Source Code: Your daily look at what matters in tech.
To give you the best possible experience, this site uses cookies. If you continue browsing. you accept our use of cookies. You can review our privacy policy to find out more about the cookies we use.
yesEmily BirnbaumNone
December 15, 2020
The European Union on Tuesday proposed a sweeping set of rules to rein in the power of Big Tech, amounting to the most aggressive legislative effort against the industry to date.
The Digital Services Act will require online intermediaries to act more swiftly against illegal content and provide users with more transparency around takedowns. The Digital Markets Act will restrict large companies, labeled "gatekeepers," from engaging in a set of anticompetitive behaviors, including self-preferencing.
"The two proposals serve one purpose: to make sure that we, as users, have access to a wide choice of safe products and services online," said Margrethe Vestager, executive vice president of the European Commission and the EU's digital czar. "This is one world … what is illegal offline is equally illegal online."
The proposals will likely send shockwaves through the global tech industry as companies seek to understand how they will be affected and whether they could run afoul of the rules.
Here's a list of five things U.S. companies should know about this fast-moving effort.
It could be years until these rules take effect.
Tuesday's announcement will kick off years of impassioned negotiations as policymakers and lobbyists work out the contours of the proposals, which are far from becoming law.
The EU took four years to debate the General Data Protection Regulation, and this process is likely to look similar, though it will pull in a smaller array of players because it targets tech specifically.
The European Council, which represents all 27 governments in the bloc, and the European Parliament must approve the pair of proposals before they become law.
Tech intends to fight hard.
Tech companies including Google, Facebook and Twitter have made it clear that they intend to fight hard to sway the direction of the rules. "We look forward to reviewing today's proposals in full, and continued collaboration with the EU Commission, industry and civil society in the coming weeks and months ahead," Twitter said.
Google, Facebook, Amazon, Apple and Microsoft spent about $23 million on lobbying in the EU in the first half of 2019, according to Transparency International, a group that monitors lobbying in the bloc. Their efforts are only set to intensify as they seek to influence all 27 member-nations during the consultation period.
Companies are largely in favor of harmonizing rules across the EU, which will make it easier for them to navigate what they should and shouldn't do. But the proposals as written would subject the companies to potentially enormous fines and even breakups as a "nuclear option," in Vestager's words, a daunting prospect that they're certain to fight.
The Digital Markets Act in particular gets right at the heart of Big Tech's business models with a set of sweeping do's and don'ts. Under the DMA, the EU could force companies to open up their platforms in ways that they never have before, requiring firms to allow third parties to interoperate with their services and give users data about advertising and sales. For example, the proposal could force Amazon to share far more information with its sellers or require Facebook to provide extensive information on how its advertising is working.
It would also create a harsh set of don'ts. Under the DMA, companies like Google and Amazon could not give preference to their own services in search results, and Apple could not block users from removing preinstalled apps.
"While we will review the Commission's proposals carefully over the coming days, we are concerned that they appear to specifically target a handful of companies and make it harder to develop new products to support small businesses in Europe," said Karan Bhatia, vice president of government affairs and public policy at Google.
Taken together, it's likely that Big Tech will fight harder to stave off the most aggressive proposals in the DMA while smaller companies will spend more time on the Digital Services Act.
The Digital Services Act applies far more broadly than Digital Markets Act.
While the DMA is tailored specifically to "gatekeeper" companies, the Digital Services Act would apply to a much wider range of companies: "online intermediary services."
According to the European Commission, the DSA will apply in various ways to intermediary services offering network infrastructure, hosting services such as cloud services, smaller online platforms and the largest online platforms.
The proposal, which is aimed at improving mechanisms for the removal of illegal content, was written to create different requirements for different kinds of companies; for instance, a cloud company would have fewer obligations than a social media platform when it comes to handling content.
All of the companies will be required to provide much more transparency around what kinds of content they remove and why, one of the less controversial asks. They will have to come up with effective mechanisms for users to flag illegal content and will likely be required to allow users to challenge content moderation decisions. If they violate any of the new rules, they could face fines up to 6% of global revenues, a hefty sum.
