Archives For China

The leading contribution to sound competition policy made by former Assistant U.S. Attorney General Makan Delrahim was his enunciation of the “New Madison Approach” to patent-antitrust enforcement—and, in particular, to the antitrust treatment of standard essential patent licensing (see, for example, here, here, and here). In short (citations omitted):

The New Madison Approach (“NMA”) advanced by former Assistant Attorney General for Antitrust Makan Delrahim is a simple analytical framework for understanding the interplay between patents and antitrust law arising out of standard setting. A key aspect of the NMA is its rejection of the application of antitrust law to the “hold-up” problem, whereby patent holders demand supposedly supra-competitive licensing fees to grant access to their patents that “read on” a standard – standard essential patents (“SEPs”). This scenario is associated with an SEP holder’s prior commitment to a standard setting organization (“SSO”), that is: if its patented technology is included in a proposed new standard, it will license its patents on fair, reasonable, and non-discriminatory (“FRAND”) terms. “Hold-up” is said to arise subsequently, when the SEP holder reneges on its FRAND commitment and demands that a technology implementer pay higher-than-FRAND licensing fees to access its SEPs.

The NMA has four basic premises that are aimed at ensuring that patent holders have adequate incentives to innovate and create welfare-enhancing new technologies, and that licensees have appropriate incentives to implement those technologies:

1. Hold-up is not an antitrust problem. Accordingly, an antitrust remedy is not the correct tool to resolve patent licensing disputes between SEP-holders and implementers of a standard.

2. SSOs should not allow collective actions by standard-implementers to disfavor patent holders in setting the terms of access to patents that cover a new standard.

3. A fundamental element of patent rights is the right to exclude. As such, SSOs and courts should be hesitant to restrict SEP holders’ right to exclude implementers from access to their patents, by, for example, seeking injunctions.

4. Unilateral and unconditional decisions not to license a patent should be per se legal.

Delrahim emphasizes that the threat of antitrust liability, specifically treble damages, distorts the incentives associated with good faith negotiations with SSOs over patent inclusion. Contract law, he goes on to note, is perfectly capable of providing an ex post solution to licensing disputes between SEP holders and implementers of a standard. Unlike antitrust law, a contract law framework allows all parties equal leverage in licensing negotiations.

As I have explained elsewhere, the NMA is best seen as a set of policies designed to spark dynamic economic growth:

[P]atented technology serves as a catalyst for the wealth-creating diffusion of innovation. This occurs through numerous commercialization methods; in the context of standardized technologies, the development of standards is a process of discovery. At each [SSO], the process of discussion and negotiation between engineers, businesspersons, and all other relevant stakeholders reveals the relative value of alternative technologies and tends to result in the best patents being integrated into a standard.

The NMA supports this process of discovery and implementation of the best patented technology born of the labors of the innovators who created it. As a result, the NMA ensures SEP valuations that allow SEP holders to obtain an appropriate return for the new economic surplus that results from the commercialization of standard-engendered innovations. It recognizes that dynamic economic growth is fostered through the incentivization of innovative activities backed by patents.

In sum, the NMA seeks to promote innovation by offering incentives for SEP-driven technological improvements. As such, it rejects as ill-founded prior Federal Trade Commission (FTC) litigation settlements and Obama-era U.S. Justice Department (DOJ) Antitrust Division policy statements that artificially favored implementor licensees’ interests over those of SEP licensors (see here).

In light of the NMA, DOJ cooperated with the U.S. Patent and Trademark Office and National Institute of Standards and Technology (NIST) in issuing a 2019 SEP Policy Statement clarifying that an SEP holder’s promise to license a patent on fair, reasonable, and non-discriminatory (FRAND) terms does not bar it from seeking any available remedy for patent infringement, including an injunction. This signaled that SEPs and non-SEP patents enjoy equivalent legal status.

DOJ also issued a 2020 supplement to its 2015 Institute of Electrical and Electronics Engineers (IEEE) business review letter. The 2015 letter had found no legal fault with revised IEEE standard-setting policies that implicitly favored implementers of standardized technology over SEP holders. The 2020 supplement characterized key elements of the 2015 letter as “outdated,” and noted that the anti-SEP bias of that document could “harm competition and chill innovation.”   

Furthermore, DOJ issued a July 2019 Statement of Interest before the 9th U.S. Circuit Court of Appeals in FTC v. Qualcomm, explaining that unilateral and unconditional decisions not to license a patent are legal under the antitrust laws. In October 2020, the 9th Circuit reversed a district court decision and rejected the FTC’s monopolization suit against Qualcomm. The circuit court, among other findings, held that Qualcomm had no antitrust duty to license its SEPs to competitors.

Regrettably, the Biden Administration appears to be close to rejecting the NMA and to reinstituting the anti-strong patents SEP-skeptical views of the Obama administration (see here and here). DOJ already has effectively repudiated the 2020 supplement to the 2015 IEEE letter and the 2019 SEP Policy Statement. Furthermore, written responses to Senate Judiciary Committee questions by assistant attorney general nominee Jonathan Kanter suggest support for renewed antitrust scrutiny of SEP licensing. These developments are highly problematic if one supports dynamic economic growth.

Conclusion

The NMA represents a pro-American, pro-growth innovation policy prescription. Its abandonment would reduce incentives to invest in patents and standard-setting activities, to the detriment of the U.S. economy. Such a development would be particularly unfortunate at a time when U.S. Supreme Court decisions have weakened American patent rights (see here); China is taking steps to strengthen Chinese patents and raise incentives to obtain Chinese patents (see here); and China is engaging in litigation to weaken key U.S. patents and undermine American technological leadership (see here).

The rejection of NMA would also be in tension with the logic of the 5th U.S. Circuit Court of Appeals’ 2021 HTC v. Ericsson decision, which held that the non-discrimination portion of the FRAND commitment required Ericsson to give HTC the same licensing terms as given to larger mobile-device manufacturers. Furthermore, recent important European court decisions are generally consistent with NMA principles (see here).

Given the importance of dynamic competition in an increasingly globalized world economy, Biden administration officials may wish to take a closer look at the economic arguments supporting the NMA before taking final action to condemn it. Among other things, the administration might take note that major U.S. digital platforms, which are the subject of multiple U.S. and foreign antitrust enforcement investigations, tend to firmly oppose strong patents rights. As one major innovation economist recently pointed out:

If policymakers and antitrust gurus are so concerned about stemming the rising power of Big Tech platforms, they should start by first stopping the relentless attack on IP. Without the IP system, only the big and powerful have the privilege to innovate[.]

ICLE at the Oxford Union

Sam Bowman —  13 July 2021

Earlier this year, the International Center for Law & Economics (ICLE) hosted a conference with the Oxford Union on the themes of innovation, competition, and economic growth with some of our favorite scholars. Though attendance at the event itself was reserved for Oxford Union members, videos from that day are now available for everyone to watch.

Charles Goodhart and Manoj Pradhan on demographics and growth

Charles Goodhart, of Goodhart’s Law fame, and Manoj Pradhan discussed the relationship between demographics and growth, and argued that an aging global population could mean higher inflation and interest rates sooner than many imagine.

Catherine Tucker on privacy and innovation — is there a trade-off?

Catherine Tucker of the Massachusetts Institute of Technology discussed the costs and benefits of privacy regulation with ICLE’s Sam Bowman, and considered whether we face a trade-off between privacy and innovation online and in the fight against COVID-19.

Don Rosenberg on the political and economic challenges facing a global tech company in 2021

Qualcomm’s General Counsel Don Rosenberg, formerly of Apple and IBM, discussed the political and economic challenges facing a global tech company in 2021, as well as dealing with China while working in one of the most strategically vital industries in the world.

David Teece on the dynamic capabilities framework

David Teece explained the dynamic capabilities framework, a way of understanding business strategy and behavior in an uncertain world.

Vernon Smith in conversation with Shruti Rajagopalan on what we still have to learn from Adam Smith

Nobel laureate Vernon Smith discussed the enduring insights of Adam Smith with the Mercatus Center’s Shruti Rajagopalan.

Samantha Hoffman, Robert Atkinson and Jennifer Huddleston on American and Chinese approaches to tech policy in the 2020s

The final panel, with the Information Technology and Innovation Foundation’s President Robert Atkinson, the Australian Strategic Policy Institute’s Samantha Hoffman, and the American Action Forum’s Jennifer Huddleston, discussed the role that tech policy in the U.S. and China plays in the geopolitics of the 2020s.

PHOTO: C-Span

Lina Khan’s appointment as chair of the Federal Trade Commission (FTC) is a remarkable accomplishment. At 32 years old, she is the youngest chair ever. Her longstanding criticisms of the Consumer Welfare Standard and alignment with the neo-Brandeisean school of thought make her appointment a significant achievement for proponents of those viewpoints. 

Her appointment also comes as House Democrats are preparing to mark up five bills designed to regulate Big Tech and, in the process, vastly expand the FTC’s powers. This expansion may combine with Khan’s appointment in ways that lawmakers considering the bills have not yet considered.

This is a critical time for the FTC. It has lost a number of high-profile lawsuits and is preparing to expand its rulemaking powers to regulate things like employment contracts and businesses’ use of data. Khan has also argued in favor of additional rulemaking powers around “unfair methods of competition.”

As things stand, the FTC under Khan’s leadership is likely to push for more extensive regulatory powers, akin to those held by the Federal Communications Commission (FCC). But these expansions would be trivial compared to what is proposed by many of the bills currently being prepared for a June 23 mark-up in the House Judiciary Committee. 

The flagship bill—Rep. David Cicilline’s (D-R.I.) American Innovation and Choice Online Act—is described as a platform “non-discrimination” bill. I have already discussed what the real-world effects of this bill would likely be. Briefly, it would restrict platforms’ ability to offer richer, more integrated services at all, since those integrations could be challenged as “discrimination” at the cost of would-be competitors’ offerings. Things like free shipping on Amazon Prime, pre-installed apps on iPhones, or even including links to Gmail and Google Calendar at the top of a Google Search page could be precluded under the bill’s terms; in each case, there is a potential competitor being undermined. 

In fact, the bill’s scope is so broad that some have argued that the FTC simply would not challenge “innocuous self-preferencing” like, say, Apple pre-installing Apple Music on iPhones. Economist Hal Singer has defended the proposals on the grounds that, “Due to limited resources, not all platform integration will be challenged.” 

But this shifts the focus to the FTC itself, and implies that it would have potentially enormous discretionary power under these proposals to enforce the law selectively. 

Companies found guilty of breaching the bill’s terms would be liable for civil penalties of up to 15 percent of annual U.S. revenue, a potentially significant sum. And though the Supreme Court recently ruled unanimously against the FTC’s powers to levy civil fines unilaterally—which the FTC opposed vociferously, and may get restored by other means—there are two scenarios through which it could end up getting extraordinarily extensive control over the platforms covered by the bill.

The first course is through selective enforcement. What Singer above describes as a positive—the fact that enforcers would just let “benign” violations of the law be—would mean that the FTC itself would have tremendous scope to choose which cases it brings, and might do so for idiosyncratic, politicized reasons.

This approach is common in countries with weak rule of law. Anti-corruption laws are frequently used to punish opponents of the regime in China, who probably are also corrupt, but are prosecuted because they have challenged the regime in some way. Hong Kong’s National Security law has also been used to target peaceful protestors and critical media thanks to its vague and overly broad drafting. 

Obviously, that’s far more sinister than what we’re talking about here. But these examples highlight how excessively broad laws applied at the enforcer’s discretion give broad powers to the enforcer to penalize defendants for other, unrelated things. Or, to quote Jay-Z: “Am I under arrest or should I guess some more? / ‘Well, you was doing 55 in a 54.’

The second path would be to use these powers as leverage to get broad consent decrees to govern the conduct of covered platforms. These occur when a lawsuit is settled, with the defendant company agreeing to change its business practices under supervision of the plaintiff agency (in this case, the FTC). The Cambridge Analytica lawsuit ended this way, with Facebook agreeing to change its data-sharing practices under the supervision of the FTC. 

This path would mean the FTC creating bespoke, open-ended regulation for each covered platform. Like the first path, this could create significant scope for discretionary decision-making by the FTC and potentially allow FTC officials to impose their own, non-economic goals on these firms. And it would require costly monitoring of each firm subject to bespoke regulation to ensure that no breaches of that regulation occurred.

Khan, as a critic of the Consumer Welfare Standard, believes that antitrust ought to be used to pursue non-economic objectives, including “the dispersion of political and economic control.” She, and the FTC under her, may wish to use this discretionary power to prosecute firms that she feels are hurting society for unrelated reasons, such as because of political stances they have (or have not) taken.

Khan’s fellow commissioner, Rebecca Kelly Slaughter, has argued that antitrust should be “antiracist”; that “as long as Black-owned businesses and Black consumers are systematically underrepresented and disadvantaged, we know our markets are not fair”; and that the FTC should consider using its existing rulemaking powers to address racist practices. These may be desirable goals, but their application would require contentious value judgements that lawmakers may not want the FTC to make.

Khan herself has been less explicit about the goals she has in mind, but has given some hints. In her essay “The Ideological Roots of America’s Market Power Problem”, Khan highlights approvingly former Associate Justice William O. Douglas’s account of:

“economic power as inextricably political. Power in industry is the power to steer outcomes. It grants outsized control to a few, subjecting the public to unaccountable private power—and thereby threatening democratic order. The account also offers a positive vision of how economic power should be organized (decentralized and dispersed), a recognition that forms of economic power are not inevitable and instead can be restructured.” [italics added]

Though I have focused on Cicilline’s flagship bill, others grant significant new powers to the FTC, as well. The data portability and interoperability bill doesn’t actually define what “data” is; it leaves it to the FTC to “define the term ‘data’ for the purpose of implementing and enforcing this Act.” And, as I’ve written elsewhere, data interoperability needs significant ongoing regulatory oversight to work at all, a responsibility that this bill also hands to the FTC. Even a move as apparently narrow as data portability will involve a significant expansion of the FTC’s powers and give it a greater role as an ongoing economic regulator.

