Most industries are dominated by monopolies. How we enforce antitrust law explains far more than you might think.Photo courtesy of BP Miller.
My first monopoly was AT&T.
I lived on a commune until I was eight. We didn’t have toilets, but we did have phones. We didn’t own them. It was a commune, after all. But they were in our house and we got to use them.
When we reentered “normal” civilization, we still didn’t own our phones. AT&T did. This was 1984, the same year Congress broke them up. I was more confused than injured by their power. Capitalism was new to me. Every single thing in our house was ours, for the first time, except that one. We had to lease it from Ma Bell. Even weirder, the lines in our house were apparently not ours. (I mean. We were renters. But you get the idea.) We had to pay to attach other objects to ports in our own house.
This confounded me. “Some… outside company I’ve never heard of makes rules about what we have in our house?” Yes indeed.
Thankfully, it didn’t last. With five siblings, we needed but could not have paid for those extra phones.
My second monopoly was Microsoft.
They had complete dominance of desktop operating systems and software (the Office suite, plus Outlook/Exchange for email). I went to Reed College, so I exited school as a Mac user, in the middle of their dark days. In hopes of avoiding Windows I tried everything else: BeOS, Linux, Solaris, you name it. No matter how fast I ran, I was often stuck on Windows at work because, well, everyone was.
Microsoft abused its monopoly heavily and freely until being taken to court. Microsoft’s abusive behavior is usually discussed in terms of its effect on the web. But I’ll never forgive them for Outlook. It taught multiple generations of people to do email incorrectly. To this day, the average business user is incapable of having sophisticated discussions over email because Outlook trained them not to.
Ironically, Microsoft itself likely only exists because of Congressional antitrust action against IBM. The government eventually withdrew its case against Big Blue, but not before convincing it of the importance of leaving room for others.
The Paradox of Antitrust Choice
Kids coming up today are lucky. They have so many monopolies to choose from.
Of course, I don’t actually mean “choose”. You pretty much have to use all of them. Google for search, Facebook for social, Amazon for e-commerce and cloud infrastructure, and Apple for hardware and apps worth paying for.
Tech is absolutely rife with monopolies. (And monopolists.) But the industry itself is largely in denial about that. “We’re different!”
The last month has highlighted this. Congress has dragged the richest, most powerful tech founders and CEOs in to testify. More importantly, a Judiciary subcommittee has produced a huge report on concentration in the tech industry.
I’m going to focus on that last link, from Ben Thompson. He makes a throwaway comment:
consumer harm, which is the de facto standard for antitrust in the United States
The article itself is interesting and informative, as most of Ben’s writing is. But this small line shows that Ben is in a box that limits how he thinks about antitrust. And if he can’t see out, few others are likely to.
I think he should. I think you should. I think everyone should.
America doesn’t have a tech monopoly problem. We have a plain old monopoly problem.
Ben works hard to explain that the tech monopolies are natural because of what he calls Aggregation Theory. He implies this makes their monopolies more acceptable, even inevitable. He accepts there is abuse, but a very narrow definition of it. Even if his theory is sound (which I am not convinced of), it doesn’t explain the rest of the monopolies that plague us.
Something else does.
The “consumer welfare” standard is not the law
Ben is right that US antitrust law focuses on consumer welfare. That’s pretty much the work of one person: Robert Bork. His book, The Antitrust Paradox, successfully rewrote the history of American antitrust enforcement. Gone were concerns about competitive markets, or any discussions of the downsides of market power. Nope. If prices are low, it’s good. That’s it.
He didn’t get any new laws passed. He just convinced our country to enforce them differently.
Yes, consumer welfare is an important input in the laws themselves. But there’s far more to it, including a healthy focus on market power. Yet Bork managed to gut everything else with one book. (To be fair, there were a lot of rich and powerful people set who became even more so once he won.)
To be clear: The laws themselves have not changed. Only how we enforce them, within the government and the courts.
It is impossible to understand antitrust enforcement in our country without accepting this fact: We have strong antitrust laws and are choosing not to enforce them. They have been gutted by an extreme interpretation, and fifty years later, nearly every industry demonstrates the ruinous consequences.