Beyond that, the largest online platforms could have to submit to external risk auditing and give researchers access to key data.
Tech-funded organizations are already raising concerns about some elements of how the DSA applies to platforms. Iverna McGowan, director of the Center for Democracy & Technology's Europe office, said there's some concern that the draft regulation could expose platforms to more liability for their content moderation decisions and disincentivize them from moderating harmful speech. "We fear that the draft regulation reflects fundamental inconsistencies which would risk undemocratic and discriminatory results," she said, pledging to work with the commission, parliament and council to "address these serious concerns before the proposal proceeds."
The rules could set the stage for global regulations just like GDPR.
Just as GDPR, the EU's far-reaching privacy framework, set the tone for global regulations after it was adopted in 2016, the EU's twin proposals will likely also become the standard that other legislative efforts are held against moving forward.
The U.S. is light-years behind the EU in regulation, and any legislation to emerge from Congress on content moderation or antitrust would be much less aggressive. But the EU's efforts will likely offer some helpful frameworks for U.S. policymakers, particularly its emphasis on "asymmetrical" rules, which apply differently to companies according to their size.
"The Digital Markets Act's emphasis on targeted, digital platform-specific regulations and clear rules of the road can be a model for U.S. policymakers," said Alex Petros, policy counsel at digital rights group Public Knowledge.
Elements of GDPR play a central role in negotiations around a federal privacy bill today, and experts predict there could be a similar effect with the DMA and DSA.
"This seems to be a continuation of … the EU using legislation to become a worldwide leader in tech regulation," said Christoph Schmon, the Electronic Frontier Foundation's international policy director.
Companies have to assess how the rules apply to them.
The new proposals will apply to all tech companies that offer their services in the EU, sweeping up a broad swath of U.S. firms beyond just Facebook and Google. Companies will be expected to decide how the rules apply to them on their own, turning to internal compliance and legal teams, with Brussels stepping in if they think businesses are not identifying themselves correctly. It's likely that many companies will try to avoid being included, particularly in the "gatekeeper" designation.
When it came to GDPR, some companies, like Facebook, created EU-specific privacy processes while others, like Microsoft, decided to change their protocols globally, exporting GDPR-like privacy protections to every country they operate in.
The DMA and DSA will likely set off a similar process as global firms decide whether they can afford to behave differently in the EU than they do in other countries.
There's some fear that the laws will disincentivize smaller companies from offering their services in the EU if the obligations turn out to be too costly, Schmon said. For instance, one provision of the Digital Services Act will require service providers to appoint a legal representative in the EU, a potentially burdensome requirement.
"We hope the future negotiations will seek to make the EU a leader in digital innovation, not just in digital regulation," said Christian Borggreen, the vice president for CCIA Europe, a tech trade group representing Google, Facebook and Amazon.
It's unlikely that most companies will make any sudden moves. Instead, the next chapter in this saga is likely to be defined by herculean lobbying efforts by companies big and small as they seek to influence the end result.
Emily Birnbaum
Emily Birnbaum ( @birnbaum_e) is a tech policy reporter with Protocol. Her coverage focuses on the U.S. government's attempts to regulate one of the most powerful industries in the world, with a focus on antitrust, privacy and politics. Previously, she worked as a tech policy reporter with The Hill after spending several months as a breaking news reporter. She is a Bethesda, Maryland native and proud Kenyon College alumna.
Politics
What tech policy could look like in Biden’s first 100 days
More antitrust laws and bridging the digital divide should be top of mind for the incoming administration.
Antitrust enforcement is one of the big lessons going into the Biden administration.
Photo: Alex Edelman/Getty Images
January 19, 2021
Penelope Blackwell is a reporting fellow at Protocol covering ed-tech, where she reports on the decisions leading up toward the advances of remote learning. Previously, she interned at The Baltimore Sun covering emerging news and produced content for Carnegie-Knight’s News21 documenting hate and bias incidents in the U.S. She is also a recent graduate of Columbia University’s Graduate School of Journalism and Morgan State University.