It is concerning enough that this legislative package would prohibit conduct that is good for consumers, and that actually increases the competition faced by Big Tech firms. Congress should understand that it also gives extensive discretionary powers to an agency intent on using them to pursue broad, political goals. If Khan’s appointment as chair was a surprise, what her FTC does with the new powers given to her by Congress should not be.

Economist Josh Hendrickson asserts that the Jones Act is properly understood as a Coasean bargain. In this view, the law serves as a subsidy to the U.S. maritime industry through its restriction of waterborne domestic commerce to vessels that are constructed in U.S. shipyards, U.S.-flagged, and U.S.-crewed. Such protectionism, it is argued, provides the government with ready access to these assets, rather than taking precious time to build them up during times of conflict.

We are skeptical of this characterization.

Although there is an implicit bargain behind the Jones Act, its relationship to the work of Ronald Coase is unclear. Coase is best known for his theorem on the use of bargains and exchanges to reduce negative externalities. But the negative externality is that the Jones Act attempts to address is not apparent. While it may be more efficient or effective than the government building up its own shipbuilding, vessels, and crew in times of war, that’s rather different than addressing an externality. The Jones Act may reflect an implied exchange between the domestic maritime industry and government, but there does not appear to be anything particularly Coasean about it.

Rather, close scrutiny reveals this arrangement between government and industry to be a textbook example of policy failure and rent-seeking run amok. The Jones Act is not a bargain, but a rip-off, with costs and benefits completely out of balance.

The Jones Act and National Defense

For all of the talk of the Jones Act’s critical role in national security, its contributions underwhelm. Ships offer a case in point. In times of conflict, the U.S. military’s primary sources of transport are not Jones Act vessels but government-owned ships in the Military Sealift Command and Ready Reserve Force fleets. These are further supplemented by the 60 non-Jones Act U.S.-flag commercial ships enrolled in the Maritime Security Program, a subsidy arrangement by which ships are provided $5 million per year in exchange for the government’s right to use them in time of need.

In contrast, Jones Act ships are used only sparingly. That’s understandable, as removing these vessels from domestic trade would leave a void in the country’s transportation needs not easily filled.

The law’s contributions to domestic shipbuilding are similarly meager. if not outright counterproductive. A mere two to three large, oceangoing commercial ships are delivered by U.S. shipyards per year. That’s not per shipyard, but all U.S. shipyards combined.

Given the vastly uncompetitive state of domestic shipbuilding—a predictable consequence of handing the industry a captive domestic market via the Jones Act’s U.S.-built requirement—there is a little appetite for what these shipyards produce. As Hendrickson himself points out, the domestic build provision serves to “discourage shipbuilders from innovating and otherwise pursuing cost-saving production methods since American shipbuilders do not face international competition.” We could not agree more.

What keeps U.S. shipyards active and available to meet the military’s needs is not work for the Jones Act commercial fleet but rather government orders. A 2015 Maritime Administration report found that such business accounts for 70 percent of revenue for the shipbuilding and repair industry. A 2019 American Enterprise Institute study concluded that, among U.S. shipbuilders that construct both commercial and military ships, Jones Act vessels accounted for less than 5 percent of all shipbuilding orders.

If the Jones Act makes any contributions of note at all, it is mariners. Of those needed to crew surge sealift ships during times of war, the Jones Act fleet is estimated to account for 29 percent. But here the Jones Act also acts as a double-edged sword. By increasing the cost of ships to four to five times the world price, the law’s U.S.-built requirement results in a smaller fleet with fewer mariners employed than would otherwise be the case. That’s particularly noteworthy given government calculations that there is a deficit of roughly 1,800 mariners to crew its fleet in the event of a sustained sealift operation.

Beyond its ruinous impact on the competitiveness of domestic shipbuilding, the Jones Act has had other deleterious consequences for national security. The increased cost of waterborne transport, or its outright impossibility in the case of liquefied natural gas and propane, results in reduced self-reliance for critical energy supplies. This is a sufficiently significant issue that members of the National Security Council unsuccessfully sought a long-term Jones Act waiver in 2019. The law also means fewer redundancies and less flexibility in the country’s transportation system when responding to crises, both natural and manmade. Waivers of the Jones Act can be issued, but this highly politicized process eats up precious days when time is of the essence. All of these factors merit consideration in the overall national security calculus.

To review, the Jones Act’s opaque and implicit subsidy—doled out via protectionism—results in anemic and uncompetitive shipbuilding, few ships available in time of war, and fewer mariners than would otherwise be the case without its U.S.-built requirement. And it has other consequences for national security that are not only underwhelming but plainly negative. Little wonder that Hendrickson concedes it is unclear whether U.S. maritime policy—of which the Jones Act plays a foundational role—achieves its national security goals.

The toll exacted in exchange for the Jones Act’s limited benefits, meanwhile, is considerable. According to a 2019 OECD study, the law’s repeal would increase domestic value added by $19-$64 billion. Incredibly, that estimate may actually understate matters. Not included in this estimate are related costs such as environmental degradation, increased congestion and highway maintenance, and retaliation from U.S. trade partners during free-trade agreement negotiations due to U.S. unwillingness to liberalize the Jones Act.

Against such critiques, Hendrickson posits that substantial cost savings are illusory due to immigration and other U.S. laws. But how big a barrier such laws would pose is unclear. It’s worth considering, for example, that cruise ships with foreign crews are able to visit multiple U.S. ports so long as a foreign port is also included on the voyage. The granting of Jones Act waivers, meanwhile, has enabled foreign ships to transport cargo between U.S. ports in the past despite U.S. immigration laws.

Would Chinese-flagged and crewed barges be able to engage in purely domestic trade on the Mississippi River absent the Jones Act? Almost certainly not. But it seems perfectly plausible that foreign ships already sailing between U.S. ports as part of international voyages—a frequent occurrence—could engage in cabotage movements without hiring U.S. crews. Take, for example, APL’s Eagle Express X route that stops in Los Angeles, Honolulu, and Dutch Harbor as well as Asian ports. Without the Jones Act, it’s reasonable to believe that ships operating on this route could transport goods from Los Angeles to Honolulu before continuing on to foreign destinations.

But if the Jones Act fails to meet U.S. national security benefits while imposing substantial costs, how to explain its continued survival? Hendrickson avers that the law’s longevity reflects its utility. We believe, however, that the answer lies in the application of public choice theory. Simply put, the law’s costs are both opaque and dispersed across the vast expanse of the U.S. economy while its benefits are highly concentrated. The law’s de facto subsidy is also vastly oversupplied, given that the vast majority of vessels under its protection are smaller craft such as tugboats and barges with trivial value to the country’s sealift capability. This has spawned a lobby aggressively dedicated to the Jones Act’s preservation. Washington, D.C. is home to numerous industry groups and labor organizations that regard the law’s maintenance as critical, but not a single one that views its repeal as a top priority.

It’s instructive in this regard that all four senators from Alaska and Hawaii are strong Jones Act supporters despite their states being disproportionately burdened by the law. This seeming oddity is explained by these states also being disproportionately home to maritime interest groups that support the law. In contrast, Jones Act critics Sen. Mike Lee and the late Sen. John McCain both hailed from land-locked states home to few maritime interest groups.

Disagreements, but also Common Ground

For all of our differences with Hendrickson, however, there is substantial common ground. We are in shared agreement that the Jones Act is suboptimal policy, that its ability to achieve its goals is unclear, and that its U.S.-built requirement is particularly ripe for removal. Where our differences lie is mostly in the scale of gains to be realized from the law’s reform or repeal. As such, there is no reason to maintain the failed status quo. The Jones Act should be repealed and replaced with targeted, transparent, and explicit subsidies to meet the country’s sealift needs. Both the country’s economy and national security would be rewarded—richly so, in our opinion—from such policy change.

The European Commission this week published its proposed Artificial Intelligence Regulation, setting out new rules for  “artificial intelligence systems” used within the European Union. The regulation—the commission’s attempt to limit pernicious uses of AI without discouraging its adoption in beneficial cases—casts a wide net in defining AI to include essentially any software developed using machine learning. As a result, a host of software may fall under the regulation’s purview.

The regulation categorizes AIs by the kind and extent of risk they may pose to health, safety, and fundamental rights, with the overarching goal to:

  • Prohibit “unacceptable risk” AIs outright;
  • Place strict restrictions on “high-risk” AIs;
  • Place minor restrictions on “limited-risk” AIs;
  • Create voluntary “codes of conduct” for “minimal-risk” AIs;
  • Establish a regulatory sandbox regime for AI systems; 
  • Set up a European Artificial Intelligence Board to oversee regulatory implementation; and
  • Set fines for noncompliance at up to 30 million euros, or 6% of worldwide turnover, whichever is greater.

AIs That Are Prohibited Outright

The regulation prohibits AI that are used to exploit people’s vulnerabilities or that use subliminal techniques to distort behavior in a way likely to cause physical or psychological harm. Also prohibited are AIs used by public authorities to give people a trustworthiness score, if that score would then be used to treat a person unfavorably in a separate context or in a way that is disproportionate. The regulation also bans the use of “real-time” remote biometric identification (such as facial-recognition technology) in public spaces by law enforcement, with exceptions for specific and limited uses, such as searching for a missing child.

The first prohibition raises some interesting questions. The regulation says that an “exploited vulnerability” must relate to age or disability. In its announcement, the commission says this is targeted toward AIs such as toys that might induce a child to engage in dangerous behavior.

The ban on AIs using “subliminal techniques” is more opaque. The regulation doesn’t give a clear definition of what constitutes a “subliminal technique,” other than that it must be something “beyond a person’s consciousness.” Would this include TikTok’s algorithm, which imperceptibly adjusts the videos shown to the user to keep them engaged on the platform? The notion that this might cause harm is not fanciful, but it’s unclear whether the provision would be interpreted to be that expansive, whatever the commission’s intent might be. There is at least a risk that this provision would discourage innovative new uses of AI, causing businesses to err on the side of caution to avoid the huge penalties that breaking the rules would incur.

The prohibition on AIs used for social scoring is limited to public authorities. That leaves space for socially useful expansions of scoring systems, such as consumers using their Uber rating to show a record of previous good behavior to a potential Airbnb host. The ban is clearly oriented toward more expansive and dystopian uses of social credit systems, which some fear may be used to arbitrarily lock people out of society.

The ban on remote biometric identification AI is similarly limited to its use by law enforcement in public spaces. The limited exceptions (preventing an imminent terrorist attack, searching for a missing child, etc.) would be subject to judicial authorization except in cases of emergency, where ex-post authorization can be sought. The prohibition leaves room for private enterprises to innovate, but all non-prohibited uses of remote biometric identification would be subject to the requirements for high-risk AIs.

Restrictions on ‘High-Risk’ AIs

Some AI uses are not prohibited outright, but instead categorized as “high-risk” and subject to strict rules before they can be used or put to market. AI systems considered to be high-risk include those used for:

  • Safety components for certain types of products;
  • Remote biometric identification, except those uses that are banned outright;
  • Safety components in the management and operation of critical infrastructure, such as gas and electricity networks;
  • Dispatching emergency services;
  • Educational admissions and assessments;
  • Employment, workers management, and access to self-employment;
  • Evaluating credit-worthiness;
  • Assessing eligibility to receive social security benefits or services;
  • A range of law-enforcement purposes (e.g., detecting deepfakes or predicting the occurrence of criminal offenses);
  • Migration, asylum, and border-control management; and
  • Administration of justice.

While the commission considers these AIs to be those most likely to cause individual or social harm, it may not have appropriately balanced those perceived harms with the onerous regulatory burdens placed upon their use.

As Mikołaj Barczentewicz at the Surrey Law and Technology Hub has pointed out, the regulation would discourage even simple uses of logic or machine-learning systems in such settings as education or workplaces. This would mean that any workplace that develops machine-learning tools to enhance productivity—through, for example, monitoring or task allocation—would be subject to stringent requirements. These include requirements to have risk-management systems in place, to use only “high quality” datasets, and to allow human oversight of the AI, as well as other requirements around transparency and documentation.

The obligations would apply to any companies or government agencies that develop an AI (or for whom an AI is developed) with a view toward marketing it or putting it into service under their own name. The obligations could even attach to distributors, importers, users, or other third parties if they make a “substantial modification” to the high-risk AI, market it under their own name, or change its intended purpose—all of which could potentially discourage adaptive use.

Without going into unnecessary detail regarding each requirement, some are likely to have competition- and innovation-distorting effects that are worth discussing.

The rule that data used to train, validate, or test a high-risk AI has to be high quality (“relevant, representative, and free of errors”) assumes that perfect, error-free data sets exist, or can easily be detected. Not only is this not necessarily the case, but the requirement could impose an impossible standard on some activities. Given this high bar, high-risk AIs that use data of merely “good” quality could be precluded. It also would cut against the frontiers of research in artificial intelligence, where sometimes only small and lower-quality datasets are available to train AI. A predictable effect is that the rule would benefit large companies that are more likely to have access to large, high-quality datasets, while rules like the GDPR make it difficult for smaller companies to acquire that data.

High-risk AIs also must submit technical and user documentation that detail voluminous information about the AI system, including descriptions of the AI’s elements, its development, monitoring, functioning, and control. These must demonstrate the AI complies with all the requirements for high-risk AIs, in addition to documenting its characteristics, capabilities, and limitations. The requirement to produce vast amounts of information represents another potentially significant compliance cost that will be particularly felt by startups and other small and medium-sized enterprises (SMEs). This could further discourage AI adoption within the EU, as European enterprises already consider liability for potential damages and regulatory obstacles as impediments to AI adoption.

