“Enough is enough,” said Theresa May outside 10 Downing Street after the London Bridge attack last month. “When it comes to taking on extremism and terrorism, things need to change.” And one of those things was the behaviour of internet firms, which should not allow extremism a place to breed. “Yet that is precisely what the internet – and the big companies that provide internet-based services – provide,” she continued.
May’s speech was only the latest example of the frustration among governments with the way that the internet, and internet companies, seem to elude and ignore the rules by which everyone else has to live. From encrypted apps used by terrorists (but also by peaceful activists) to online abuse, and fake news to hacking and radicalisation, the friction between the two sides is growing. France and Germany have implemented fines for companies that allow Nazi content to remain online, while in the US the FBI demanded that Apple write software to hack into an iPhone used by one of the San Bernardino killers, and took the firm to court when it refused.
Internet companies, meanwhile, suggest that governments should butt out because these companies control the tools that can sort out the problems. However, governments have much to say on the matter. The European commission’s decision to fine Google €2.4bn (£2.1bn) for favouring its own shopping service – with decisions yet to come on its control of Android and the Google Play app store – suggest that some problems, at least, are seen as the province of legislators.
In the meantime, the public is caught in the middle: relying on both tech companies and government, and often as puzzled as the politicians why so little can be done. (In the FBI-Apple case, public opinion about which side was correct was almost evenly split; the FBI eventually dropped the case when it found another company to carry out the hack.)
Why, politicians and public ask, can’t these companies give us just the benefits of digital communication, and not the downsides? It’s the implication of May’s remarks; it’s the implication of the frosty meetings between successive home secretaries and internet executives, such as the one two weeks ago between Amber Rudd and Facebook’s Sheryl Sandberg, who, the Sun reported, planned to “refuse MI5 access to terror plotters’ encrypted messages”. This makes it sound as though Sandberg could somehow personally reverse the encryption built in to WhatsApp (which Facebook owns) or Telegram (favoured by terror groups for features such as time-limited messages – and which Facebook doesn’t own). She can’t, or at least in WhatsApp’s case to do so would render it hopelessly insecure for everything, while leaving untouched the scores of other apps using the unbottled genie of unbreakable encryption.
At this point, the word “regulation” always surfaces. Can’t governments regulate the internet, or regulate the companies? The idea of a “bonfire of regulations” was popular after the Brexit vote. Following the Grenfell Tower calamity, however, the notion that regulation might actually be useful is back in vogue. If you enforce regulations for cladding, why not for videos and other content online?
To some, the idea of regulation is more complex. “Since when has the internet not been regulated? It’s simply regulated poorly,” says Douglas Rushkoff, a media commentator who was one of the earliest to spot the potential of the internet in the early 1990s. Back then, he says, “we cyberpunks saw the law as the enemy. They had been arresting the best of us for ‘hacking’ into things. Teenagers were thrown into jail in Operation Sun Devil [in 1990]. So we agreed with [Electronic Frontier Foundation co-founder John Perry] Barlow when he established the net as a government-free zone in his declaration of independence of cyberspace.”
That document, published in 1996, proclaimed (with a certain pompous certainty) that the internet was a new place entirely, which would be beyond the regulatory grasp of the “weary giants of flesh and steel” and that “you [governments] have no moral right to rule us, nor do you possess any methods of enforcement we have true reason to fear”.
Bill Clinton’s administration was happy enough to allow that idea to flourish in order to let this new avenue of commerce to grow, effectively turning the net into the equivalent of an economic free-trade zone by loosening tax laws (a move that significantly benefited Amazon, among others). Everyone was happy – for a while, at least. “What we didn’t realise was that pushing government off the net made it a free for all for corporations, and a new form of digital capitalism was born,” Rushkoff says.
That capitalism has enabled the rise of “winner takes all” businesses, where Google and Facebook get more than 70% of all US online advertising spending, and are increasing that share. Tick off a few names – Google, Facebook, Snapchat, Twitter – and you have the names of the companies whose platforms control almost all of what you see online.