January 19, 2021
Although it is too soon to tell with certainty how President-elect Joe Biden will address the questions surrounding tech policy, it is clear that his inaugural transition on Wednesday will affect the world of tech.
Protocol reporters Issie Lapowsky and Emily Birnbaum, virtually met up with panelists Tuesday to discuss what tech policy and regulation could look like in Biden's first 100 days in office — as well as the next four years.
<p>According to Federal Trade Commissioner Rebecca Kelly Slaughter, more antitrust laws that promote competition and protect consumers from anticompetitive mergers and business practices should be implemented. But she also mentioned that much of the backlash on this issue stems from users who "resist government antitrust intervention."</p><p>"What we are seeing is, on the one hand, imminently appropriate actions being taken by companies to stop violence. And on the other, we're seeing really important questions surface about the fact that those decisions are lying in the hands of private companies with enormous market power," Slaughter said.</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="1">
</div>
</div></p><p>As the FTC seeks to enforce these laws that address outsized market share, investigations are looming. Colorado Attorney General Phil Weiser, who is leading a suit of 38 AGs against Google for anticompetitive conduct, said he thinks the depth of Google's totality needs to be examined.</p><p> "We would like to see the DOJ [Department of Justice] broaden their case against Google. We believe that the breadth of Google's anticompetitive conduct needs to be examined because it hurts consumers by limiting choice and hurts innovation," Weiser said, referring to the <a href="https://www.protocol.com/google-justice-department-lawsuit-antitrust" target="_self"><u>DOJ's antitrust suits</u></a> against the company.</p><p>Antitrust enforcement is the big lesson going into the Biden administration, Weiser said. And bridging the digital divide should also be top of mind, said the Brookings Institution Director for the Center of Technology Innovation Nicol Turner Lee.</p><p>"It's not just about tech for certain functions, it's about tech for all of reality. Not just in terms of getting kids online, but the ability to have an environment where people are being trained on how to build the infrastructure and how to use the technology," Lee said. "With over 100,000 business permanently closed as a result of the pandemic, we are going to be trusting tech to be the new economic driver, which means we need more multi-stakeholder conversations."</p>
Keep Reading
Show less
Penelope Blackwell is a reporting fellow at Protocol covering ed-tech, where she reports on the decisions leading up toward the advances of remote learning. Previously, she interned at The Baltimore Sun covering emerging news and produced content for Carnegie-Knight’s News21 documenting hate and bias incidents in the U.S. She is also a recent graduate of Columbia University’s Graduate School of Journalism and Morgan State University.
Politics
The DOJ sues Google for monopoly practices — and says there’s more to come
Google's response: 'People use Google because they choose to – not because they're forced to or because they can't find alternatives.'
The DOJ's case revolves around some of Google's antitrust weak spots, including the exclusive, billion-dollar agreements that require mobile-phone manufacturers to keep Google as their default search engine.
Photo: Future Publishing/Getty Images
October 20, 2020
Emily Birnbaum ( @birnbaum_e) is a tech policy reporter with Protocol. Her coverage focuses on the U.S. government's attempts to regulate one of the most powerful industries in the world, with a focus on antitrust, privacy and politics. Previously, she worked as a tech policy reporter with The Hill after spending several months as a breaking news reporter. She is a Bethesda, Maryland native and proud Kenyon College alumna.
October 20, 2020
The Department of Justice sued Google for antitrust violations on Tuesday, setting off what is likely to be a yearslong battle that will indelibly shape the future of the tech industry.
The case, which was filed in federal court in Washington, marks the most aggressive action by the U.S. government against a tech company in decades. The DOJ accuses Google of leveraging its dominant position in search and search-advertising to elbow out rivals and disadvantage competitors.
<p>
The case revolves around some of Google's antitrust weak spots: the exclusive, billion-dollar agreements that require mobile-phone manufacturers to keep Google as their default search engine, as well as Google's decision to preload Google search on Android phones. The European Union <a href="https://www.nytimes.com/2018/07/18/technology/google-eu-android-fine.html" rel="noopener noreferrer" target="_blank">fined Google $5.1 billion</a> over similar allegations two years ago.