The requirement that the AI be subject to human oversight entails that the AI can be overseen and understood by a human being and that the AI can never override a human user. While it may be important that an AI used in, say, the criminal justice system must be understood by humans, this requirement could inhibit sophisticated uses beyond the reasoning of a human brain, such as how to safely operate a national electricity grid. Providers of high-risk AI systems also must establish a post-market monitoring system to evaluate continuous compliance with the regulation, representing another potentially significant ongoing cost for the use of high-risk AIs.

The regulation also places certain restrictions on “limited-risk” AIs, notably deepfakes and chatbots. Such AIs must be labeled to make a user aware they are looking at or listening to manipulated images, video, or audio. AIs must also be labeled to ensure humans are aware when they are speaking to an artificial intelligence, where this is not already obvious.

Taken together, these regulatory burdens may be greater than the benefits they generate, and could chill innovation and competition. The impact on smaller EU firms, which already are likely to struggle to compete with the American and Chinese tech giants, could prompt them to move outside the European jurisdiction altogether.

Regulatory Support for Innovation and Competition

To reduce the costs of these rules, the regulation also includes a new regulatory “sandbox” scheme. The sandboxes would putatively offer environments to develop and test AIs under the supervision of competent authorities, although exposure to liability would remain for harms caused to third parties and AIs would still have to comply with the requirements of the regulation.

SMEs and startups would have priority access to the regulatory sandboxes, although they must meet the same eligibility conditions as larger competitors. There would also be awareness-raising activities to help SMEs and startups to understand the rules; a “support channel” for SMEs within the national regulator; and adjusted fees for SMEs and startups to establish that their AIs conform with requirements.

These measures are intended to prevent the sort of chilling effect that was seen as a result of the GDPR, which led to a 17% increase in market concentration after it was introduced. But it’s unclear that they would accomplish this goal. (Notably, the GDPR contained similar provisions offering awareness-raising activities and derogations from specific duties for SMEs.) Firms operating in the “sandboxes” would still be exposed to liability, and the only significant difference to market conditions appears to be the “supervision” of competent authorities. It remains to be seen how this arrangement would sufficiently promote innovation as to overcome the burdens placed on AI by the significant new regulatory and compliance costs.

Governance and Enforcement

Each EU member state would be expected to appoint a “national competent authority” to implement and apply the regulation, as well as bodies to ensure high-risk systems conform with rules that require third party-assessments, such as remote biometric identification AIs.

The regulation establishes the European Artificial Intelligence Board to act as the union-wide regulatory body for AI. The board would be responsible for sharing best practices with member states, harmonizing practices among them, and issuing opinions on matters related to implementation.

As mentioned earlier, maximum penalties for marketing or using a prohibited AI (as well as for failing to use high-quality datasets) would be a steep 30 million euros or 6% of worldwide turnover, whichever is greater. Breaking other requirements for high-risk AIs carries maximum penalties of 20 million euros or 4% of worldwide turnover, while maximums of 10 million euros or 2% of worldwide turnover would be imposed for supplying incorrect, incomplete, or misleading information to the nationally appointed regulator.

Is the Commission Overplaying its Hand?

While the regulation only restricts AIs seen as creating risk to society, it defines that risk so broadly and vaguely that benign applications of AI may be included in its scope, intentionally or unintentionally. Moreover, the commission also proposes voluntary codes of conduct that would apply similar requirements to “minimal” risk AIs. These codes—optional for now—may signal the commission’s intent eventually to further broaden the regulation’s scope and application.

The commission clearly hopes it can rely on the “Brussels Effect” to steer the rest of the world toward tighter AI regulation, but it is also possible that other countries will seek to attract AI startups and investment by introducing less stringent regimes.

For the EU itself, more regulation must be balanced against the need to foster AI innovation. Without European tech giants of its own, the commission must be careful not to stifle the SMEs that form the backbone of the European market, particularly if global competitors are able to innovate more freely in the American or Chinese markets. If the commission has got the balance wrong, it may find that AI development simply goes elsewhere, with the EU fighting the battle for the future of AI with one hand tied behind its back.

In the wake of its departure from the European Union, the United Kingdom will have the opportunity to enter into new free trade agreements (FTAs) with its international trading partners that lower existing tariff and non-tariff barriers. Achieving major welfare-enhancing reductions in trade restrictions will not be easy. Trade negotiations pose significant political sensitivities, such as those arising from the high levels of protection historically granted certain industry sectors, particularly agriculture.

Nevertheless, the political economy of protectionism suggests that, given deepening globalization and the sudden change in U.K. trade relations wrought by Brexit, the outlook for substantial liberalization of U.K. trade has become much brighter. Below, I address some of the key challenges facing U.K. trade negotiators as they seek welfare-enhancing improvements in trade relations and offer a proposal to deal with novel trade distortions in the least protectionist manner.

Two New Challenges Affecting Trade Liberalization

In addition to traditional trade issues, such as tariff levels and industry sector-specific details, U.K, trade negotiators—indeed, trade negotiators from all nations—will have to confront two relatively new and major challenges that are creating several frictions.

First, behind-the-border anticompetitive market distortions (ACMDs) have largely replaced tariffs as the preferred means of protection in many areas. As I explained in a previous post on this site (citing an article by trade-law scholar Shanker Singham and me), existing trade and competition law have not been designed to address the ACMD problem:

[I]nternational trade agreements simply do not reach a variety of anticompetitive welfare-reducing government measures that create de facto trade barriers by favoring domestic interests over foreign competitors. Moreover, many of these restraints are not in place to discriminate against foreign entities, but rather exist to promote certain favored firms. We dub these restrictions “anticompetitive market distortions” or “ACMDs,” in that they involve government actions that empower certain private interests to obtain or retain artificial competitive advantages over their rivals, be they foreign or domestic. ACMDs are often a manifestation of cronyism, by which politically-connected enterprises successfully pressure government to shield them from effective competition, to the detriment of overall economic growth and welfare. …

As we emphasize in our article, existing international trade rules have been able to reach ACMDs, which include: (1) governmental restraints that distort markets and lessen competition; and (2) anticompetitive private arrangements that are backed by government actions, have substantial effects on trade outside the jurisdiction that imposes the restrictions, and are not readily susceptible to domestic competition law challenge. Among the most pernicious ACMDs are those that artificially alter the cost-base as between competing firms. Such cost changes will have large and immediate effects on market shares, and therefore on international trade flows.

Second, in recent years, the trade remit has expanded to include “nontraditional” issues such as labor, the environment, and now climate change. These concerns have generated support for novel tariffs that could help promote protectionism and harmful trade distortions. As explained in a recent article by the Special Trade Commission advisory group (former senior trade and antitrust officials who have provided independent policy advice to the U.K. government):

[The rise of nontraditional trade issues] has renewed calls for border tax adjustments or dual tariffs on an ex-ante basis. This is in sharp tension with the W[orld Trade Organization’s] long-standing principle of technological neutrality, and focus on outcomes as opposed to discriminating on the basis of the manner of production of the product. The problem is that it is too easy to hide protectionist impulses into concerns about the manner of production, and once a different tariff applies, it will be very difficult to remove. The result will be to significantly damage the liberalisation process itself leading to severe harm to the global economy at a critical time as we recover from Covid-19. The potentially damaging effects of ex ante tariffs will be visited most significantly in developing countries.

Dealing with New Trade Challenges in the Least Protectionist Manner

A broad approach to U.K. trade liberalization that also addresses the two new trade challenges is advanced in a March 2 report by the U.K. government’s Trade and Agricultural Commission (TAC, an independent advisory agency established in 2020). Although addressed primarily to agricultural trade, the TAC report enunciates principles applicable to U.K. trade policy in general, considering the impact of ACMDs and nontraditional issues. Key aspects of the TAC report are summarized in an article by Shanker Singham (the scholar who organized and convened the Special Trade Commission and who also served as a TAC commissioner):

The heart of the TAC report’s import policy contains an innovative proposal that attempts to simultaneously promote a trade liberalising agenda in agriculture, while at the same time protecting the UK’s high standards in food production and ensuring the UK fully complies with WTO rules on animal and plant health, as well as technical regulations that apply to food trade.

This proposal includes a mechanism to deal with some of the most difficult issues in agricultural trade which relate to animal welfare, environment and labour rules. The heart of this mechanism is the potential for the application of a tariff in cases where an aggrieved party can show that a trading partner is violating agreed standards in an FTA.

The result of the mechanism is a tariff based on the scale of the distortion which operates like a trade remedy. The mechanism can also be used offensively where a country is preventing market access by the UK as a result of the market distortion, or defensively where a distortion in a foreign market leads to excess exports from that market. …

[T]he tariff would be calibrated to the scale of the distortion and would apply only to the product category in which the distortion is occurring. The advantage of this over a more conventional trade remedy is that it is based on cost as opposed to price and is designed to remove the effects of the distorting activity. It would not be applied on a retaliatory basis in other unrelated sectors.

In exchange for this mechanism, the UK commits to trade liberalisation and, within a reasonable timeframe, zero tariffs and zero quotas. This in turn will make the UK’s advocacy of higher standards in international organisations much more credible, another core TAC proposal.

The TAC report also notes that behind the border barriers and anti-competitive market distortions (“ACMDs”) have the capacity to damage UK exports and therefore suggests a similar mechanism or set of disciplines could be used offensively. Certainly, where the ACMD is being used to protect a particular domestic industry, using the ACMD mechanism to apply a tariff for the exports of that industry would help, but this may not apply where the purpose is protective, and the industry does not export much.

I would argue that in this case, it would be important to ensure that UK FTAs include disciplines on these ACMDs which if breached could lead to dispute settlement and the potential for retaliatory tariffs for sectors in the UK’s FTA partner that do export. This is certainly normal WTO-sanctioned practice, and could be used here to encourage compliance. It is clear from the experience in dealing with countries that engage in ACMDs for trade or competition advantage that unless there are robust disciplines, mere hortatory language would accomplish little or nothing.

But this sort of mechanism with its concomitant commitment to freer trade has much wider potential application than just UK agricultural trade policy. It could also be used to solve a number of long standing trade disputes such as the US-China dispute, and indeed the most vexed questions in trade involving environment and climate change in ways that do not undermine the international trading system itself.

This is because the mechanism is based on an ex post tariff as opposed to an ex ante one which contains within it the potential for protectionism, and is prone to abuse. Because the tariff is actually calibrated to the cost advantage which is secured as a result of the violation of agreed international standards, it is much more likely that it will be simply limited to removing this cost advantage as opposed to becoming a punitive measure that curbs ordinary trade flows.

It is precisely this type of problem solving and innovative thinking that the international trading system needs as it faces a range of challenges that threaten liberalisation itself and the hard-won gains of the post war GATT/WTO system itself. The TAC report represents UK leadership that has been sought after since the decision to leave the EU. It has much to commend it.

Assessment and Conclusion

Even when administered by committed free traders, real-world trade liberalization is an exercise in welfare optimization, subject to constraints imposed by the actions of organized interest groups expressed through the political process. The rise of new coalitions (such as organizations committed to specified environmental goals, including limiting global warming) and the proliferation of ADMCs further complicates the trade negotiation calculus.

Fortunately, recognizing the “reform moment” created by Brexit, free trade-oriented experts (in particular, the TAC, supported by the Special Trade Commission) have recommended that the United Kingdom pursue a bold move toward zero tariffs and quotas. Narrow exceptions to this policy would involve after-the-fact tariffications to offset (1) the distortive effects of ACMDs and (2) derogation from rules embodying nontraditional concerns, such as environmental commitments. Such tariffications would be limited and cost-based, and, as such, welfare-superior to ex ante tariffs calibrated to price.

While the details need to be worked out, the general outlines of this approach represent a thoughtful and commendable market-oriented effort to secure substantial U.K. trade liberalization, subject to unavoidable constraints. More generally, one would hope that other jurisdictions (including the United States) take favorable note of this development as they generate their own trade negotiation policies. Stay tuned.

In the hands of a wise philosopher-king, the Sherman Act’s hard-to-define prohibitions of “restraints of trade” and “monopolization” are tools that will operate inevitably to advance the public interest in competitive markets. In the hands of real-world litigators, regulators and judges, those same words can operate to advance competitors’ private interests in securing commercial advantages through litigation that could not be secured through competition in the marketplace. If successful, this strategy may yield outcomes that run counter to antitrust law’s very purpose.

The antitrust lawsuit filed by Epic Games against Apple in August 2020, and Apple’s antitrust lawsuit against Qualcomm (settled in April 2019), suggest that antitrust law is heading in this unfortunate direction.

From rent-minimization to rent-maximization

The first step in converting antitrust law from an instrument to minimize rents to an instrument to maximize rents lies in expanding the statute’s field of application on the apparently uncontroversial grounds of advancing the public interest in “vigorous” enforcement. In surprisingly short order, this largely unbounded vision of antitrust’s proper scope has become the dominant fashion in policy discussions, at least as expressed by some legislators, regulators, and commentators.

Following the new conventional wisdom, antitrust law has pursued over the past decades an overly narrow path, consequently overlooking and exacerbating a panoply of social ills that extend well beyond the mission to “merely” protect the operation of the market pricing mechanism. This line of argument is typically coupled with the assertion that courts, regulators and scholars have been led down this path by incumbents that welcome the relaxed scrutiny of a purportedly deferential antitrust policy.

This argument, and related theory of regulatory capture, has things roughly backwards.

Placing antitrust law at the service of a largely undefined range of social purposes set by judicial and regulatory fiat threatens to render antitrust a tool that can be easily deployed to favor the private interests of competitors rather than the public interest in competition. Without the intellectual discipline imposed by the consumer welfare standard (and, outside of per se illegal restraints, operationalized through the evidentiary requirement of competitive harm), the rhetoric of antitrust provides excellent cover for efforts to re-engineer the rules of the game in lieu of seeking to win the game as it has been played.