There are two driving forces behind any internet company: first, capture a gigantic audience that depends on your service. Second, figure out how to make money from them. Ultra-growth often comes from breaking the usual rules of business (particularly the initial need to make a profit) and exploiting loopholes in, or just ignoring, the law. Many companies operate with an underlying assumption that the law somehow doesn’t apply to the internet; a number of companies have discovered belatedly that it certainly does, from Napster (shut after court rulings) to TV re-broadcaster Aereo (shut down after a US supreme court ruling) to Airbnb (reined in by local rental regulations) to Uber (reined in by city transport regulations).
When it works, though, that growth creates a “network effect” (where you want to join a network because your friends are on it; you won’t leave for another one because none of your friends are on that). Monetisation then draws in the money being spent in that niche, and depletes the money available for rivals, including those using old technology. Because the internet favours the nimble, smaller companies reap the early benefits, and then increase their grip by strengthening the network effect.
Is that good, though? Jaron Lanier, an internet pioneer who first espoused the idea of commercial virtual reality (in the 1990s), worried in his 2013 book Who Owns the Future? that the way new companies such as Instagram use the internet is destroying the middle class by removing jobs and offering no replacement. “It’s a winner-take-all capitalism that’s not sustainable,” he told Salon. He pointed to Instagram, not then owned by Facebook, as having just 13 employees, and having effectively wiped out Kodak, the camera and film-maker, which had employed thousands. Where, he asked, had those thousands of jobs gone? No one quite knows.
Even as they revel in their network-reinforced positions, the big tech companies are battling with problems so big and intractable, and so far-reaching in their effects, that to find comparisons in the real world you have to look for truly global phenomena. The problems engendered by the internet have crept up on us over the years, but only recently have they seemed overwhelming. It’s like a social form of climate change, and the analogy works surprisingly well.
When the industrial revolution got under way, replacing human labour with machines was more efficient, more powerful, and expanded humanity’s horizons. Machines powered by coal and then oil liberated people from drudgery and made entirely new lifestyles possible.
No one knew that the accretion of emissions from those machines would contribute to potentially devastating climatic, and hence societal, changes. Even if they had known in the 1800s that steam power would affect the ice sheets of the recently discovered continent of Antarctica, so that two centuries later sea levels and surface temperatures would be rising, would they have cared? After all, it’s hard to say enough people do even now.
Comparing the internet’s social effects to climate change, one sees many of the same modest initial intents and big longer-term effects. For example, Twitter’s founders were trying to create a messaging system that could work on mobile phones and would be like the status messages used on desktop chat systems. Then they discovered it could offer real-time updates from anywhere, from plane crashes in the Hudson to what’s presently skittering across Donald Trump’s mind. But it has also contributed to an atmosphere where users can be harassed on a scale unimaginable in physical form. Twitter’s founders would have been – and still are – appalled by the idea that they had created a service that would enable the organised harassment of women (as seen in the Gamergate dispute), or the organisation of the “alt-right”, or the disruption by paid Russian trolls of the US presidential election and, perhaps, Brexit.
But they built the engines for it. In 2012, Twitter’s UK general manager, Tony Wang, told a London audience that, in the view of its chief executive (then Dick Costolo, since replaced by the returning founder Biz Stone) and its chief counsel, the social network was “the free-speech wing of the free-speech party”. “There are Twitter rules about what you can and can’t do on the platform,” he added. However, those rules were exceedingly loosely applied. Extremists and troublemakers of all stripes flourished on Twitter; after a while it wasn’t their presence that was shocking, but their being banished.
The idea that anything not legally actionable was probably permissible was the diesel engine at the heart of Twitter. Only when it had been running for long enough and grown big enough would its deleterious effects become obvious. In the hurry to achieve scale, Twitter forgot to build in the equivalent of emissions checks. The result? All those noxious effects that you’ve heard about. The emergent problem of thousands of people intent on harassing others from anonymous accounts – and creating new ones if they were deleted or blocked – had never been seen at any scale in the real world.
Twitter keeps wrestling with the problem, but it is too big for it to cope with; the only way to stop the abuse would be to fundamentally change how Twitter works. But Twitter gives no sign of doing that, despite the evidence from surveys – most recently by Ofcom – showing that such abuse puts women off using social networks. In the physical world, a systemic design flaw that discourages half your potential customer base would be cause for a rethink; in the technological world, it’s just tough on them.