</p>
<p>
"Two decades ago, Google became the darling of Silicon Valley as a scrappy startup with an innovative way to search the emerging internet," the DOJ wrote in the complaint. "That Google is long gone."
</p>
<p><div class="ad-tag"><div class="ad-place-holder" data-pos="1">
</div>
</div></p><p>
"For many years, Google has used anticompetitive tactics to maintain and extend its monopolies in the markets for general search services, search advertising, and general search text advertising — the cornerstones of its empire," the DOJ added.
</p>
<p>
During a call with reporters Tuesday morning, DOJ officials emphasized that this is only the beginning of a long effort to take on Google.
</p>
<p>
"We're asking the court to break Google's grip on search distribution so competition and innovation can take hold, and consumers and advertisers will no longer be beholden to an unchecked monopolist," said Ryan Shores, the DOJ's senior adviser for technology industries.
</p>
<p>
In a statement, Google called the lawsuit "deeply flawed." A Google spokesperson added: "People use Google because they choose to – not because they're forced to or because they can't find alternatives."
</p>
<p>
The case was filed by the DOJ along with the Republican attorneys general from Arkansas, Florida, Georgia, Indiana, Kentucky, Louisiana, Mississippi, Missouri, Montana, South Carolina and Texas. Other states currently investigating Google, including those led by Democrats, are likely to file their own separate cases in the upcoming months.
</p>
<p>
The case could mean <a href="https://www.protocol.com/antitrust-proposals-big-tech" target="_self">serious structural changes for Google</a>, including a breakup. There's no discussion of potential remedies in the case filed Tuesday, as those discussions usually happen further down the line. But the battle is only beginning, and it will last well past the Nov. 3 election.
</p>
<p>
Antitrust experts are predicting that a potential Biden administration would carry the case forward, considering the bipartisan energy around taking on the enormous power of the largest tech companies.
</p>
<p><div class="ad-tag"><div class="ad-place-holder" data-pos="2">
</div>
</div></p><p>
"I would definitely anticipate the Biden Justice Department carrying this forward," said John Newman, an associate professor of law at the University of Miami and former DOJ antitrust lawyer. "There seems to be a growing consensus in Democratic party circles that Biden needs to be stronger on antitrust than Obama was."
</p>
<p>
Newman said a Biden administration could even widen the scope of the antitrust complaint and potential remedies.
</p>
<p>
Over the last century, antitrust cases against dominant tech firms have triggered huge shifts in the tech industry's trajectory. The antitrust case against IBM in 1975 gave Microsoft room to flourish; the 1984 AT&T antitrust case opened new opportunities in the cellular market; and the 1990s case against Microsoft has been credited with enabling the rise of Google and Facebook.
</p>
<p>
In those cases, it didn't matter whether the U.S. government won its case or not. The act of suing a dominant tech firm changed how the company did business and created room for smaller companies to blossom.
</p>
<p>
"Historians will hopefully look at today as the beginning of the end of the surveillance economy," <a href="https://twitter.com/yegg/status/1318551960958783489" rel="noopener noreferrer" target="_blank">said</a> Gabriel Weinberg, the CEO and founder of Google rival DuckDuckGo.
</p><p>
The DOJ's case against Google is certain to be marred by allegations of political bias. Attorney General William Barr was <a href="https://www.nytimes.com/2020/10/20/technology/google-antitrust.html?smtyp=cur&smid=tw-nytimes" rel="noopener noreferrer" target="_blank">unusually involved</a> in the Google investigation from the beginning, and he reportedly pushed to file the suit before the election <a href="https://www.wsj.com/articles/internal-justice-department-dispute-arises-over-possible-google-antitrust-suit-11597700874" rel="noopener noreferrer" target="_blank">over objections from Justice Department staff</a>.</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="3">
</div>
</div></p>
From Your Site Articles
- Cicilline names the three biggest antitrust concerns around Big Tech ... ›
- Kill zones and 'escape valves': What the antitrust report means for ... ›
- What the antitrust proposals would actually mean for tech - Protocol ›
- Why Joe Biden might kill the Google case - Protocol ›
- The DOJ went narrow on Google. That may be good news for the rest of Big Tech. - Protocol ›
Keep Reading
Show less
Emily Birnbaum ( @birnbaum_e) is a tech policy reporter with Protocol. Her coverage focuses on the U.S. government's attempts to regulate one of the most powerful industries in the world, with a focus on antitrust, privacy and politics. Previously, she worked as a tech policy reporter with The Hill after spending several months as a breaking news reporter. She is a Bethesda, Maryland native and proud Kenyon College alumna.