Revisiting Consumer Welfare
Bork successfully reframed the downsides of market power, with a lot of help from the Chicago School of Law. But there have always been people fighting back.
Lena Khan produced the seminal work in this category, Amazon’s Antitrust Paradox. She lays bare how powerful Amazon is, and how useless consumer welfare is as a means of assessing monopoly abuse. Its impact has allowed her to carry the flag even further.
In particular, she was part of the team that ran that Judiciary subcommittee hearing, and produced the related report.
Yes, her argument - and thus at least partly, the argument made by Congress - is that Amazon and its peers have too much power, and they are abusing it to gain even more.
But more importantly, she’s arguing that you cannot have a conversation about market power without also talking about standards other than consumer welfare.
That’s what Ben Thompson (and Ben Evans) and all the other tech commentators need to understand.
The argument is not really whether one of these companies is a monopoly. It’s what standard we should use to assess their behavior.
Do we let Bork decide, and use a light hand and generally tolerate heavy concentration of power?
Or should we follow the original intent of the laws, focusing more on encouraging a competitive landscape and a market free from companies that are too big and too powerful?
The Tech Monopoly Minefield
Every tech founder I know builds their business around the reality of these monopolies. If you’re in e-commerce, your business is defined by the space Amazon leaves you. You don’t necessarily have to be on Amazon, but prepare to be attacked if you’re not. If you’re in social, you have to ensure Facebook doesn’t want your business. If you make apps, you can only make or sell them the way Apple lets you.
I expect most founders and investors don’t even realize how much we’ve given up on doing because of these monopolies (and all the smaller industry heavyweights, like Salesforce). We talk big about agile startups outwitting the big players, but… that only works if they can’t choke off your suppliers, outbid you for engineers, or take hundreds of millions in losses to destroy your company.
What could we build if we didn’t have to fear so many big players?
I’m still haunted by that AT&T phone we didn’t own.
I could not be happier that the government is finally revisiting our antitrust standards. And honestly, I’d rather they make mistakes in regulating the huge players than not regulate them all. We’ve seen what five decades of almost no action results in.
Like everyone, I love fast cheap shipping. But it’s not worth destroying independent retailers over. Honestly, I can’t stand using any of Facebook’s products, but maybe I could if they were stand-alone instead of part of a soulless corporation bent on domination.
I believe in the free market. But none of the markets I’m interested in are. They’re all dominated by players so large, so powerful, that our only choice is to work with or around them.
It’s long past time to get rid of the consumer welfare standard, and bring back to true antitrust enforcement.
Privacy expectations are changing. How will companies change with them?
Photo courtesy of Tobias Tullius
Change is coming to how tech companies handle privacy. Everyone is going to have to adjust, but new startups are caught in the middle: Be as useful as the companies built in the old world, while following the new rules.
Today’s dominant tech companies don’t care much about privacy. Many of their businesses couldn’t exist if people were careful with their data. Facebook only survives if people are willing to share widely and publicly. Google’s ad engines feed on reams of public data.
Privacy will matter far more to new companies. Google has taught companies the cost of sharing their data publicly. Consumers are slowly waking up to how pernicious Facebook’s data practices are. And the laws themselves are changing.
Regulation is already happening at the state level, and internationally. You might not want federal legislation, but state by state rules would strangle growth of new startups.
I know some say government can only create problems, not fix them. I am not so cynical. The creation of the EPA is a great example of government taking industry in hand and making the world better. I am eager for Congress to take privacy as seriously.
The Business of Privacy
But I’m not a legislator. I’m a builder. I’m more interested in understanding how people’s behavior will change, and what that means for the products I’m creating.
For some, the future of privacy is already here. DuckDuckGo is thriving (despite its silly name) on promises of providing great search without all the tracking. The Brave browser is growing for similar reasons.
But how big is this change? Will the average person in the next decade expect to retain privacy, demand companies respect their data? (I originally wrote “computer user” here instead of “person.” With the smartphone, there is no difference.)
