Interlinked clouds with data being uploaded and downloaded between them.

The need for adversarial tech-interoperability legislation

In the words of Cory Doctorow: “Interoperability is the act of making a new product or service work with an existing product or service”. The tech market has moved further and further away from interoperable standards in favor of vendor-lock-in or “silos” over the last decade.

I’ll discuss file hosting services to explain the problem with the lack of interoperable standards and argue for the need for legislation to ensure such interoperability.

Let’s look at this app-integration with commercial file hosting providers targeted at consumers as an example. The big players in this space are Microsoft OneDrive, Google Drive, Apple iCloud, and Dropbox. There are dozens of more actors in this space.

It’s common for all sorts of apps to integrate with one or more of these services to offer app-specific synchronization features. This is used to synchronize to-do lists, documents, and other app-specific data. A few large developers offer their own hosting services. However, many smaller app developers don’t want to take on the role of a file hosting provider. Instead, they build-in the option to synchronize using a third-party service.

These file hosting service providers all offer the same core service: file management, hosting, and synchronization. However, each one of them has different application programming interfaces (APIs) requiring custom code for an app to integrate with each one. The operations these APIs provide are mostly the same: upload, move, delete, list files, etc.

The service providers also require third-party developers to get an API access-token before their apps can interact with their services. These tokens that require the permissions of the service providers assert undue control over the market in ways that limit what their customers can do with their services.

The current state of things limits consumer choices and consolidates market power with a few big service providers. Supporting a new cloud storage provider adds development and testing complexity and cost, which is a limiting factor and a burden for third-party application developers.

You may have noticed that many of your favorite apps on PC and mobile only support one or maybe two cloud hosting providers. Hopefully, they support yours, or you’ll need to sign up for yet another cloud storage service.

In the late 1990s and early 2000s, tech companies and communities worked together on open and interoperable standards. The norm was to build programs and services around these standards.

One such standard was WebDAV. You may not have heard about it, but many services you’re likely using every day are built on it. It’s a standard protocol extension for HTTP for editing and revision-versioning remote files. You can think of it as a standard API for file hosting services that cover all the basic file management operations. It’s built on XML so service providers can innovate and expand on its core functionality.

WebDAV critically supports client configuration auto-discovery. this means the user would just need to type e.g. “yandex.com” into the app and the app can auto-configure itself and bring up the login screen for Yandex.Drive.

Every cloud storage provider could support this one standard interface and it would be a lot easier for apps to add cloud support. This would also make its storage service more valuable to its customers.

It would also benefit consumers who’d suddenly have a lot more apps work with their cloud storage provider of choice. They could migrate from one to another and just assume that all their apps will interoperate with their new provider.

Businesses, organizations, and enthusiasts could self-host their own Dropbox alternatives. There are at least 50 different but interoperable WebDAV servers available on GitHub alone. This would also make it much easier for a company to break into the market and compete with the established providers.

Open standards and protocols aren’t enough to ensure service interoperability, however. Service providers must actually implement and offer them to consumers. CalDAV and CardDAV — extensions of WebDAV — are the most common protocols used for synchronizing calendar and contact data.

Windows 10 has implemented the CalDAV and CardDAV standards but limits which providers get access to them. It presents customers with a list of service providers (all but one uses CalDAV and CardDAV) that customers can pick and choose from. You’re locked out of using calendar and contacts features unless your service provider is on the list.

This is another example of how a large service provider abuses its market position to pick and choose winners in the market. The large platforms grow ever larger and more capable, while the competition falls further and further behind. It also shows how the market has failed to deliver adversarial interoperability and limits consumer choice.

“[Adversarial interoperability is] when you create a new product or service that plugs into the existing ones without the permission of the companies that make them,” as Cory Doctorow so elegantly puts it.

So what could interoperability legislation look like? Legislation shouldn’t decree one specific protocol or standard — like WebDAV — for any given task. WebDAV is used as an example in this article but it may not be the right answer even for the use cases it solves. Legislating specific technologies would stifle all innovation.

Legislation should instead set requirements for services to be interoperable with other services operating in the same domain. E.g. email services should be compatible with other email services, messaging services should be compatible with other messaging services, etc.

Article 20: Right to data portability of the EU’s General Data Protection Regulation (GDPR), require customer data be made portable between services. The media has mostly focused on the privacy and data-export aspects of the GDPR. However, service providers are required to enable direct data-transfer from its platform to that of a competitor. The GDPR doesn’t state exactly how this is supposed to work but requires services to use a “structured, commonly used, and machine-readable format[s]”.

This means it’s an EU consumer-right to have Facebook transfer their Instagram photos directly into your Flickr or another photo hosting service. It’s not enough to just enable customers to export your photos and manually re-upload them to the competing service. It’s the service providers’ job to facilitate that data transfer.

The proposed “Augmenting Compatibility and Competition by Enabling Service Switching Act of 2019” (“ACCESS Act”) is a US attempt at introducing more interoperability in the market through legislation. It borrows some familiar language from the GDPR and requires that service providers must enable data transfer to competing services “in a structured, commonly used, and machine-readable format.”

The ACCESS Act goes farther than the GDPR’s data portability requirement and it has some good ideas on interoperability. However, it doesn’t go far enough. It’s limited to “communications services” with 100 million US customers that monetize by selling user data. It doesn’t apply to commercial services that charge consumers upfront. It should apply to more types of service providers regardless of how they earn money.

It’ll be interesting to see whether the US or EU will implement interoperability legislation in the coming years. In my opinion, it’s a better alternative to foster competition than to use anti-trust laws to break up the large tech companies. That may still prove to be necessary to reshape the marketplace in a way that allows for more competition, but should not be the first or only attempted fix.