Power
The future of software hangs in the balance at the Supreme Court
A generation of software built around shared assumptions for interoperability faces an uncertain future depending on the outcome of a yearslong legal fight between Google and Oracle.
A ruling in its favor of Oracle in a case against Google could embolden older tech companies looking for growth to assert copyright over a wide swath of modern software.
Photo: Angel Xavier Viera-Vargas
October 6, 2020
Tom Krazit ( @tomkrazit) is a senior reporter at Protocol, covering cloud computing and enterprise technology out of the Pacific Northwest. He has written and edited stories about the technology industry for almost two decades for publications such as IDG, CNET, paidContent, and GeekWire. He served as executive editor of Gigaom and Structure, and most recently produced a leading cloud computing newsletter called Mostly Cloudy.
October 5, 2020
Software fed upon itself in order to eat the world, digesting the earlier groundbreaking works of the development community in order to evolve into an economic force far more sophisticated than early programmers could have ever dreamed. The Supreme Court is about to decide whether to break that chain.
On Oct. 7, the nation's highest court will hear arguments in the long-running dispute between Oracle and Google over whether or not an important tool in modern software development can be subject to copyright protection, and the verdict could overturn long-standing practices behind modern software development. After Google prevailed in the initial trial related to its use of Java in the Android mobile operating system, two subsequent appeals courts rulings have upheld Oracle's argument that application programming interfaces (APIs) can be considered protected works of expression.
<p>Generations of software has been built upon the premise that it makes little sense to duplicate some of the most basic parts of an application, especially the parts that make it easier for software to interact with other software. But now that it's almost impossible to imagine the modern commercial world without the rich network of software that has reached into every corner of our lives, most often through APIs, those who control those interactions control a large chunk of the world economy.</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="1">
</div>
</div></p><p>If Oracle's argument is upheld, software developers fear chilling effects will descend upon their industry. A ruling in its favor could embolden older tech companies looking for growth to assert copyright over a wide swath of modern software, arguing that many of today's applications would not exist without their work.</p><p>Leaving the appeals court rulings in place would definitely rattle the open-source software community, which built the blueprint for a generation of collaborative enterprise software development. It could make it that much harder to launch some new startups; it could also provide a legal defensive moat for other startup ideas. And it could further consolidate the power of the modern platform companies that control an increasing portion of this world.</p><p>"We're going to see a lot of software we would have seen written, not be written as a result of this," said <a href="https://www.linkedin.com/in/nellshamrell/" rel="noopener noreferrer" target="_blank">Nell Shamrell-Harrington</a>, a former senior staff research engineer at Mozilla who is active in open-source software communities. "[APIs] are the building blocks of the web."</p><h3>Here comes the Sun
</h3><p>This dispute kicked off 10 years ago, following <a href="https://www.oracle.com/corporate/pressrelease/oracle-buys-sun-042009.html" rel="noopener noreferrer" target="_blank">Oracle's acquisition of Sun Microsystems in 2009</a>. Sun created Java, an extremely important programming language and software development platform that was the foundation for an enormous number of internet-connected applications in the late 1990s and early 2000s. More than 25 years later, Java remains the fifth most widely used programming language among professional software developers, <a href="https://insights.stackoverflow.com/survey/2020" rel="noopener noreferrer" target="_blank">according to this year's Stack Overflow survey</a>.</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="2">
</div>