Or will privacy concerns continue to be like security concerns have been for the past decade: the domain of the few, the nerds?
But it’s also a business question. What kinds of companies thrive in the current privacy framework? Will they thrive in ten years? What about a world with little privacy? Which companies might do better if people cared more about it?
It’s worth elaborating on what I mean by privacy. Google and Facebook have very different definitions, for example. Facebook’s business is built on promising as little privacy as possible, and delivering even less. They share your data with pretty much everyone. Google just uses your data internally. They don’t share your browsing history; they just use it to market ads.
There are far more companies out there like Google than Facebook. Everyone shouting “data is the new oil” is advocating for Google’s business model: Collect a ton of data and profit off of it. It might start as your customers’ data, but if you collect enough it, and tie it all together, it becomes your data.
By policy, these companies (usually) care more about privacy than Facebook does. They rarely sell or share your data. This is better. But privacy isn’t restricting data to only a few trillion-dollar companies. It’s sharing my data with people, not companies.
It’s instructive to look at one company offering less privacy today than in the past: Microsoft. In the old days, all of my documents sat on my computers. My email ran through servers run by corporate. Microsoft could never have gotten to any of them.
Now it’s all “on the cloud.” What does that mean? Microsoft has it. They might not be sharing it with others, but they’re certainly looking at it. Oh, maybe individuals aren’t. But their programs are.
This can be good. Usage data can help vendors improve their software.
But mostly, it’s bad. These promises of better software tend to be hollow. I don’t want better ads. I don’t want your algorithm picking what I see. And I certainly don’t want machine-learning recommendations based on a statistically average user.
People are beginning to see the downsides of handing all of their data to companies. They know that Facebook, Google, Microsoft, Apple, and Amazon have too much power. They are changing their privacy expectations. Not just the nerds, but average people.
But how much? How fast?
The Cloud Conundrum
Privacy in the modern era is a special quandary. The cloud is pretty great. No synchronization. No management. Easy sharing.
No one wants to give that up. Yet today, cloud usually brings severe privacy compromises.
Do I try to build without the cloud, enabling more privacy, and try to compete with what might be less functionality? Or do I build on the tools everyone else uses, where a lack of privacy means there’s little limit to what I do?
Is there a world where you get all of the benefits of centralization, of the cloud, of being online, but don’t have to sacrifice your privacy? Can you be in the cloud, but keep your own data instead of letting a company put it all into one bucket?
I think so. For many cases, I don’t even think it will be that hard. It will just require thinking differently. It will require new answers, maybe slightly harder ones. But not whole new forms of math or science. Something attainable and reasonable today.
As a founder and investor, there still might be big downsides. It might mean you can’t be the next Google. The next Facebook. Or even the next Salesforce.
It might be that a company is worth less if it does not exploit your data.
What if ethical, privacy-conscious companies stay small, and unethical privacy-destroying companies get to keep growing? There is precedent. Prior to the creation of the EPA, an industrial plant would be committing fiscal suicide to spend money reducing pollution.
I worry about this. I’d sure love to see better behaved companies get rewarded with growth. But that’s certainly not the world right now.
Of course, this is partially why we need new regulation. The rules need to change. There was a time when big business just dumped all of its waste in the local rivers. It was cheap. Why should they care if it killed people and ecosystems? Gotta protect shareholder value! But then the rules changed. Nixon (!) created the EPA, and now we take it for granted that industrial players are forced to protect the air and water at least a bit.
The rules will matter less if enough people change. If you stop buying from companies who abuse your data, they’ll stop doing it. If the next Facebook can’t be built off of your data, then someone will need to find a new way - and hopefully a better one! - to meet your needs.
But maybe those businesses won’t be quite as big. Or get there quite as fast.
Are you ok with that? Is that a reasonable trade off?
It is for me. Facebook didn’t make me a billionaire. I’m not at risk of some other data-centric company making me rich. I’m not investing in companies that collect and exploit your data.
But a lot of people are. A lot of our industry is built on the idea that access to this data is good. Many companies could work without it, but choose not to.