Fake news is a similar “global warming” problem. Facebook became the breeding ground for fake news entirely by its accidental mixing of a gigantic daily audience of a billion people, a news feed system biased to show you content that either outraged or reinforced your views, and the binary American political system. Google, meanwhile, unwittingly promoted sexist, racist or just inaccurate search results by blindly following its underlying business model, which rewards content that gets attention, regardless of accuracy.
It’s like a coal-fired power station, providing exactly what huge numbers of people want, but over time inconveniencing everyone just a little; and for those too close to its exhaust, a lot. Also like global warming, the process produces secondary effects: just as a warmer planet makes the sea a little higher, so the focus by the internet giants on attention over accuracy nudges media outlets towards “clickbait” rather than in-depth focus; like migrating fish, they’re just adapting to stay alive in the conditions.
And YouTube? Google repeatedly points out that hours of video are uploaded to it every second. How can it spot extremist videos or radicalisation content among those? Last month, Google’s chief lawyer, Kent Walker, said that “there should be no place for terrorist content on our services”, and “the uncomfortable truth is that we, as an industry, must acknowledge that more needs to be done. Now.”
Walker’s answer wasn’t to get video uploads approved by humans (as happens at publishers), but the application of unspecified “technology” to “help identify extremist and terrorism-related videos” – although more humans will be trusted to have correctly flagged such content.
Once again, it feels like a minimalist approach to a huge problem. Go back to what Theresa May said: extremism gets a place to breed, and “that is precisely what the internet – and the big companies that provide internet-based services – provide”. Recent research has found that extremist content from Islamic State can remain on YouTube for days (though the median period seems to be less than 24 hours). By offering an open platform, YouTube has created its own impossible challenge; it can’t prevent extremist video being on there unless either it stops people being extremist or examines every video before it is published, the very suggestion of which horrifies internet executives.
YouTube and Facebook and Twitter argue that they aren’t publishers, but more like the phone company, providing a service to people who are free to use it well, or badly. That would be true, except that they are happy to do the equivalent of cutting off phone calls – or your phone service – when they detect the wrong sort of content. Just like the phone company too, they will let the police and intelligence services monitor what goes on, given a court order. It simply puts their surveillance tools temporarily in the hands of the authorities. That all becomes moot once those targeted for monitoring are using encrypted apps such as Telegram: it’s not physically possible to tap what goes on in those communications.
The inherent contradictions in the positions, both of governments and the tech companies, irks some. “With regard to Isis using Telegram to organise, there is a disconnect here,” says Maciej Ceglowski, a Polish-American web developer who is trying to organise Silicon Valley workers to agitate against cooperation with Trump’s administration. “On the one hand, the police feel threatened because there may be technological means to have a conversation that no one can eavesdrop on. That’s never been the case before. [But] the police have never had the tools of mass surveillance that they do now. We have never been as monitored as we are now. So you end up in a situation where the police are complaining about inadequate surveillance, even as they build a surveillance state the Stasi could only dream about. They see it in terms of losing a power they used to have [eavesdropping by court order], while ignoring the enormous increase in their power brought by technological changes.”
Ceglowski is hardly a household name even inside tech: he runs a paid-for bookmarking site called Pinboard, which has just 24,000 users. What sets him apart is that his self-funded business makes an operating profit of about $200,000 annually. His perspective is important because he has never succumbed to the grandiloquent ambitions of Silicon Valley. Quite the reverse: “I enjoy the looking-glass aspect of our industry, where running a mildly profitable small business makes me a crazy maverick not afraid to break all the rules,” he said in 2014.
The warnings from those such as Ceglowski is that governments – Chinese, Turkish, American – will abuse the existence of personal data to take advantage of it. Ceglowski, who began thinking that the “surveillance capitalism” model was a bad idea in 2013, when Edward Snowden’s revelations about NSA intrusions and court-sanctioned access to data held by big tech firms became public, has become increasingly politically active in the past year. He’s organising meetings of technology workers, urging them to resist the inessential gathering of data; he has helped organise a petition telling tech chiefs such as Apple’s Tim Cook not to meet Trump. “I was frustrated that everyone fixated on the NSA, while meanwhile the apparatus of commercial surveillance was orders of magnitude bigger,” he says of his 2013 epiphany.