Epic Games v. Apple

A nascent symptom of this expansive form of antitrust is provided by the much-publicized lawsuit brought by Epic Games, the maker of the wildly popular video game, Fortnite, against Apple, the operator of the even more wildly popular App Store. On August 13, 2020, Epic added a “direct” payment processing services option to its Fortnite game, which violated the developer terms of use that govern the App Store. In response, Apple exercised its contractual right to remove Fortnite from the App Store, triggering Fortnite’s antitrust suit. The same sequence has ensued between Epic Games and Google in connection with the Google Play Store. Both litigations are best understood as a breach of contract dispute cloaked in the guise of an antitrust cause of action.

In suggesting that a jury trial would be appropriate in Epic Games’ suit against Apple, the district court judge reportedly stated that the case is “on the frontier of antitrust law” and [i]t is important enough to understand what real people think.” That statement seems to suggest that this is a close case under antitrust law. I respectfully disagree. Based on currently available information and applicable law, Epic’s argument suffers from two serious vulnerabilities that would seem to be difficult for the plaintiff to overcome.

A contestably narrow market definition

Epic states three related claims: (1) Apple has a monopoly in the relevant market, defined as the App Store, (2) Apple maintains its monopoly by contractually precluding developers from distributing iOS-compatible versions of their apps outside the App Store, and (3) Apple maintains a related monopoly in the payment processing services market for the App Store by contractually requiring developers to use Apple’s processing service.

This market definition, and the associated chain of reasoning, is subject to significant doubt, both as a legal and factual matter.

Epic’s narrow definition of the relevant market as the App Store (rather than app distribution platforms generally) conveniently results in a 100% market share for Apple. Inconveniently, federal case law is generally reluctant to adopt single-brand market definitions. While the Supreme Court recognized in 1992 a single-brand market in Eastman Kodak Co. v. Image Technical Services, the case is widely considered to be an outlier in light of subsequent case law. As a federal district court observed in Spahr v. Leegin Creative Leather Products (E.D. Tenn. 2008): “Courts have consistently refused to consider one brand to be a relevant market of its own when the brand competes with other potential substitutes.”

The App Store would seem to fall into this typical category. The customer base of existing and new Fortnite users can still accessthe gamethrough multiple platforms and on multiple devices other than the iPhone, including a PC, laptop, game console, and non-Apple mobile devices. (While Google has also removed Fortnite from the Google Play store due to the added direct payment feature, users can, at some inconvenience, access the game manually on Android phones.)

Given these alternative distribution channels, it is at a minimum unclear whether Epic is foreclosed from reaching a substantial portion of its consumer base, which may already access the game on alternative platforms or could potentially do so at moderate incremental transaction costs. In the language of platform economics, it appears to be technologically and economically feasible for the target consumer base to “multi-home.” If multi-homing and related switching costs are low, even a 100% share of the App Store submarket would not translate into market power in the broader and potentially more economically relevant market for app distribution generally.

An implausible theory of platform lock-in

Even if it were conceded that the App Store is the relevant market, Epic’s claim is not especially persuasive, both as an economic and a legal matter. That is because there is no evidence that Apple is exploiting any such hypothetically attributed market power to increase the rents extracted from developers and indirectly impose deadweight losses on consumers.

In the classic scenario of platform lock-in, a three-step sequence is observed: (1) a new firm acquires a high market share in a race for platform dominance, (2) the platform winner is protected by network effects and switching costs, and (3) the entrenched platform “exploits” consumers by inflating prices (or imposing other adverse terms) to capture monopoly rents. This economic model is reflected in the case law on lock-in claims, which typically requires that the plaintiff identify an adverse change by the defendant in pricing or other terms after users were allegedly locked-in.

The history of the App Store does not conform to this model. Apple has always assessed a 30% fee and the same is true of every other leading distributor of games for the mobile and PC market, including Google Play Store, App Store’s rival in the mobile market, and Steam, the dominant distributor of video games in the PC market. This long-standing market practice suggests that the 30% fee is most likely motivated by an efficiency-driven business motivation, rather than seeking to entrench a monopoly position that Apple did not enjoy when the practice was first adopted. That is: even if Apple is deemed to be a “monopolist” for Section 2 purposes, it is not taking any “illegitimate” actions that could constitute monopolization or attempted monopolization.

The logic of the 70/30 split

Uncovering the business logic behind the 70/30 split in the app distribution market is not too difficult.

The 30% fee appears to be a low transaction-cost practice that enables the distributor to fund a variety of services, including app development tools, marketing support, and security and privacy protections, all of which are supplied at no separately priced fee and therefore do not require service-by-service negotiation and renegotiation. The same rationale credibly applies to the integrated payment processing services that Apple supplies for purposes of in-app purchases.

These services deliver significant value and would otherwise be difficult to replicate cost-effectively, protect the App Store’s valuable stock of brand capital (which yields positive spillovers for app developers on the site), and lower the costs of joining and participating in the App Store. Additionally, the 30% fee cross-subsidizes the delivery of these services to the approximately 80% of apps on the App Store that are ad-based and for which no fee is assessed, which in turn lowers entry costs and expands the number and variety of product options for platform users. These would all seem to be attractive outcomes from a competition policy perspective.

Epic’s objection

Epic would object to this line of argument by observing that it only charges a 12% fee to distribute other developers’ games on its own Epic Games Store.

Yet Epic’s lower fee is reportedly conditioned, at least in some cases, on the developer offering the game exclusively on the Epic Games Store for a certain period of time. Moreover, the services provided on the Epic Games Store may not be comparable to the extensive suite of services provided on the App Store and other leading distributors that follow the 30% standard. Additionally, the user base a developer can expect to access through the Epic Games Store is in all likelihood substantially smaller than the audience that can be reached through the App Store and other leading app and game distributors, which is then reflected in the higher fees charged by those platforms.

Hence, even the large fee differential may simply reflect the higher services and larger audiences available on the App Store, Google Play Store and other leading platforms, as compared to the Epic Games Store, rather than the unilateral extraction of market rents at developers’ and consumers’ expense.

Antitrust is about efficiency, not distribution

Epic says the standard 70/30 split between game publishers and app distributors is “excessive” while others argue that it is historically outdated.

Neither of these are credible antitrust arguments. Renegotiating the division of economic surplus between game suppliers and distributors is not the concern of antitrust law, which (as properly defined) should only take an interest if either (i) Apple is colluding on the 30% fee with other app distributors, or (ii) Apple is taking steps that preclude entry into the apps distribution market and lack any legitimate business justification. No one claims evidence for the former possibility and, without further evidence, the latter possibility is not especially compelling given the uniform use of the 70/30 split across the industry (which, as noted, can be derived from a related set of credible efficiency justifications). It is even less compelling in the face of evidence that output is rapidly accelerating, not declining, in the gaming app market: in the first half of 2020, approximately 24,500 new games were added to the App Store.

If this conclusion is right, then Epic’s lawsuit against Apple does not seem to have much to do with the public interest in preserving market competition.

But it clearly has much to do with the business interest of an input supplier in minimizing its distribution costs and maximizing its profit margin. That category includes not only Epic Games but Tencent, the world’s largest video game publisher and the holder of a 40% equity stake in Epic. Tencent also owns Riot Games (the publisher of “League of Legends”), an 84% stake in Supercell (the publisher of “Clash of Clans”), and a 5% stake in Activision Blizzard (the publisher of “Call of Duty”). It is unclear how an antitrust claim that, if successful, would simply redistribute economic value from leading game distributors to leading game developers has any necessary relevance to antitrust’s objective to promote consumer welfare.

The prequel: Apple v. Qualcomm

Ironically (and, as Dirk Auer has similarly observed), there is a symmetry between Epic’s claims against Apple and the claims previously pursued by Apple (and, concurrently, the Federal Trade Commission) against Qualcomm.

In that litigation, Apple contested the terms of the licensing arrangements under which Qualcomm made available its wireless communications patents to Apple (more precisely, Foxconn, Apple’s contract manufacturer), arguing that the terms were incompatible with Qualcomm’s commitment to “fair, reasonable and nondiscriminatory” (“FRAND”) licensing of its “standard-essential” patents (“SEPs”). Like Epic v. Apple, Apple v. Qualcomm was fundamentally a contract dispute, with the difference that Apple was in the position of a third-party beneficiary of the commitment that Qualcomm had made to the governing standard-setting organization. Like Epic, Apple sought to recharacterize this contractual dispute as an antitrust question, arguing that Qualcomm’s licensing practices constituted anticompetitive actions to “monopolize” the market for smartphone modem chipsets.

Theory meets evidence

The rhetoric used by Epic in its complaint echoes the rhetoric used by Apple in its briefs and other filings in the Qualcomm litigation. Apple (like the FTC) had argued that Qualcomm imposed a “tax” on competitors by requiring that any purchaser of Qualcomm’s chipsets concurrently enter into a license for Qualcomm’s SEP portfolio relating to 3G and 4G/LTE-enabled mobile communications devices.

Yet the history and performance of the mobile communications market simply did not track Apple’s (and the FTC’s continuing) characterization of Qualcomm’s licensing fee as a socially costly drag on market growth and, by implication, consumer welfare.

If this assertion had merit, then the decades-old wireless market should have exhibited a dismal history of increasing prices, slow user adoption and lagging innovation. In actuality, the wireless market since its inception has grown relentlessly, characterized by declining quality-adjusted prices, expanding output, relentless innovation, and rapid adoption across a broad range of income segments.

Given this compelling real-world evidence, the only remaining line of argument (still being pursued by the FTC) that could justify antitrust intervention is a theoretical conjecture that the wireless market might have grown even faster under some alternative IP licensing arrangement. This assertion rests precariously on the speculative assumption that any such arrangement would have induced the same or higher level of aggregate investment in innovation and commercialization activities. That fragile chain of “what if” arguments hardly seems a sound basis on which to rewrite the legal infrastructure behind the billions of dollars of licensing transactions that support the economically thriving smartphone market and the even larger ecosystem that has grown around it.

Antitrust litigation as business strategy

Given the absence of compelling evidence of competitive harm from Qualcomm’s allegedly anticompetitive licensing practices, Apple’s litigation would seem to be best interpreted as an economically rational attempt by a downstream producer to renegotiate a downward adjustment in the fees paid to an upstream supplier of critical technology inputs. (In fact, those are precisely the terms on which Qualcomm in 2015 settled the antitrust action brought against it by China’s competition regulator, to the obvious benefit of local device producers.) The Epic Games litigation is a mirror image fact pattern in which an upstream supplier of content inputs seeks to deploy antitrust law strategically for the purposes of minimizing the fees it pays to a leading downstream distributor.

Both litigations suffer from the same flaw. Private interests concerning the division of an existing economic value stream—a business question that is matter of indifference from an efficiency perspective—are erroneously (or, at least, reflexively) conflated with the public interest in preserving the free play of competitive forces that maximizes the size of the economic value stream.

Conclusion: Remaking the case for “narrow” antitrust

The Epic v. Apple and Apple v. Qualcomm disputes illustrate the unproductive rent-seeking outcomes to which antitrust law will inevitably be led if, as is being widely advocated, it is decoupled from its well-established foundation in promoting consumer welfare—and not competitor welfare.

Some proponents of a more expansive approach to antitrust enforcement are convinced that expanding the law’s scope of application will improve market efficiency by providing greater latitude for expert regulators and courts to reengineer market structures to the public benefit. Yet any substitution of top-down expert wisdom for the bottom-up trial-and-error process of market competition can easily yield “false positives” in which courts and regulators take actions that counterproductively intervene in markets that are already operating under reasonably competitive conditions. Additionally, an overly expansive approach toward the scope of antitrust law will induce private firms to shift resources toward securing advantages over competitors through lobbying and litigation, rather than seeking to win the race to deliver lower-cost and higher-quality products and services. Neither outcome promotes the public’s interest in a competitive marketplace.

The writing is on the wall for Big Tech: regulation is coming. At least, that is what the House Judiciary Committee’s report into competition in digital markets would like us to believe. 

The Subcommittee’s Majority members, led by Rhode Island’s Rep. David Cicilline, are calling for a complete overhaul of America’s antitrust and regulatory apparatus. This would notably entail a break up of America’s largest tech firms, by prohibiting them from operating digital platforms and competing on them at the same time. Unfortunately, the report ignores the tremendous costs that such proposals would impose upon consumers and companies alike. 

For several years now, there has been growing pushback against the perceived “unfairness” of America’s tech industry: of large tech platforms favoring their own products at the expense of entrepreneurs who use their platforms; of incumbents acquiring startups to quash competition; of platforms overcharging  companies like Epic Games, Spotify, and the media, just because they can; and of tech companies that spy on their users and use that data to sell them things they don’t need. 

But this portrayal of America’s tech industry obscures an inconvenient possibility: supposing that these perceived ills even occur, there is every chance that the House’s reforms would merely exacerbate the status quo. The House report gives short shrift to this eventuality, but it should not.

Over the last decade, the tech sector has been the crown jewel of America’s economy. And while firms like Amazon, Google, Facebook, and Apple, may have grown at a blistering pace, countless others have flourished in their wake.

Google and Apple’s app stores have given rise to a booming mobile software industry. Platforms like Youtube and Instagram have created new venues for advertisers and ushered in a new generation of entrepreneurs including influencers, podcasters, and marketing experts. Social media platforms like Facebook and Twitter have disintermediated the production of news media, allowing ever more people to share their ideas with the rest of the world (mostly for better, and sometimes for worse). Amazon has opened up new markets for thousands of retailers, some of which are now going public. The recent $3.4 billion Snowflake IPO may have been the biggest public offering of a tech firm no one has heard of.

The trillion dollar question is whether it is possible to regulate this thriving industry without stifling its unparalleled dynamism. If Rep. Cicilline’s House report is anything to go by, the answer is a resounding no.

Acquisition by a Big Tech firm is one way for startups to rapidly scale and reach a wider audience, while allowing early investors to make a quick exit. Self-preferencing can enable platforms to tailor their services to the needs and desires of users (Apple and Google’s pre-installed app suites are arguably what drive users to opt for their devices). Excluding bad apples from a platform is essential to gain users’ trust and build a strong reputation. Finally, in the online retail space, copying rival products via house brands provides consumers with competitively priced goods and helps new distributors enter the market. 