Take the smart home, for example. My smart thermostat is in my house with me, right next to my phone. On the same network. But how does my phone configure it? Not by talking directly! No. My phone contacts cloud services, which then contact my thermostat. Why? Partially because it’s easier. But mostly it’s about data.
There’s no chance Google would have bought Nest for $3.2B if that data weren’t available.
Maybe Nest would be a better company if it were more concerned with making better devices instead of extracting our data. But I don’t think Google would be as excited about that other company. Investors like the multiples that all that data gives them. And product people like what the data allows.
Like industrial effluent, this data is toxic. Dangerous. I’m afraid of what’s being done with what leaks out. I’m afraid of all of the bias. I’m afraid of businesses built on my lack of privacy, my lack of boundaries.
My Bet on Privacy
My new company assumes people will care more about privacy than they have. I expect I’m giving up some long-term potential by doing so. There are things we can’t do as a result. Things that our competitors might find easy to do.
But we’ll be able to make promises no one else can. And we’ll find new ways - hopefully better ones - to solve our customers’ most important problems.
Even writing this frightens me a bit.
I’d love to believe that promising privacy would make my company more valuable, make it easier to raise money. I know it will make it easier to hire people.
Some users will choose us specifically because of our privacy model. But how many? And will it be enough?
A single drink perfectly captures the weirdness of raising money for the first time.Photo courtesy of Dylan de Jonge
I found myself at a hotel with some friends. I was visiting Portland for a conference. Puppet’s first investment round – and mine! – was closing. The money was being deposited.
Have you seen a David Mamet movie, like The Spanish Prisoner? They’re fantastic. But eerie. Disquieting. They build up a story, brick by brick. Then they yank a few bricks away, exposing the whole story as a lie. Only a hollow truth remains, unrelated to your built up belief. It makes you question everything.
I’m waiting for the closing in this hotel, and I order a Macallan 18 to celebrate. This was back when it was only expensive, not egregious. I lift the glass, and I think:
The money is being deposited into my bank.
I think it’s a real bank.
I mean, they had, like, a website. And websites are pretty hard to… wait a minute.
Who introduced me to the bank?
The investors introduced me. They specifically wanted me to work with this bank. They’re the ones giving me the money. They wouldn’t say they’re giving me the money then give it to someone else. That’s a silly kind of fraud. I just have to trust them.
I sit there. Sipping my whiskey.
I think it’s a real bank.
I think I’m getting $2.25 million.
I had never seen a bank account with that many zeroes - and I still may not at that point! I have no idea what to do.
So I sit there. Savoring that delicious, delicious whiskey.
I didn’t mean to raise money. I was just focused on running the company. We had bootstrapped for almost four and a half years. I figured we were going it alone.
I had talked to people in the past about raising money. It was like Groucho Marx’s joke about clubs: I wouldn’t take money from the investors willing to give it to me. “Wow, I would love them as an investor,” you get nothing. Or, “I would happily give you money and ruin your life.” Hmm. Not really the deal I’m looking for.
One day at an event, an investor tracked me down. He said, I’d like to invest in your company. I said, That doesn’t sound right. A lot of investors say, We should talk. He said: We should talk on Monday. That specificity made all the difference.
He made a very confusing offer: We would like to write a $1.75 million check into a $2 million round. I said, how can you be that bad at math and work in finance. He said, Go find other, rich people that you know to give you the rest of the money. I said, you are, literally, the only rich person I know. He said, I just joined this firm. I am not rich. Then we’re stuck, I said.
I lived in Nashville at the time. There are a bunch of rich people there. But they’re all musicians. They don’t do technology. We most emphatically did not hang out. We weren’t going to fill this round through my network.
Eventually, by connecting me to their network of rich people, I was able to raise $2.25 million. Mostly through luck not skill. I didn’t build a deck. I didn’t run a formal process. I didn’t pitch multiple investors to get competitive term sheets. I pretty much did the exact opposite of the play book. The investor who filled out the round turned me down at first, but I heard his wife persuaded him. I don’t know if she liked me or was cursing him.
Once all of the investors are in place, you wait.