The big companies strongly resist any encroachment on their own monitoring of users. Governments have, so far, not forced the point. (Countries like Turkey prefer to block services such as Twitter rather than demand access to them, which is refused.) That makes the companies increasingly powerful – perhaps, over time, even more powerful than any government. When you search for sofas on one site, and then every other site you view shows you sofa ads, that is “surveillance capitalism” at work. You might be annoyed by it, but in the view of the tech giants, your only task is to be the passive receiver of the interaction between the site and the advertiser.
Aral Balkan, an online rights activist who has written software to block such online tracking, says: “If this is the fourth industrial revolution, as some call it, what are the raw materials if not us – people? What people don’t understand is that we are talking about something way more fundamental being at stake here: our personhood in the digital age.
“If you see technology as an extension of the self, then what is at stake is the integrity of our selves. Without that – without individual sovereignty – we’re looking at a new slavery. A slavery by proxy of digital copies of our selves, if you will. Data about a thing, if you have enough of it, starts approaching the thing itself. If I have enough data about a figurine, I can take a 3D printer and create a replica of it. What can I do if I have enough data about you?”
That point – what can you do with enough data about a person? – forms the basis for identity theft, of course: thieves collect just enough information to be able to pretend to be you to an organisation. In his short story The Unreconstructed M, the science fiction writer Philip K Dick imagined a world where the police could identify you based on nine individual pieces of data such as blood type, weight, shoe size, or hair variety; given enough evidence from a crime scene, they could say exactly who was there.
Dick, it turns out, was insufficiently ambitious. Facebook uses at least 16, and up to 98, personal data points about you in order to decide what adverts to show you. The precision can go as far as “How much money [you] are likely to spend on your next car” and “Where [you] are likely to buy your next car”. The 98th data point, as of last year, was whether you participate in a timeshare. Facebook collects data about your politics too – with the world split, in a technologist’s binary fashion, into “conservatives and liberals” (it’s data point 31).
What will the long-term effects of this sort of endless bifurcation be on how we understand society? We don’t yet know, just as we couldn’t foresee how the rise of Google and Facebook and Twitter would give rise to their peculiar effects on our knowledge economy. Government attempts to regulate how some app companies use encryption and what videos are available feel like tinkering around at the edges. The companies keep trying to pre-empt any formal moves: last Monday, the collective of Facebook, Microsoft, YouTube and Twitter announced the creation of a “global internet forum” to counter terrorism, which will work with governments and non-governmental organisations to create a self-regulating group “to identify how best to counter extremism and online hate”.
It might look like the response to Theresa May. But remember how oil companies didn’t like the suggestion that there should be limits on vehicle emissions, or that carbon use should be taxed. Technology companies are exactly the same. They really don’t like the idea that they should change. YouTube is never going to suggest that some videos, even from known terrorist organisations, should be vetted; that would be the thinnest end of a long wedge that governments around the world could drive into its business model. Nor will Facebook agree to anything that might reduce revenues.
But we, as citizens, are being affected by the rising sea of data being collected by these companies, and there doesn’t appear to be an easy way to opt out. Governments say they want “regulation” of the internet. But they’re looking at the wrong problems. The real problems are caused by the combination of human behaviour – with all its extremes – and the enabling engines of these giant firms. The global network is reshaping our social contract. The worry is that it might catch fire.
Is it time to regulate the net? Leading lights have their say
Martha Lane Fox
Crossbench peer and founder of doteveryone.org, which campaigns for a fairer internet
Now is the time to bring democratic standards to the internet – ones that let us own and articulate how our digital society should work.
Regulation does not have to be oppressive; done well, it can be a positive articulation of who we are and what we value. But to succeed, we’re going to need a much more nuanced conversation than we’ve had so far – one where both politicians and the tech industry work harder to understand each other and recognise their obligations.
That means no more kneejerk “enough is enough” policies from the political world, and no more wriggling out of tax bills or employee rights from tech. If we combine our civic society, legal, academic, business and technical expertise, we can set a standard for the world. But we need to act now, or else we’ll lose control of our digital destinies.
Author of Throwing Rocks at the Google Bus
Is it time to regulate the internet? Since when has the internet not been regulated? It’s simply regulated poorly, and more often by coders rather than lawyers. And that’s probably our own fault.