All of these practices would either be heavily scrutinized or outright banned under the Subcommittee ’s proposed reforms. Beyond its direct impact on the quality of online goods and services, this huge shift would threaten the climate of permissionless innovation that has arguably been key to Silicon Valley’s success. 

More fundamentally, these reforms would mostly protect certain privileged rivals at the expense of the wider industry. Take Apple’s App Store: Epic Games and others have complained about the 30% Commission charged by Apple for in-app purchases (as is standard throughout the industry). Yet, as things stand, roughly 80% of apps pay no commission at all. Tackling this 30% commission — for instance by allowing developers to bypass Apple’s in-app payment processing — would almost certainly result in larger fees for small developers. In short, regulation could significantly impede smaller firms.

Fortunately, there is another way. For decades, antitrust law — guided by the judge-made consumer welfare standard — has been the cornerstone of economic policy in the US. During that time, America built a tech industry that is the envy of the world. This should give pause to would-be reformers. There is a real chance overbearing regulation will permanently hamper America’s tech industry. With competition from China more intense than ever, it is a risk that the US cannot afford to take.

[TOTM: The following is part of a blog series by TOTM guests and authors on the law, economics, and policy of the ongoing COVID-19 pandemic. The entire series of posts is available here.

This post is authored by Julian Morris, (Director of Innovation Policy, ICLE).]

Governments are beginning to lift the lockdowns they imposed to slow the spread of COVID-19. That is a good thing. But simply lifting the restrictions won’t immediately take us back to normality. For that to happen requires a massive investment in mechanisms that will rebuild trust.

Prior to COVID-19, people implicitly trusted that travelling on public transit, working in an office, attending a ball game, or going to a shopping mall would not subject them to the risk of infection by a potentially deadly virus (or any other terrible eventuality). In the wake of the pandemic, this implicit trust is gone. Many people are afraid of COVID-19 and will require reassurance. While governments likely contributed significantly to the loss of trust, they are likely not in the best position to rebuild that trust. The onus is thus on businesses and civic organizations to provide reassurance and rebuild trust. This post outlines two ways businesses can contribute to this effort.

Lockdowns and the Trust Deficit

As the incidence of COVID-19 began to rise dramatically in March, governments across the world imposed “lockdowns.” These curfew-like arrangements have gone well beyond the limits on public gatherings and other “social distancing” strategies deployed during previous major pandemics such as the Spanish ‘flu of 1918-19. Indeed, they are among the most far-reaching restrictions ever imposed on human activity during peacetime. Hundreds of millions of people have been cooped up at home for nearly two months, allowed out only briefly each day for exercise or to buy groceries. Millions of those now at home have also lost their main source of income.

Governments are now finally beginning to remove some of the most severe of these restrictions, allowing more businesses to operate. As they do so, businesses are trying to figure out what the post-lockdown economy is going to look like: Will employees come back to work in offices? Will customers shop in stores, eat at restaurants, visit movie theatres, and use rideshares, taxis, planes, and public transit?

Many people are fearful about the consequences of going back to work. A recent IPSOS-MORI poll for the Washington Post found that 74 percent of American adults want policymakers to, “keep trying to slow the spread of the coronavirus, even if that means keeping many businesses closed,” while just 25 percent prefer to, “open up businesses and get the economy going again, even if that means more people would get the coronavirus.” Meanwhile, in a recent survey in the UK, the TUC union found that 40% of workers were worried about the prospects of returning to crowded workplaces.  

The loss of trust is likely in part be due to conditioning: for the past two months we have been told by all and sundry to avoid other people (except over Zoom). Governments likely contributed to this through their promotion of scary predictions that millions could die if people didn’t “stay home, stay safe.” Partly, however, it is a natural reaction to the perceived threat posed by COVID-19.

For the elderly and those with underlying conditions more likely to be adversely affected by COVID-19, such anxiety is understandable. But even many people less likely to become seriously ill or die from COVID-19 are worried. This is also not surprising: They may have heard horror stories of young, otherwise healthy people who ended up on a ventilator and either died or suffered permanent lung damage. Or perhaps they read about the mysterious effects COVID-19 can have on other organs, ranging from the intestines to the brain. Or they may have a more vulnerable person in our household and are worried about the possibility that we might infect them. Or, as I am sure is the case with many, they just don’t know—and this is their reaction to uncertainty (fueled, in part by the now-discredited predictions of doom).

Regardless of why a person fears COVID-19, the fact is that many do. And one thing common to all of them is a trust deficit. Given widespread uncertainty regarding who has the virus, how can one trust that the business one works, shops, or dines at provides a safe environment free of COVID-19? This even extends to friends and colleagues: how can one individual trust another individual they might encounter while at work or at play? And it applies also to the use of taxis and rideshares; how can riders and drivers trust one another?

It might be argued that since governments were in no small part responsible for generating the trust deficit, through their well-intentioned but probably misguided efforts to lock down the economy and constant exhortations to avoid all human contact, they should now be trying to do what they can to rebuild trust. Unfortunately, however, they may not be in a very good position to do that. While governments are quite good at scaring people (“I’m from the government and I’m here to help”), they are less good at providing reassurance (“I’m from the government and I’m here to help”), or even data. In other words, governments aren’t much good at engaging in the kinds of “costly signalling” necessary to build trust between individuals and businesses. As a result, much of the responsibility for rebuilding trust will fall on businesses and civic organizations.

Businesses can do several things that would likely reduce this trust deficit and allay the fears of employees and customers. First, they can establish, communicate, and implement clear standards for employees and customers regarding the practices to be adopted to reduce infection risk. Second, and relatedly, where employees are likely to be working in close quarters with one another or with customers or suppliers, they can adopt mechanisms to establish the COVID-19 status of those employees, suppliers and customers (somewhat along the lines of the system implemented by Taiwan in February and subsequently elaborated by Hal Singer in his post in this series here). 

The following sections briefly consider how such systems might work.

CV19 Standards

Companies that have not been locked down are already implementing processes to limit the exposure of employees to potentially infected customers, suppliers, and other employees. For example, many supermarkets require staff to use masks and/or protective screens and gloves. Some stores also require customers to wear masks, limit how many people can be in the store, and impose distancing rules. Some have even built seemingly permanent screens in front of check-out clerks and imposed seemingly permanent rules for in-store movement.  Other stores and restaurants are currently limiting service to take-out and delivery.

At present, the approaches taken by businesses vary considerably. There is nothing inherently wrong with this; indeed, it is a healthy part of a market process in which companies develop different solutions to the same problem and allow consumers to pick and choose the ones that work best for them. Consumers can be aided in this process by reading reviews and ratings provided by other consumers; that model has worked well for goods and services purchased online. As Paul Seabright has noted, these systems are designed to enable users to build trusting relationships with suppliers. Survey data suggest that consumers find such systems more trustworthy than government regulations.

But when consumers are not well placed to evaluate the most effective solution, for example because it is difficult to observe the effectiveness of the solution directly, it can be helpful for third parties to evaluate the various solutions and either rank them or set out voluntary pass-fail standards. COVID-19 is just such a case: individual consumers and employees are unlikely to be in a good position to evaluate the relative effectiveness of different processes and technologies designed to limit the transmission of SARS-CoV-2. As such, pass-fail standards developed and/or validated by credible, independent third parties are likely to be the most effective way to help rebuild trust.

Standards will vary depending on the type of establishment and activity. For some businesses, such as theatres, gyms, and mass transit systems, the standards will likely be more onerous than others. Plausibly, such establishments could reduce transmission through such things as: mandatory masks, mandatory use of antiviral hand sanitizer on entry, regular cleaning, the use of HEPA filters (which remove the droplets on which the virus is spread), and other technologies. But given the very close proximity of people in such systems, often for extended periods (half an hour or more), the risk of significant viral load being transferred from one person to another, even if wearing basic masks, remains.

For standards to be effective as a means of regaining the trust of employees, suppliers, and consumers, it is important that they are communicated effectively through marketing campaigns, likely including advertising and signage. Standards will also likely change over time as understanding of the way the virus is transmitted, technologies that can prevent transmission, and hence best practices improve. The need for such standards will also likely change over time and once the virus is no longer a major threat there should be no need for such standards. For these reasons, standards should be both voluntary and developed privately. However, governments can play a role in encouraging the adoption of such standards by legislating that organizations that are compliant with a recognized standard will not be liable if an infection occurs on their property or through the actions of their employees.

In addition to other practices designed to reduce transmission of the SARS-CoV-2 virus, some businesses have begun testing employees for the virus, to determine who is and who is not currently infected, so that infected individuals can be isolated until they are no longer infectious (employees who are required to isolate continue to receive their salary). Some businesses are also considering testing for antibodies to the virus, to determine who has had the virus and likely has some immunity. By doing such testing, businesses are probably reducing transmission both among employees and between employees and customers to a greater extent than by merely implementing technologies, hygiene and distancing rules. But the tests are not perfect and given the potential for infection outside work, it is possible that an employee who tests negative on one day could then become infected and be infective a few days later. While daily testing might be an option for some firms, it is unrealistic for most—and will not solve the trust problem for most individuals.

CV19 Status Verification

This brings us to the second major thing that business can do to reduce the trust gap: status verification. The idea here is to enable parties to ascertain one another’s current COVID-19 status without the need to resort to constant testing. One possible approach is to use a smartphone-based app that combines various pieces of information (time stamped virus tests and antibody tests, anonymized information about contacts with people who subsequently tested positive, and self-reported health-relevant data) to offer the most accurate and up-to-date status of an individual.

In principle, such a status app could be used by employers to minimize the likelihood that their staff have COVID (and to require those that may be infected to self-isolate and obtain a test). But their potential application is far wider:

·       Universities, churches, theatres, restaurants, bars, and events might utilize the status app not only for employees but also to determine who may participate and/or what forms of PPE they should utilize and/or where participants may congregate.

·       Airlines might utilize status apps to determine who might fly and where passengers should be seated.

·       Jurisdictions might utilize status apps as a means of facilitating more rapid immigration – and to enable those who most likely do not have COVID-19 to avoid most quarantine requirements.

·       Public transit systems might utilize status apps to determine who can use the system.

·       Taxis and ridesharing services, such as Uber and Lyft, might utilize data from the status app to help match riders and drivers.

·       Personal services facilitators such as Thumbtack might utilize the app to help match service providers and customers.

·       Hotels, AirBnB and vacation rental facilitators such as vrbo might use status apps for both hosts (and their employees and contractors) and guests in order to minimize infection risk during a visit.

·       Online dating and matchmaking services such as Match and Tinder might utilize status apps to help facilitate virus-compatible matches. (While SARS-CoV-2/COVID-19 is not really comparable to HIV/AIDS, it is noteworthy that sites already exist that seek to match people who are HIV positive.)

How a CV19 Status App might Work

A basic schema for a CV19 status app would be:

·       Red = Has COVID-19 (e.g. recently tested positive for virus)

·       Red-Amber = May have COVID-19 (e.g. recently tested negative for virus but either has COVID-19 related symptoms or has been in contact with someone who tested positive).

·       Amber = Is susceptible: Has not had COVID-19 and likely does not have COVID-19 (e.g. recently tested negative for COVID-19, has no COVID-19 symptoms, and has had no recent known contact with someone who tested positive).

·       Green = Has had COVID-19 and is now presumed to be immune (either tested positive for CV19 and then tested negative for CV19, or tested negative for CV19 and also tested positive for Antibodies) (See below regarding immunity concerns.)

This schema is shown in the decision tree below

There are numerous technical issues relating to the operation of an app designed to establish a person’s CV19 status that must be addressed for it to function effectively. First, it will be necessary to ensure that the person using the app is the person whose status is being asserted. It should be possible to address this by storing the information from tests, contacts with infected people, and self-reported symptoms on an immutable digital ledger and use biometric identification both to record and to share status information. (Storing the status information on a person’s phone in this way also avoids the risk of hacking that plagues centralized databases.)

Next there is the question of authenticating test data recorded by the app. Ideally, this would be done by having a trusted third party—such as a doctor, nurse, or pharmacist—verify the data. If that is not feasible—for example because the test was carried out at home—then some other mechanism will be required to ensure the data is input correctly, such as rewards for accurate self-reports and/or penalties for inaccurate self-reports. (Self-reported data could also be treated within the system as less reliable, or simply as tentative—requiring verified test data to be added within a specified period.)

Beyond these verification issues, there remain problems with the specificity and sensitivity of tests—implying a likelihood of both false positive and false negatives. Although there are now both PCR and antibody tests that achieve very high levels of accuracy, even small numbers of false negative PCR tests and false positive antibody tests would clearly create problems for the effective functioning of the status app system. To address these problems, it may be necessary to undertake secondary testing for some portion of the tests.

The more challenging problem is that of infection after tests are conducted. As noted above, this can in principle be mitigated—but not eliminated—by incorporating contact tracing and/or self-reporting of symptoms. Related to this is the possibility that having COVID-19 confers only limited immunity (as has been suggested in relation to some people who have seemingly become reinfected). This obviously poses problems for the notion of a “Green” status; if reinfection is possible, then Green clearly would not be a permanent designation and would require regular testing. The evidence remains ambiguous, with news of five US sailors who had COVID then tested negative twice subsequently having new symptoms and testing positive again; on the other hand, a recent study suggests that people who test positive after recovery do not have a live (infectious) version of the virus.

Contact tracing apps have been used successfully in several locations as part of a strategy for containing COVID-19. However, the only really successful implementations so far have been those in China, South Korea and Hong Kong, which had a mandatory component and were highly centralized. By contrast, apps that required voluntary uptake have generally been less successful.