The things you learn in your first round.
Closing takes about thirty days. Five rounds later, I have no idea why. It takes thirty days, and it costs $30,000. One of the terms in the term sheet you get from your investors states that you pay for closing. “We’re going to give you this money, and then you’re going to give some of it to the lawyers.” Investors cap the fees, and the lawyers coincidentally hit that exact number every time.
I honestly don’t know what the lawyers do at closing. The documents are massively long, but they’re pretty much the same. At a late-stage company, I can understand: There is diligence to do (although not by the lawyers), financial data to look through (done by analysts, not lawyers), customers to talk to (by the investors, not the lawyers). At an early stage, though, there just isn’t much information. I don’t know what they do.
But it takes thirty days. And costs thirty grand. Says so on the term sheet.
So you wait.
But when that waiting stopped, boy howdy did things move.
The money did get deposited. It was a real bank after all.
Within a month I’d moved from Nashville to Portland. Within two months, I had my next three employees. And within six months I had a team of ten.
Raising money set us off like a rocket. Bootstrapping for more than four years provided a fantastic foundation for quick growth.
Looking back, I’m glad we raised money. I only wish we had done it earlier.
Remember those stories from a few decades ago, about how improvements in productivity and automation would mean that we’d only be working 5 hours a week by now? They seem as fanciful, and predictive, as The Jetsons.
It’s almost a punch-line now, because many actually work more hours today than back then. How could they have been so stupid?
Of course there is actually a lot baked into the fact that higher productivity has not reduced hours worked (nor, it turns out, has it raised wages for the bottom 50% of earners in the last three decades, quite contrary to the previous, oh, 200 years). But a big part of why that prediction seems so silly now is it included an implicit assumption: That the work we’d be doing today is pretty much the same as what we did then. You know, before computers.
And I don’t mean, they could not foresee how much time we’d waste on social media. Their primary mistake was not thinking about how we’d use the space created by greater productivity.
Induced demand. People who would not have driven with only two lanes, because of all the traffic, will now drive if there are four lanes. Trips you would not have taken because of the gas cost now become affordable and reasonable.
If your goal was to get more people driving, and maybe get the resulting increase in economic activity, then I suppose you got what you wanted. But if you were trying to reduce traffic - which is why most people say they want more freeways - then you’ve failed. If anything, you made it worse, because now twice the number of people are stuck in traffic. You didn’t reduce the problem, you just spread it around.
Demand is induced in many other areas. I grew up remodeling houses with my dad and got to see the impact of pneumatic nail guns and paint sprayers, which automated a huge chunk of how we’d spent our days. Of course, we didn’t use that newly free time to sit around, we changed our behavior: We did higher quality work, we finished jobs faster so got more done in a year, and we lowered prices.
I ran into this perception conflict all the time as I was building Puppet. I’d say I was building automation for the data center, and salespeople and execs would say, “Oh, so you can fire sysadmins!” I don’t know what they had against operations teams, but no, I would respond: I can give you a choice between reduced cost at the same service level (i.e., you fire people), or keep costs the same but increase service quality.
“Wait, that’s an option?!” Without higher level tools like Puppet, people had no idea how to increase service quality. Cost was their only dial, so they focused on that, even if it made no sense. Once I gave them other choices, of course they wanted better quality.
So where success in 1999 was shipping twice a year, and not going down, like, that often, now success is shipping multiple times a day and never appearing down to your customers. The standards have changed entirely, and that change was made possible mostly through automation. You can bet Netflix doesn’t become the new standard for infrastructure hotness using the bad old manual practices of the 90s.
You might say, no, people’s standards changed and that’s what motivated them to invest in automation, but you would be wrong. They always wanted higher quality. They always wanted better service. They just felt they had no choice but to accept the status quo, until we showed them other options.
I’m not saying automation never destroys jobs, never reduces the amount of work to be done in an area. But it’s by no means the default result.