Back in the 1990s, we cyberpunks saw the law as the enemy. They had been arresting the best of us for “hacking” into things. Teenagers were thrown into jail in Operation Sun Devil. So we agreed with Electronic Frontier Foundation (EFF) co-founder John Perry Barlow when he established the net as a government-free zone in his Declaration of Independence of Cyberspace. What we didn’t realise was that pushing government off the net made it entirely safe for corporations, and a new form of digital capitalism was born.
Today, instead of receiving legal monopoly charters from the king, companies establish monopolies with code. They regulate who can do what by controlling the platforms on which we attempt to interact or exchange value. Selling on Amazon, promoting on Facebook or sharing data with Google are all regulated by the companies that own these platforms, and to their own advantage.
The question is not whether to regulate, but who or what should be doing it. In a distributed digital environment, regulations might best emerge through protocols and consensus of the people in the network. This could mean retrieving the mechanisms of the commons, forcibly repressed by government in the late Middle Ages, but due for a comeback. A commons is really just a set of regulations for a shared resource, but imposed by the people who actually use it. The network would itself be responsible for enforcement, and even punishment, of those who violate the agreements that have been established for its sustainability.
Of course, that could be a long way off, which is why the very first step is for people to recognise that regulations are already in place and already being enforced by the companies who currently rule the net. They don’t make these regulations explicit as law, but rather embed them in the platforms themselves. Once we become capable of recognising the way these limits are not pre-existing biases of technology but arbitrary choices of its developers, we will be better prepared to choose new ones.
Editor of Wired
It’s important to separate two elements; firstly, the infrastructure of the internet – meaning the connected networks based on standardised communication protocols – which should remain free to use and open to all. The ability for people to share knowledge across borders is unquestionably something that must be protected, as should net neutrality [the principle that all data should be treated in the same way].
The other question is to do with the power of a handful of large companies. It’s hard to argue that an organisation with an 88% market share (Google with search) or 77% of mobile social traffic (Facebook and ancillaries Whatsapp, Instagram and Messenger) aren’t monopolies.
Regulation could potentially have a public good – without stymying innovation – in two areas. Consumers need to be know what data is being held on them and how it’s being used, and tech companies – which pride themselves on solving hard problems – need to stop describing themselves as mere platforms and take greater responsibility for the content they distribute.
Oxford Internet Institute
Internet-based platforms now form the basis of our social environment. They make our democratic weather, and host vast interconnected seas of social interaction, sparkling rivers of entertainment and new mountains of commercial enterprise. But policy-makers pay unbelievably little attention to the protection of our internet-based environment, until some kind of disaster for which they rush to blame ‘the’ internet. ‘Enough is enough’ is even more meaningless as ‘Brexit means Brexit’. Any successful attempt to prevent extremist, abusive and hateful behavior online must be multifaceted, thoughtful and collaborative. It will involve ethical and legal frameworks to guide as well as mandate good behaviour; working with tech companies rather than making enemies of them; smarter policing of activities that are already illegal; and crowdsourcing safety, so that people and social enterprises play a role (remember the Manchester bomber’s behaviour had been reported to authorities several times and not followed up – that is not Google’s fault). Attempting to ban encryption would poison relations with (for example) Facebook while driving miscreants to far darker and harder-to-reach places, representing a massive act of environmental pollution.
Director of Liberty
In the wake of appalling terrorist attacks, it’s tempting to react hastily rather than effectively – and the internet is an easy target. But our online freedoms have not caused terrorism, and curbing them will do nothing to defeat it. The internet should be policed in the same way all public spaces are, with the rule of law ensuring criminals are prosecuted. Clearly, there are challenges of resources – but we have no shortfall in law.
And with the digital realm offering opportunities for free speech, free press, and free assembly, it’s vital our rights are upheld there. But the Investigatory Powers Act means every single person using the internet is being monitored in a way we’d find completely unacceptable offline, in a clear breach of our human rights. Like any free zone, the internet should be policed – but it should also be celebrated. What needs regulating is the surveillance state.
This article was amended on 2 July 2017 to correct a typo in Helen Margetts’ name.
guardian.co.uk © Guardian News & Media Limited 2010