One reason for the lack of success of voluntary contact tracing apps is heightened concern regarding privacy (for example, the app used in Hong Kong enables anyone to find the gender, age, and precise locations of every person in the city who currently has COVID-19). Of course it is worth repeating Jane Bambauer’s observation in an earlier post that “Objections to surveillance lose their moral and logical bearings when the alternatives are out-of-control disease or mass lockdowns. Compared to those, mass surveillance is the most liberty-preserving option.” But assuming imprisonment is not the only alternative, concerns over privacy are not necessarily unmoored from logic or ethics (pace Christine Wilson’s earlier post). And to address these concerns, several groups have developed privacy-protecting systems. For example, the TCN coalition developed a system that shares anonymized tokens with other nearby phones over Bluetooth Low Energy. That system has now been adopted by Google and Apple in an API that is being made available to government health authorities (but not to other private app developers).

Another reason voluntary contact tracing apps have not been successful is the lack of incentives to adopt them. The main benefit of a contact tracing app is that it notifies the user when they have been in close contact with someone who subsequently tested positive. Logically, the people most likely voluntarily to adopt a contact tracing app are those who are most risk averse. But those people would also presumably be taking strong measures to avoid contracting COVID-19, so they would be less likely to become infected. By contrast, the people most likely to become infected are those who are least risk averse. But those people are least likely to be motivated to use the contact tracing app. In other words, even if there is relatively wide uptake of the app (say, 40% of the population, as in Iceland), it is likely to miss many of the people most likely to be spreading COVID-19 and so would not actually be very useful as a means of identifying and containing clusters.

Tying the contact tracing app to a CV19 Status App potentially overcomes this incentive compatibility problem, since anyone who wants to engage in an activity that requires use of the app would automatically participate in the contact tracing system. It could thus be quite effective at identifying instances of transmission that occur during activities that require the app to be used, which would also presumably be activities that put users at higher risk.

Nonetheless, for the app to be useful as a means of identifying clusters of COVID-19, either a significant proportion of common activities would have to require use of the app (e.g. public transit, rideshares, gyms, and shopping malls) or it would have to be used by at least some proportion of those not required to use it for access to activities.  

Adding a symptom monitoring component can help in two ways. First, by offering users a way to self-assess for early symptoms of COVID-19, it encourages more people to download and use the app.  More important, symptom monitoring can help identify additional potential COVID-19 infections, both among the individuals reporting symptoms and among their contacts. Thus, the combination of test data, symptom data and contact tracing become the information determining a person’s current status in a manner that is more reliable than relying on any one datum.

It should be noted that even combining these data will not make the status app 100% accurate. Some people with COVID-19 will likely slip through as Green or Orange and others will likely inadvertently be infected as a result. But the number of such instances is likely to be small and certainly much lower than would be the case without the use of the app. Moreover, widespread use of the app should dramatically reduce the infection rate throughout the population, with benefits to all.     

Conclusions

Both CV19 standards and CV19 status verification offer potential means by which to address the trust deficit that has emerged in the context of the continuing COVID-19 pandemic. A company that adopts both solutions would likely dramatically reduce the chances of their employees, suppliers and customers contracting the virus on their premises. That would also likely reduce the company’s liability, which could be rewarded by insurance providers offering discounts. Indeed, one could envisage a greater role for insurance companies in designing or certifying the standards and the status app.

However, the real benefits of these systems come not from one or a few companies adopting them but from widespread adoption, which has the potential dramatically to reduce the transmission of the virus both now and in the future (should there be a second wave). This leads to something of a paradox: Governments could mandate adoption, but such an approach may be counterproductive for two reasons. First, much knowledge is dispersed and tacit, so it is generally better to allow private actors to determine which standards to adopt (lest an inferior standard be the subject of a mandate). Second, if companies are genuinely concerned to address the trust deficit, then they will be willing to invest in standards and to limit access though status apps — both of which entail costs. By contrast, if governments mandate the use of standards and apps, they would effectively prevent firms from engaging in such costly signalling, so would undermine at least part of the effectiveness of such tools as trust-generative.

In the wake of the launch of Facebook’s content oversight board, Republican Senator Josh Hawley and FCC Commissioner Brendan Carr, among others, have taken to Twitter to levy criticisms at the firm and, in the process, demonstrate just how far the Right has strayed from its first principles around free speech and private property. For his part, Commissioner Carr’s thread makes the case that the members of the board are highly partisan and mostly left-wing and can’t be trusted with the responsibility of oversight. While Senator Hawley took the approach that the Board’s very existence is just further evidence of the need to break Facebook up. 

Both Hawley and Carr have been lauded in rightwing circles, but in reality their positions contradict conservative notions of the free speech and private property protections given by the First Amendment.  

This blog post serves as a sequel to a post I wrote last year here at TOTM explaining how There’s nothing “conservative” about Trump’s views on free speech and the regulation of social media. As I wrote there:

I have noted in several places before that there is a conflict of visions when it comes to whether the First Amendment protects a negative or positive conception of free speech. For those unfamiliar with the distinction: it comes from philosopher Isaiah Berlin, who identified negative liberty as freedom from external interference, and positive liberty as freedom to do something, including having the power and resources necessary to do that thing. Discussions of the First Amendment’s protection of free speech often elide over this distinction.

With respect to speech, the negative conception of liberty recognizes that individual property owners can control what is said on their property, for example. To force property owners to allow speakers/speech on their property that they don’t desire would actually be a violation of their liberty — what the Supreme Court calls “compelled speech.” The First Amendment, consistent with this view, generally protects speech from government interference (with very few, narrow exceptions), while allowing private regulation of speech (again, with very few, narrow exceptions).

Commissioner Carr’s complaint and Senator Hawley’s antitrust approach of breaking up Facebook has much more in common with the views traditionally held by left-wing Democrats on the need for the government to regulate private actors in order to promote speech interests. Originalists and law & economics scholars, on the other hand, have consistently taken the opposite point of view that the First Amendment protects against government infringement of speech interests, including protecting the right to editorial discretion. While there is clearly a conflict of visions in First Amendment jurisprudence, the conservative (and, in my view, correct) point of view should not be jettisoned by Republicans to achieve short-term political gains.

The First Amendment restricts government action, not private action

The First Amendment, by its very text, only applies to government action: “Congress shall make no law . . . abridging the freedom of speech.” This applies to the “State[s]” through the Fourteenth Amendment. There is extreme difficulty in finding any textual hook to say the First Amendment protects against private action, like that of Facebook. 

Originalists have consistently agreed. Most recently, in Manhattan Community Access Corp. v. Halleck, Justice Kavanaugh—on behalf of the conservative bloc and the Court—wrote:

Ratified in 1791, the First Amendment provides in relevant part that “Congress shall make no law . . . abridging the freedom of speech.” Ratified in 1868, the Fourteenth Amendment makes the First Amendment’s Free Speech Clause applicable against the States: “No State shall make or enforce any law which shall abridge the privileges or immunities of citizens of the United States; nor shall any State deprive any person of life, liberty, or property, without due process of law . . . .” §1. The text and original meaning of those Amendments, as well as this Court’s longstanding precedents, establish that the Free Speech Clause prohibits only governmental abridgment of speech. The Free Speech Clause does not prohibit private abridgment of speech… In accord with the text and structure of the Constitution, this Court’s state-action doctrine distinguishes the government from individuals and private entities. By enforcing that constitutional boundary between the governmental and the private, the state-action doctrine protects a robust sphere of individual liberty. (Emphasis added).

This was true at the adoption of the First Amendment and remains true today in a high-tech world. Federal district courts have consistently dismissed First Amendment lawsuits against Facebook on the grounds there is no state action. 

For instance, in Nyawba v. Facebook, the plaintiff initiated a civil rights lawsuit against Facebook for restricting his use of the platform. The U.S. District Court for the Southern District of Texas dismissed the case, noting 

Because the First Amendment governs only governmental restrictions on speech, Nyabwa has not stated a cause of action against FaceBook… Like his free speech claims, Nyabwa’s claims for violation of his right of association and violation of his due process rights are claims that may be vindicated against governmental actors pursuant to § 1983, but not a private entity such as FaceBook.

Similarly, in Young v. Facebook, the U.S. District Court for the Northern District of California rejected a claim that Facebook violated the First Amendment by deactivating the plaintiff’s Facebook page. The court declined to subject Facebook to the First Amendment analysis, stating that “because Young has not alleged any action under color of state law, she fails to state a claim under § 1983.”

The First Amendment restricts antitrust actions against Facebook, not Facebook’s editorial discretion over its platform

Far from restricting Facebook, the First Amendment actually restricts government actions aimed at platforms like Facebook when they engage in editorial discretion by moderating content. If an antitrust plaintiff was to act on the impulse to “break up” Facebook because of alleged political bias in its editorial discretion, the lawsuit would be running headlong into the First Amendment’s protections.

There is no basis for concluding online platforms do not have editorial discretion under the law. In fact, the position of Facebook here is very similar to the newspaper in Miami Herald Publishing Co. v. Tornillo, in which the Supreme Court considered a state law giving candidates for public office a right to reply in newspapers to editorials written about them. The Florida Supreme Court upheld the statute, finding it furthered the “broad societal interest in the free flow of information to the public.” The U.S. Supreme Court, despite noting the level of concentration in the newspaper industry, nonetheless reversed. The Court explicitly found the newspaper had a First Amendment right to editorial discretion:

The choice of material to go into a newspaper, and the decisions made as to limitations on the size and content of the paper, and treatment of public issues and public officials — whether fair or unfair — constitute the exercise of editorial control and judgment. It has yet to be demonstrated how governmental regulation of this crucial process can be exercised consistent with First Amendment guarantees of a free press as they have evolved to this time. 

Online platforms have the same First Amendment protections for editorial discretion. For instance, in both Search King v. Google and Langdon v. Google, two different federal district courts ruled Google’s search results are subject to First Amendment protections, both citing Tornillo

In Zhang v. Baidu.com, another district court went so far as to grant a Chinese search engine the right to editorial discretion in limiting access to democracy movements in China. The court found that the search engine “inevitably make[s] editorial judgments about what information (or kinds of information) to include in the results and how and where to display that information.” Much like the search engine in Zhang, Facebook is clearly making editorial judgments about what information shows up in newsfeed and where to display it. 

None of this changes because the generally applicable law is antitrust rather than some other form of regulation. For instance, in Tornillo, the Supreme Court took pains to distinguish the case from an earlier antitrust case against newspapers, Associated Press v. United States, which found that there was no broad exemption from antitrust under the First Amendment.

The Court foresaw the problems relating to government-enforced access as early as its decision in Associated Press v. United States, supra. There it carefully contrasted the private “compulsion to print” called for by the Association’s bylaws with the provisions of the District Court decree against appellants which “does not compel AP or its members to permit publication of anything which their `reason’ tells them should not be published.”

In other words, the Tornillo and Associated Press establish the government may not compel speech through regulation, including an antitrust remedy. 

Once it is conceded that there is a speech interest here, the government must justify the use of antitrust law to compel Facebook to display the speech of users in the newsfeeds of others under the strict scrutiny test of the First Amendment. In other words, the use of antitrust law must be narrowly tailored to a compelling government interest. Even taking for granted that there may be a compelling government interest in facilitating a free and open platform (which is by no means certain), it is clear that this would not be narrowly tailored action. 

First, “breaking up” Facebook is clearly overbroad as compared to the goal of promoting free speech on the platform. There is no need to break it up just because it has an Oversight Board that engages in editorial responsibilities. There are many less restrictive means, including market competition, which has greatly expanded consumer choice for communications and connections. Second, antitrust does not even really have a remedy for free speech issues complained of here, as it would require courts to engage in long-term oversight and engage in compelled speech foreclosed by Associated Press

Note that this makes good sense from a law & economics perspective. Platforms like Facebook should be free to regulate the speech on their platforms as they see fit and consumers are free to decide which platforms they wish to use based upon that information. While there are certainly network effects to social media, the plethora of options currently available with low switching costs suggests that there is no basis for antitrust action against Facebook because consumers are unable to speak. In other words, the least restrictive means test of the First Amendment is best fulfilled by market competition in this case.

If there were a basis for antitrust intervention against Facebook, either through merger review or as a standalone monopoly claim, the underlying issue would be harm to competition. While this would have implications for speech concerns (which may be incorporated into an analysis through quality-adjusted price), it is inconceivable how an antitrust remedy could be formed on speech issues consistent with the First Amendment. 

Conclusion

Despite now well-worn complaints by so-called conservatives in and out of the government about the baneful influence of Facebook and other Big Tech companies, the First Amendment forecloses government actions to violate the editorial discretion of these companies. Even if Commissioner Carr is right, this latest call for antitrust enforcement against Facebook by Senator Hawley should be rejected for principled conservative reasons.

[TOTM: The following is part of a blog series by TOTM guests and authors on the law, economics, and policy of the ongoing COVID-19 pandemic. The entire series of posts is available here.

This post is authored by Eline Chivot, (Senior Policy Analyst, Center for Data Innovation, Information Technology and Innovation Foundation.).]

As the COVID-19 outbreak led to the shutdown of many stores, e-commerce and brick-and-mortar shops have been stepping up efforts to facilitate online deliveries while ensuring their workers’ safety. Without online retail, lockdown conditions would have been less tolerable, and confinement measures less sustainable. Yet a recent French court’s ruling on Amazon seems to be a justification for making life more difficult for some of these businesses and more inconvenient for people by limiting consumer choice. But in a context that calls for as much support to economic activity and consumer welfare as possible, that makes little sense. In fact, the court’s decision is symptomatic of how countries use industrial policy to treat certain companies with double standards.

On April 24, Amazon lost its appeal of a French court order requiring the platform to stop delivering “non-essential items” until it evaluates workers’ risk of coronavirus exposure in its six French warehouses. The online retailer is now facing penalties of about 100,000 euros (about $110,000) per delivery, and was given 48 hours to reduce its warehouse activities and operations. 