The first impact of automation is to increase quality. I felt this myself, building houses. The main reason I’m no longer a carpenter is because of how incompetent I was at setting trim nails. You drive the nail most of the way into the wood1, then use a small punch to recess it. You cover that one little hole in spackle, and no one can tell. Unless you’re me. When I do it, I make a little sunflower, with a hole in the middle and holes all around in a circle, because I’m just that good at letting the punch head slide off the nail, into the wood. If we’d had the trim nailers that exist now, even I could have done a decent job. That kind of success might not have driven me out of the industry and into the welcoming arms of computers. I’m not a lot better typist, but the delete key does wonders for my self-confidence.
And let’s be honest about what we’re automating: It’s literally the most boring and least useful work we do. I wasn’t exactly high skilled labor, but I assure you there were more valuable things for me to do than try to set a nail while on my knees, bent over to the base molding. As a SysAdmin, yeah, my bosses thought my job was typing the same command 1000 times a day, but we can look back now and see that definition actually got in the way of the work, rather than being it. We had much more important stuff to do. Or at least, I did. Not sure about the bosses.
If we were all willing to drive cars from the 70s, while living in houses from the 70s (oh god the colors), using computers from the 70s (all three of them), watching channels from the 70s (all three of them), then yeah, maybe we could also work 5 hours a week.
But we all know what we’d do with the spare time: We’d make more work.
You’d do something silly, like write a book. And obviously, most of those books would be junk, but enough would be good that it would become someone’s job. And maybe the other writers didn’t actually have a knack for writing, but found they could be great at helping other writers. Oops, now you’re an editor, or a publisher. And now you’re working more than five hours a week again!
Or maybe you don’t want to be a writer, you just hate Avocado Green enough to do something different with your kitchen. Oops, now your friends want the same thing, and you’re an interior designer.
Or maybe you realize that the gas-guzzling death-traps we all drive in are insane, and you figure out some way to start bringing those sweet little rides over from Japan. You know, just to fill the time. Because you can only consume so much of your day watching three channels (and remember, no ESPN in this scenario).
You’re not the only one that’s bored. Everyone else has more time, and a need to fill it. They can spend the effort to become experts in watches, furniture, bicycles, hiking, boating, economics, philosophy, or any number of other areas. And we all know the main outcomes of expertise, beyond insufferable newsletters: Demand for more specialized stuff, or enough disgust at the lack of it that you’ll just do it your darn self.
Some number of us won’t do the work, but we still want more, because why else would I have read three books on horology? It only takes a few people to step in to fill that demand, and suddenly your time is taken up.
And of course, if you want to buy that fancy Patek Philippe to pass on to your kid, you probably need to work a few more hours than the minimum.
So now you know why we don’t work five hours a week, and hopefully you have a little more confidence that automation will generally be good, not bad. It’ll create more entrepreneurs, raise wages, increase quality, and reduce cost. Not every time, but most times.
It doesn’t explain why those prognosticators in the 70s were so silly, but, well, I bet it wasn’t the worst decision they made that decade.
16oz Estwing finish head with a curved claw, natch. ↩
Congress recently required Mark Zuckerberg to defend his lifelong practice of mistreating your private information. Movements to give you control of this critical data took the opportunity to claim they can prevent future such breaches. Blockchain is the new solution in search of a problem, and personal data is in the crosshairs.
But can the blockchain actually help secure your personal data? What would that take? And seriously, what do people mean when they say we should own our own data?
It sounds nice. Too bad it won’t help. The problem is not “ownership” (whatever that even means in a world of infinite digital copies). It’s centralization. Having one person’s data is a small threat, only to that individual. Having everyone’s data is a national crisis.
By now we’re familiar with the huge amounts that Facebook, Google, Amazon, and apparently everyone except Apple have on us. But how did they get it? Mostly, we gave it to them, through using their products. What we didn’t give to them, we gave to someone else who then passed it on.
There have been massive breaches at Equifax, Facebook1, and many others. Even the general public is becoming aware of the real causes. Some of the the largest companies in the world exist purely to collect your information and sell access to you based on it. They might not sell your data, but they definitely sell your attention using it.
These are the problems you know about. Don’t worry; it gets worse from here. If you think your birthdate and pictures of your kids are personal, what about your DNA?
