. But, as the old Irish joke goes, “If I were you, I wouldn’t start from here.”
Tech’s critics rightly decry “tech exceptionalism,” the idea that tech is different and so should play by a different set of rules — and they’re right in at least two ways:
First, tech is foundational. The questions of tech monopoly aren’t inherently more important than, say, the climate emergency or gender and racial discrimination. But tech — free, fair, open tech — is a precondition for winning those other fights. Winning the fight for better tech won’t solve those other problems, but losing the fight for better tech extinguishes any hope of winning those more important fights.
Second, tech is interoperable. That means that, long before we break up Meta (formerly Facebook) or Google or Microsoft or Apple, we can offer immediate, profound relief to the people whose freedom of motion is hemmed in by tech’s walled gardens. We don’t have to wait for breakups to allow someone to install a third-party app, or bypass heavy-handed (or overly tolerant) moderation, or overcome the algorithmic burial of their material. We can do that right now, with interop.
And when we do, we hasten breakups! The bullying that walled gardens enable isn’t driven by sadism, after all, but by profit. Letting people wriggle out of companies’ bad decisions means that those companies will lose the money they would have otherwise earned thereby — and if companies behave better to prevent those users from defecting, then they will forego the profits they would have realized by acting worse.
Monopolies need those profits to defend themselves from trustbusters. Hiring lawyers to outfox the Justice Department isn’t cheap, and IBM wouldn’t have been able to pay those bills if it hadn’t been piling up a war chest by abusing its monopoly for decades. Interop starves the beast, depriving monopolists of the excess profits they would otherwise be able to use to keep trustbusters at bay. With interop, it’s harder for a company to make itself too big to jail.
But interop also makes it harder for a company to make itself too big to fail. The Pentagon wouldn’t have been such an ardent defender of AT&T if it hadn’t been so dependent on Ma Bell: If the U.S. military could have easily uncoupled itself from AT&T — by buying interoperable products and services to replace the ones that Bell Labs supplied — then the Defense Department might have been less eager to go to war to defend the Bell System.
And, as Lincoln knew, the military shouldn’t be single-sourcing key capacities to one company without at least securing a promise of interoperability.
Starve monopolies of the profits used to hold trustbusters at bay, cut them off from the allies who fight trustbusters on their behalf, and maybe it won’t take 69 years to break up Microsoft. Or Apple. Or Google. Or Meta. Or Salesforce. Or Oracle.