But the complexity of logistics would make it difficult to adjust and limit deliveries to just “essential items.” Given the novelty of the situation, there were no official, precise, and pre-determined lists in place, nor was there clarity about who gets to decide, nor was there a common understanding of what customers would consider essential services or goods. As a result, Amazon temporarily closed its six French distribution centers, and is now shipping to its French customers from its warehouses in other European countries. If France wants to apply such measure for worker safety in this time of crisis, that’s clearly its right. But the requirement should apply to all online retailers equally, not just to the American company Amazon.

The court’s decision was made on the grounds that Amazon had not implemented sufficient safety measures for its workers. The turnaround last week of trade unions (who had initiated the complaints against Amazon and called for the shutdown of its facilities) and their proposition to “gradually” resume operations speak volume. Like many other companies, Amazon had  invested in additional safety measures for its employees during the crisis, distributed masks and gloves to its workers, had taken their temperatures before their shifts, had built testing capacity, and proactively decided to prioritize the delivery of essential goods. Like many other companies, Amazon had to rapidly cope with unprecedented circumstances it wasn’t prepared to handle, while having to juggle a surge in online orders during lockdowns and make do with some governments’ unclear guidance regarding safety measures.

But France has long prioritized worker welfare over broad economic welfare—which includes worker welfare, but also consumer welfare and economic growth. Yet, in this case, that prioritization seems to only apply to Amazon. French retailers like Fnac, Cdiscount, Spartoo, and La Redoute did not face the same degree of judicial scrutiny despite similar complaints about distribution centers. Nor did they have to restrict their deliveries to “essential goods.” But in France, it seems, what is good for French geese isn’t good for U.S. ganders. In fact, the real issue appears to be the French application of industrial policy.  According to a union representative of Fnac, this is about “preventing Amazon from gaining market share over French retailers during lockdown,” so that the latter can reap the benefits. Using the crisis as an excuse to restructure the French retail sector is certainly one creative application of industrial policy.

Moreover, by applying these restrictions (either just to Amazon or across all retailers who engage in e-commerce), the French government is deepening the economic crisis. The restrictions it has imposed on Amazon are likely to accentuate the losses many French small- and medium-sized companies are already facing because of the COVID-19 crisis, while also having longer-term negative consequences for its logistics network in France. Many such firms rely on Amazon’s platform to sell, ship, and develop their business, and now have to turn to more expensive delivery services. In addition, the reduction in activity by its distribution centers could force Amazon to furlough many of its 9,300 French workers.

According to the unions, Amazon’s activity is judged “nonessential to the life of the country.” Never mind that Amazon partners with French retailers like Casino and is rescuing brands like Deliveroo during the crisis. In addition, online companies like Amazon, HelloFresh and Instacart hired more workers to manage growing demands during the crisis, while others had to furlough or layoff their staff. Beyond, French brands will need economically robust allies like Amazon to compete with Chinese state-backed giants like Alibaba that are expanding their footprint in European markets, and that have come under fire for dubious workplace practices.  

Finally, the French court’s decision is an inconvenience to the 22.2 million people in France who order via Amazon, depend on efficient home deliveries to cope with strict confinement measures, and are now being told what is essential or not. With Amazon relying on other European warehouses for deliveries and being forced to limit them to items such as IT products, health and nutrition items, food, and pet food, consumers will be faced with delayed deliveries and reduced access to product variety. The court’s decision also hurts many French merchants who use Amazon for warehousing and fulfillment, as they are effectively locked out of accessing their stock. 

Non-discrimination is, or least should be, a core principle of rule-of-law nations. It appears that, at least in this case, France does not think it should apply to non-French firms.

[TOTM: The following is part of a blog series by TOTM guests and authors on the law, economics, and policy of the ongoing COVID-19 pandemic. The entire series of posts is available here.

This post is authored by Christine S. Wilson (Commissioner of the U.S. Federal Trade Commission).[1] The views expressed here are the author’s and do not necessarily reflect those of the Federal Trade Commission or any other Commissioner.]  

I type these words while subject to a stay-at-home order issued by West Virginia Governor James C. Justice II. “To preserve public health and safety, and to ensure the healthcare system in West Virginia is capable of serving all citizens in need,” I am permitted to leave my home only for a limited and precisely enumerated set of reasons. Billions of citizens around the globe are now operating under similar shelter-in-place directives as governments grapple with how to stem the tide of infection, illness and death inflicted by the global Covid-19 pandemic. Indeed, the first response of many governments has been to impose severe limitations on physical movement to contain the spread of the novel coronavirus. The second response contemplated by many, and the one on which this blog post focuses, involves the extensive collection and analysis of data in connection with people’s movements and health. Some governments are using that data to conduct sophisticated contact tracing, while others are using the power of the state to enforce orders for quarantines and against gatherings.

The desire to use modern technology on a broad scale for the sake of public safety is not unique to this moment. Technology is intended to improve the quality of our lives, in part by enabling us to help ourselves and one another. For example, cell towers broadcast wireless emergency alerts to all mobile devices in the area to warn us of extreme weather and other threats to safety in our vicinity. One well-known type of broadcast is the Amber Alert, which enables community members to assist in recovering an abducted child by providing descriptions of the abductor, the abductee and the abductor’s vehicle. Citizens who spot individuals and vehicles that meet these descriptions can then provide leads to law enforcement authorities. A private nonprofit organization, the National Center for Missing and Exploited Children, coordinates with state and local public safety officials to send out Amber Alerts through privately owned wireless carriers.

The robust civil society and free market in the U.S. make partnerships between the private sector and government agencies commonplace. But some of these arrangements involve a much more extensive sharing of Americans’ personal information with law enforcement than the emergency alert system does.

For example, Amazon’s home security product Ring advertises itself not only as a way to see when a package has been left at your door, but also as a way to make communities safer by turning over video footage to local police departments. In 2018, the company’s pilot program in Newark, New Jersey, donated more than 500 devices to homeowners to install at their homes in two neighborhoods, with a big caveat. Ring recipients were encouraged to share video with police. According to Ring, home burglaries in those neighborhoods fell by more than 50% from April through July 2018 relative to the same time period a year earlier.

Yet members of Congress and privacy experts have raised concerns about these partnerships, which now number in the hundreds. After receiving Amazon’s response to his inquiry, Senator Edward Markey highlighted Ring’s failure to prevent police from sharing video footage with third parties and from keeping the video permanently, and Ring’s lack of precautions to ensure that users collect footage only of adults and of users’ own property. The House of Representatives Subcommittee on Economic and Consumer Policy continues to investigate Ring’s police partnerships and data policies. The Electronic Frontier Foundation has called Ring “a perfect storm of privacy threats,” while the UK surveillance camera commissioner has warned against “a very real power to understand, to surveil you in a way you’ve never been surveilled before.”

Ring demonstrates clearly that it is not new for potential breaches of privacy to be encouraged in the name of public safety; police departments urge citizens to use Ring and share the videos with police to fight crime. But emerging developments indicate that, in the fight against Covid-19, we can expect to see more and more private companies placed in the difficult position of becoming complicit in government overreach.

At least mobile phone users can opt out of receiving Amber Alerts, and residents can refuse to put Ring surveillance systems on their property. The Covid-19 pandemic has made some other technological intrusions effectively impossible to refuse. For example, online proctors who monitor students over webcams to ensure they do not cheat on exams taken at home were once something that students could choose to accept if they did not want to take an exam where and when they could be proctored face to face. With public schools and universities across the U.S. closed for the rest of the semester, students who refuse to give private online proctors access to their webcams – and, consequently, the ability to view their surroundings – cannot take exams at all.

Existing technology and data practices already have made the Federal Trade Commission sensitive to potential consumer privacy and data security abuses. For decades, this independent, bipartisan agency has been enforcing companies’ privacy policies through its authority to police unfair and deceptive trade practices. It brought its first privacy and data security cases nearly 20 years ago, while I was Chief of Staff to then-Chairman Timothy J. Muris. The FTC took on Eli Lilly for disclosing the e-mail addresses of 669 subscribers to its Prozac reminder service – many of whom were government officials, and at a time of greater stigma for mental health issues – and Microsoft for (among other things) falsely claiming that its Passport website sign-in service did not collect any personally identifiable information other than that described in its privacy policy.

The privacy and data security practices of healthcare and software companies are likely to impact billions of people during the current coronavirus pandemic. The U.S. already has many laws on the books that are relevant to practices in these areas. One notable example is the Health Insurance Portability and Accountability Act, which set national standards for the protection of individually identifiable health information by health plans, health care clearinghouses and health care providers who accept non-cash payments. While the FTC does not enforce HIPAA, it does enforce the Health Breach Notification Rule, as well as the provisions in the FTC Act used to challenge the privacy missteps of Eli Lilly and many other companies.

But technological developments have created gaps in HIPAA enforcement. For example, HIPAA applies to doctors’ offices, hospitals and insurance companies, but it may not apply to wearables, smartphone apps or websites. Yet sensitive medical information is now commonly stored in places other than health care practitioners’ offices.  Your phone and watch now collect information about your blood sugar, exercise habits, fertility and heart health. 

Observers have pointed to these emerging gaps in coverage as evidence of the growing need for federal privacy legislation. I, too, have called on the U.S. Congress to enact comprehensive federal privacy legislation – not only to address these emerging gaps, but for two other reasons.  First, consumers need clarity regarding the types of data collected from them, and how those data are used and shared. I believe consumers can make informed decisions about which goods and services to patronize when they have the information they need to evaluate the costs and benefits of using those goods. Second, businesses need predictability and certainty regarding the rules of the road, given the emerging patchwork of regimes both at home and abroad.

Rules of the road regarding privacy practices will prove particularly instructive during this global pandemic, as governments lean on the private sector for data on the grounds that the collection and analysis of data can help avert (or at least diminish to some extent) a public health catastrophe. With legal lines in place, companies would be better equipped to determine when they are being asked to cross the line for the public good, and whether they should require a subpoena or inform customers before turning over data. It is regrettable that Congress has been unable to enact federal privacy legislation to guide this discussion.

Understandably, Congress does not have privacy at the top of its agenda at the moment, as the U.S. faces a public health crisis. As I write, more than 579,000 Americans have been diagnosed with Covid-19, and more than 22,000 have perished. Sadly, those numbers will only increase. And the U.S. is not alone in confronting this crisis: governments globally have confronted more than 1.77 million cases and more than 111,000 deaths. For a short time, health and safety issues may take precedence over privacy protections. But some of the initiatives to combat the coronavirus pandemic are worrisome. We are learning more every day about how governments are responding in a rapidly developing situation; what I describe in the next section constitutes merely the tip of the iceberg. These initiatives are worth highlighting here, as are potential safeguards for privacy and civil liberties that societies around the world would be wise to embrace.

Some observers view public/private partnerships based on an extensive use of technology and data as key to fighting the spread of Covid-19. For example, Professor Jane Bambauer calls for contact tracing and alerts “to be done in an automated way with the help of mobile service providers’ geolocation data.” She argues that privacy is merely “an instrumental right” that “is meant to achieve certain social goals in fairness, safety and autonomy. It is not an end in itself.” Given the “more vital” interests in health and the liberty to leave one’s house, Bambauer sees “a moral imperative” for the private sector “to ignore even express lack of consent” by an individual to the sharing of information about him.

This proposition troubles me because the extensive data sharing that has been proposed in some countries, and that is already occurring in many others, is not mundane. In the name of advertising and product improvements, private companies have been hoovering up personal data for years. What this pandemic lays bare, though, is that while this trove of information was collected under the guise of cataloguing your coffee preferences and transportation habits, it can be reprocessed in an instant to restrict your movements, impinge on your freedom of association, and silence your freedom of speech. Bambauer is calling for detailed information about an individual’s every movement to be shared with the government when, in the United States under normal circumstances, a warrant would be required to access this information.

Indeed, with our mobile devices acting as the “invisible policeman” described by Justice William O. Douglas in Berger v. New York, we may face “a bald invasion of privacy, far worse than the general warrants prohibited by the Fourth Amendment.” Backward-looking searches and data hoards pose new questions of what constitutes a “reasonable” search. The stakes are high – both here and abroad, citizens are being asked to allow warrantless searches by the government on an astronomical scale, all in the name of public health.  

Abroad

The first country to confront the coronavirus was China. The World Health Organization has touted the measures taken by China as “the only measures that are currently proven to interrupt or minimize transmission chains in humans.” Among these measures are the “rigorous tracking and quarantine of close contacts,” as well as “the use of big data and artificial intelligence (AI) to strengthen contact tracing and the management of priority populations.” An ambassador for China has said his government “optimized the protocol of case discovery and management in multiple ways like backtracking the cell phone positioning.” Much as the Communist Party’s control over China enabled it to suppress early reports of a novel coronavirus, this regime vigorously ensured its people’s compliance with the “stark” containment measures described by the World Health Organization.

Before the Covid-19 pandemic, Hong Kong already had been testing the use of “smart wristbands” to track the movements of prisoners. The Special Administrative Region now monitors people quarantined inside their homes by requiring them to wear wristbands that send information to the quarantined individuals’ smartphones and alert the Department of Health and Police if people leave their homes, break their wristbands or disconnect them from their smartphones. When first announced in early February, the wristbands were required only for people who had been to Wuhan in the past 14 days, but the program rapidly expanded to encompass every person entering Hong Kong. The government denied any privacy concerns about the electronic wristbands, saying the Privacy Commissioner for Personal Data had been consulted about the technology and agreed it could be used to ensure that quarantined individuals remain at home.

Elsewhere in Asia, Taiwan’s Chunghwa Telecom has developed a system that the local CDC calls an “electronic fence.” Specifically, the government obtains the SIM card identifiers for the mobile devices of quarantined individuals and passes those identifiers to mobile network operators, which use phone signals to their cell towers to alert public health and law enforcement agencies when the phone of a quarantined individual leaves a certain geographic range. In response to privacy concerns, the National Communications Commission said the system was authorized by special laws to prevent the coronavirus, and that it “does not violate personal data or privacy protection.” In Singapore, travelers and others issued Stay-Home Notices to remain in their residency 24 hours a day for 14 days must respond within an hour if contacted by government agencies by phone, text message or WhatsApp. And to assist with contact tracing, the government has encouraged everyone in the country to download TraceTogether, an app that uses Bluetooth to identify other nearby phones with the app and tracks when phones are in close proximity.