Anne Wojcicki is married to a Google founder, and she liked their data accumulation so much she started her own company to build a huge pile of even more personal data. 23andMe does not scrape the internet - or your cheeks - to get your DNA; no, people pay for the privilege of giving it to them. Yes, they offer a service in return, but do they clean house after? Hah! No. They keep it. (Hopefully somewhat more safely than Equifax does.)
What’s so wrong about there being a database of DNA from a big chunk of the population? Let’s ask the police.
You might not be afraid of the police. You should consider yourself lucky. I know anyone of color in the US is and should be. I know I am; I grew up on a commune, and policed raided us using helicopters and assault rifles in hopes of busting us for cannabis. I don’t mean to imply that hippies have been as systematically oppressed as African Americans (and certainly not in the south); just that I grew up with my own justified skepticism of exactly what that force was here for.
Even if you don’t fear the police, you should fear the consequences of DNA testing. The science behind most parts of DNA are absolutely rock solid2. The police work is another matter. Beyond outright fraud used to wrongly convict people, the messy world of testing DNA at crime scenes just makes it hard to get correct results. Juries inappropriately treat a complicated test as foolproof. It could be compromised anywhere from the crime scene to police handling to the lab itself. The failure rate even without fraud is high enough that I would not want to trust my life to it.
Not to imply that DNA testing is worthless; quite the contrary. It has been used to exonerate many people who were incorrectly imprisoned and put on death row. It’s not that it always fails, just that you don’t want to finding yourself gambling on it against life in prison.
But remember: This is just for cases where someone has a single person’s DNA. Like having just your fingerprint. What happens when someone like 23andMe has a whole database of it?
“If you didn’t do anything wrong, then you have nothing to fear.” Pfft. Yes, it starts with requests for the DNA of individual suspects, but it escalates to doing a database-wide search for DNA that matches. And by ‘matches’, we don’t mean, “is 100% guaranteed”, we mean, “eh, it’s pretty close”. A DNA “match” directed the police to someone they thought was a relative of a suspect, who was then brought in for questioning. So I guess as long as you’ve never done anything wrong, and aren’t related to anyone ever doing anything wrong, you’re fine. Right?
I feel so much better.
I had investors literally laugh at the idea that collecting this data introduced security concerns. They grew up at Google, so it’s not surprising they could not see centralization as a problem. Just like Equifax started out wanting to make it easier to get loans, and now they’ve got so much power you can’t get one without them.
There is a world of difference between giving someone your data, and allowing someone to include your data in a massive pile of it. Any discussion of the risks of data needs to acknowledge that.
Now we see our discussions of owning your own data don’t quite have it right. What we actually want is decentralization of data. We don’t want a single company to have access to this much information about huge groups of people.
And now you see the problem.
New technology can’t break Facebook’s business model. It can’t prevent Google from scraping every web site on the internet and identifying you by connecting everything. Whether you give it to them or not, they’ll know what you look like, where you live, and who you hang out with.
Most importantly, it can’t prevent people from sharing all that data with these services. After all, they’re getting something valuable in return, like connecting with friends and family. Or figuring out their family tree.
The problem is not the centralization. It’s the effectiveness of a business model built on centralization.
So anyone who comes to you and says “The blockchain will allow you to own your own data!”, ask them in return, “How will you make it such a joy to use that Facebook will go bankrupt?” And please, record the conversation, because I want to see them stammer.
This is fundamentally a product and design problem, but the technofuturists are treating it like a technology problem. “Oh, if only those college students had access to better cryptographic tools they never would have shared that data with Facebook!” 🤯 No. People will stop using Facebook, and 23andMe, and Google, when there are better solutions. And unfortunately, they need to work ten times better, not just a little bit.
So talk to me about the blockchain. I really do want to hear how you’ll use it to help people own their own data, and remove the incentive to centralize all of this data.
But talk to me of products. Of user benefits. Of business models built around all of this.
Because people have to want what you’re selling, and the only way to get that is to build something they want to use. Only then will they be able to own their own data.