Israel’s Ministry of Health has launched an app for mobile devices called HaMagen (the shield) to prevent the spread of coronavirus by identifying contacts between diagnosed patients and people who came into contact with them in the 14 days prior to diagnosis. In March, the prime minister’s cabinet initially bypassed the legislative body to approve emergency regulations for obtaining without a warrant the cellphone location data and additional personal information of those diagnosed with or suspected of coronavirus infection. The government will send text messages to people who came into contact with potentially infected individuals, and will monitor the potentially infected person’s compliance with quarantine. The Ministry of Health will not hold this information; instead, it can make data requests to the police and Shin Bet, the Israel Security Agency. The police will enforce quarantine measures and Shin Bet will track down those who came into contact with the potentially infected.

Multiple Eastern European nations with constitutional protections for citizens’ rights of movement and privacy have superseded them by declaring a state of emergency. For example, in Hungary the declaration of a “state of danger” has enabled Prime Minister Viktor Orbán’s government to engage in “extraordinary emergency measures” without parliamentary consent.  His ministers have cited the possibility that coronavirus will prevent a gathering of a sufficient quorum of members of Parliament as making it necessary for the government to be able to act in the absence of legislative approval.

Member States of the European Union must protect personal data pursuant to the General Data Protection Regulation, and communications data, such as mobile location, pursuant to the ePrivacy Directive. The chair of the European Data Protection Board has observed that the ePrivacy Directive enables Member States to introduce legislative measures to safeguard public security. But if those measures allow for the processing of non-anonymized location data from mobile devices, individuals must have safeguards such as a right to a judicial remedy. “Invasive measures, such as the ‘tracking’ of individuals (i.e. processing of historical non-anonymized location data) could be considered proportional under exceptional circumstances and depending on the concrete modalities of the processing.” The EDPB has announced it will prioritize guidance on these issues.

EU Member States are already implementing such public security measures. For example, the government of Poland has by statute required everyone under a quarantine order due to suspected infection to download the “Home Quarantine” smartphone app. Those who do not install and use the app are subject to a fine. The app verifies users’ compliance with quarantine through selfies and GPS data. Users’ personal data will be administered by the Minister of Digitization, who has appointed a data protection officer. Each user’s identification, name, telephone number, quarantine location and quarantine end date can be shared with police and other government agencies. After two weeks, if the user does not report symptoms of Covid-19, the account will be deactivated — but the data will be stored for six years. The Ministry of Digitization claims that it must store the data for six years in case users pursue claims against the government. However, local privacy expert and Panoptykon Foundation cofounder Katarzyna Szymielewicz has questioned this rationale.

Even other countries that are part of the Anglo-American legal tradition are ramping up their use of data and working with the private sector to do so. The UK’s National Health Service is developing a data store that will include online/call center data from NHS Digital and Covid-19 test result data from the public health agency. While the NHS is working with private partner organizations and companies including Microsoft, Palantir Technologies, Amazon Web Services and Google, it has promised to keep all the data under its control, and to require those partners to destroy or return the data “once the public health emergency situation has ended.” The NHS also has committed to meet the requirements of data protection legislation by ensuring that individuals cannot be re-identified from the data in the data store.

Notably, each of the companies partnering with the NHS at one time or another has been subjected to scrutiny for its privacy practices. Some observers have noted that tech companies, which have been roundly criticized for a variety of reasons in recent years, may seek to use this pandemic for “reputation laundering.” As one observer cautioned: “Reputations matter, and there’s no reason the government or citizens should cast bad reputations aside when choosing who to work with or what to share” during this public health crisis.

At home

In the U.S., the federal government last enforced large-scale isolation and quarantine measures during the influenza (“Spanish Flu”) pandemic a century ago. But the Centers for Disease Control and Prevention track diseases on a daily basis by receiving case notifications from every state. The states mandate that healthcare providers and laboratories report certain diseases to the local public health authorities using personal identifiers. In other words, if you test positive for coronavirus, the government will know. Every state has laws authorizing quarantine and isolation, usually through the state’s health authority, while the CDC has authority through the federal Public Health Service Act and a series of presidential executive orders to exercise quarantine and isolation powers for specific diseases, including severe acute respiratory syndromes (a category into which the novel coronavirus falls).

Now local governments are issuing orders that empower law enforcement to fine and jail Americans for failing to practice social distancing. State and local governments have begun arresting and charging people who violate orders against congregating in groups. Rhode Island is requiring every non-resident who enters the state to be quarantined for two weeks, with police checks at the state’s transportation hubs and borders.

How governments discover violations of quarantine and social distancing orders will raise privacy concerns. Police have long been able to enforce based on direct observation of violations. But if law enforcement authorities identify violations of such orders based on data collection rather than direct observation, the Fourth Amendment may be implicated. In Jones and Carpenter, the Supreme Court has limited the warrantless tracking of Americans through GPS devices placed on their cars and through cellphone data. But building on the longstanding practice of contact tracing in fighting infectious diseases such as tuberculosis, GPS data has proven helpful in fighting the spread of Covid-19. This same data, though, also could be used to piece together evidence of violations of stay-at-home orders. As Chief Justice John Roberts wrote in Carpenter, “With access to [cell-site location information], the government can now travel back in time to retrace a person’s whereabouts… Whoever the suspect turns out to be, he has effectively been tailed every moment of every day for five years.”

The Fourth Amendment protects American citizens from government action, but the “reasonable expectation of privacy” test applied in Fourth Amendment cases connects the arenas of government action and commercial data collection. As Professor Paul Ohm of the Georgetown University Law Center notes, “the dramatic expansion of technologically-fueled corporate surveillance of our private lives automatically expands police surveillance too, thanks to the way the Supreme Court has construed the reasonable expectation of privacy test and the third-party doctrine.”

For example, the COVID-19 Mobility Data Network – infectious disease epidemiologists working with Facebook, Camber Systems and Cubiq – uses mobile device data to inform state and local governments about whether social distancing orders are effective. The tech companies give the researchers aggregated data sets; the researchers give daily situation reports to departments of health, but say they do not share the underlying data sets with governments. The researchers have justified this model based on users of the private companies’ apps having consented to the collection and sharing of data.

However, the assumption that consumers have given informed consent to the collection of their data (particularly for the purpose of monitoring their compliance with social isolation measures during a pandemic) is undermined by studies showing the average consumer does not understand all the different types of data that are collected and how their information is analyzed and shared with third parties – including governments. Technology and telecommunications companies have neither asked me to opt into tracking for public health nor made clear how they are partnering with federal, state and local governments. This practice highlights that data will be divulged in ways consumers cannot imagine – because no one assumed a pandemic when agreeing to a company’s privacy policy. This information asymmetry is part of why we need federal privacy legislation.

On Friday afternoon, Apple and Google announced their opt-in Covid-19 contact tracing technology. The owners of the two most common mobile phone operating systems in the U.S. said that in May they would release application programming interfaces that enable interoperability between iOS and Android devices using official contact tracing apps from public health authorities. At an unspecified date, Bluetooth-based contact tracing will be built directly into the operating systems. “Privacy, transparency, and consent are of utmost importance in this effort,” the companies said in their press release.  

At this early stage, we do not yet know exactly how the proposed Google/Apple contact tracing system will operate. It sounds similar to Singapore’s TraceTogether, which is already available in the iOS and Android mobile app stores (it has a 3.3 out of 5 average rating in the former and a 4.0 out of 5 in the latter). TraceTogether is also described as a voluntary, Bluetooth-based system that avoids GPS location data, does not upload information without the user’s consent, and uses changing, encrypted identifiers to maintain user anonymity. Perhaps the most striking difference, at least to a non-technical observer, is that TraceTogether was developed and is run by the Singaporean government, which has been a point of concern for some observers. The U.S. version – like finding abducted children through Amber Alerts and fighting crime via Amazon Ring – will be a partnership between the public and private sectors.     

Recommendations

The global pandemic we now face is driving data usage in ways not contemplated by consumers. Entities in the private and public sector are confronting new and complex choices about data collection, usage and sharing. Organizations with Chief Privacy Officers, Chief Information Security Officers, and other personnel tasked with managing privacy programs are, relatively speaking, well-equipped to address these issues. Despite the extraordinary circumstances, senior management should continue to rely on the expertise and sound counsel of their CPOs and CISOs, who should continue to make decisions based on their established privacy and data security programs. Although developments are unfolding at warp speed, it is important – arguably now, more than ever – to be intentional about privacy decisions.

For organizations that lack experience with privacy and data security programs (and individuals tasked with oversight for these areas), now is a great time to pause, do some research and exercise care. It is essential to think about the longer-term ramifications of choices made about data collection, use and sharing during the pandemic. The FTC offers easily accessible resources, including Protecting Personal Information: A Guide for Business, Start with Security: A Guide for Business, and Stick with Security: A Business Blog Series. While the Gramm-Leach-Bliley Act (GLB) applies only to financial institutions, the FTC’s GLB compliance blog outlines some data security best practices that apply more broadly. The National Institute for Standards and Technology (NIST) also offers security and privacy resources, including a privacy framework to help organizations identify and manage privacy risks. Private organizations such as the Center for Information Policy Leadership, the International Association of Privacy Professionals and the App Association also offer helpful resources, as do trade associations. While it may seem like a suboptimal time to take a step back and focus on these strategic issues, remember that privacy and data security missteps can cause irrevocable harm. Counterintuitively, now is actually the best time to be intentional about choices in these areas.

Best practices like accountability, risk assessment and risk management will be key to navigating today’s challenges. Companies should take the time to assess and document the new and/or expanded risks from the data collection, use and sharing of personal information. It is appropriate for these risk assessments to incorporate potential benefits and harms not only to the individual and the company, but for society as a whole. Upfront assessments can help companies establish controls and incentives to facilitate responsible behavior, as well as help organizations demonstrate that they are fully aware of the impact of their choices (risk assessment) and in control of their impact on people and programs (risk mitigation). Written assessments can also facilitate transparency with stakeholders, raise awareness internally about policy choices and assist companies with ongoing monitoring and enforcement. Moreover, these assessments will facilitate a return to “normal” data practices when the crisis has passed.  

In a similar vein, companies must engage in comprehensive vendor management with respect to the entities that are proposing to use and analyze their data. In addition to vetting proposed data recipients thoroughly, companies must be selective concerning the categories of information shared. The benefits of the proposed research must be balanced against individual protections, and companies should share only those data necessary to achieve the stated goals. To the extent feasible, data should be shared in de-identified and aggregated formats and data recipients should be subject to contractual obligations prohibiting them from re-identification. Moreover, companies must have policies in place to ensure compliance with research contracts, including data deletion obligations and prohibitions on data re-identification, where appropriate. Finally, companies must implement mechanisms to monitor third party compliance with contractual obligations.

Similar principles of necessity and proportionality should guide governments as they make demands or requests for information from the private sector. Governments must recognize the weight with which they speak during this crisis and carefully balance data collection and usage with civil liberties. In addition, governments also have special obligations to ensure that any data collection done by them or at their behest is driven by the science of Covid-19; to be transparent with citizens about the use of data; and to provide due process for those who wish to challenge limitations on their rights. Finally, government actors should apply good data hygiene, including regularly reassessing the breadth of their data collection initiatives and incorporating data retention and deletion policies. 

In theory, government’s role could be reduced as market-driven responses emerge. For example, assuming the existence of universally accessible daily coronavirus testing with accurate results even during the incubation period, Hal Singer’s proposal for self-certification of non-infection among private actors is intriguing. Thom Lambert identified the inability to know who is infected as a “lemon problem;” Singer seeks a way for strangers to verify each other’s “quality” in the form of non-infection.

Whatever solutions we may accept in a pandemic, it is imperative to monitor the coronavirus situation as it improves, to know when to lift the more dire measures. Former Food and Drug Administration Commissioner Scott Gottlieb and other observers have called for maintaining surveillance because of concerns about a resurgence of the virus later this year. For any measures that conflict with Americans’ constitutional rights to privacy and freedom of movement, there should be metrics set in advance for the conditions that will indicate when such measures are no longer justified. In the absence of pre-determined metrics, governments may feel the same temptation as Hungary’s prime minister to keep renewing a “state of danger” that overrides citizens’ rights. As Slovak lawmaker Tomas Valasek has said, “It doesn’t just take the despots and the illiberals of this world, like Orbán, to wreak damage.” But privacy is not merely instrumental to other interests, and we do not have to sacrifice our right to it indefinitely in exchange for safety.

I recognize that halting the spread of the virus will require extensive and sustained effort, and I credit many governments with good intentions in attempting to save the lives of their citizens. But I refuse to accept that we must sacrifice privacy to reopen the economy. It seems a false choice to say that I must sacrifice my Constitutional rights to privacy, freedom of association and free exercise of religion for another’s freedom of movement. Society should demand that equity, fairness and autonomy be respected in data uses, even in a pandemic. To quote Valasek again: “We need to make sure that we don’t go a single inch further than absolutely necessary in curtailing civil liberties in the name of fighting for public health.” History has taught us repeatedly that sweeping security powers granted to governments during an emergency persist long after the crisis has abated. To resist the gathering momentum toward this outcome, I will continue to emphasize the FTC’s learning on appropriate data collection and use. But my remit as an FTC Commissioner is even broader – when I was sworn in on Sept. 26, 2018, I took an oath to “support and defend the Constitution of the United States” – and so I shall.


[1] Many thanks to my Attorney Advisors Pallavi Guniganti and Nina Frant for their invaluable assistance in preparing this article.