</div></p><p>When Google began development of Android, it wanted to use some key parts of Java's APIs as part of the core of Android, but it was unable to work out a licensing deal with Sun. So <a href="https://www.cnet.com/news/suns-worried-that-google-android-could-fracture-java/" rel="noopener noreferrer" target="_blank">Google essentially duplicated those parts of Java in Android</a> to implement similar ideas, while also using some code related to Java APIs taken from an open-source version of Java. It believed this action was protected by fair use principles, and a jury later agreed.</p><p>APIs are the connective tissue of modern software. If you use software that works in concert with another piece of software — which describes pretty much everything you now use — that interaction is often governed by an API, which sets ground rules for how software programs talk to each other and exchange information.</p><p>A brief filed in support of Google's argument <a href="https://www.supremecourt.gov/DocketPDF/18/18-956/128391/20200113145027664_18-956%20Google%20v%20Oracle%20Computer%20Scientists%20Merits%20Amicus%20FOR%20FILING.pdf" rel="noopener noreferrer" target="_blank">signed by 83 prominent computer scientists</a> explained it this way:</p><p style="margin-left: 20px;"><em>"Software interfaces, including those embodied in the Java application programming interface (API) at issue here, are purely functional systems or methods of operating a computer program or platform. They are not computer programs themselves. Interfaces merely describe what functional tasks a computer program will perform without specifying how it does so."</em></p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="3">
</div>
</div></p><p>There aren't a lot of novel ways for software programs to exchange this information, so a great number of APIs are functionally alike; they might not use the exact same code, but for all intents and purposes, they accomplish pretty much the same thing.</p><p>"There's no reason to reimplement the structure of how software is implemented," Shamrell-Harrington said.</p><h3>Red alert
</h3><p>Oracle argued, however, that Google's implementation of the Java APIs in Android was too similar to the way Sun engineers had implemented those APIs, and it <a href="https://www.cnet.com/news/oracle-sues-google-over-android-and-java/" rel="noopener noreferrer" target="_blank">sued Google in 2010 for copyright and patent infringement</a>. The patent suit was tossed out at the initial trial, but the copyright claims have endured thanks to appeals court rulings that favored Oracle.</p><p>Five professors advising the Supreme Court on Oracle's point of view <a href="https://www.supremecourt.gov/DocketPDF/18/18-956/132952/20200213132135651_18-956%20USSC%20Amicus%20Brief.pdf" rel="noopener noreferrer" target="_blank">argued</a> that APIs actually can be expressions of creative energy. "As our research demonstrates, even the simplest computer program is capable of being expressed in many ways," they wrote in a report. "As programs become more complex, the number of unique solutions also increases."</p><p>This is the aspect of this case that has both enraged and terrified people in the software community, especially those working for small- and medium-size companies, where APIs have rarely been considered more interesting than plumbing. Because so many APIs in use are functionally similar, whoever can claim to have originally developed those API methods would be able to assert copyright protection over those methods across a wide range of software, even software completely unrelated to the original interface.</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="4">
</div>
</div></p><p>"I think in a lot of those cases, it would be very easy to trip yourself into a place where you are unintentionally infringing," said Adam Jacob, co-founder and former chief technology officer at Chef and current CEO of <a href="https://www.systeminit.com/" rel="noopener noreferrer" target="_blank">stealthy startup The System Initiative</a>.</p><p><a href="https://kemitchell.com/" rel="noopener noreferrer" target="_blank">Kyle Mitchell</a>, an attorney who advises companies on software licensing issues, compared methods for building APIs to the tips and tricks that craftspeople acquire as they gain experience in a certain trade, like carpentry. Those so-called "secrets" are open knowledge among veterans of that trade, but they require some skill or a patient mentor to acquire; yet, no one "owns" the knowledge required to frame a wall, for example.</p><p>An Oracle victory would open up the floodgates to a new era of software litigation, said <a href="https://www.linkedin.com/in/vanlindberg/" rel="noopener noreferrer" target="_blank">Van Lindberg</a>, an intellectual property attorney with law firm Taylor English and a member of the board of directors for the <a href="https://www.python.org/psf/" rel="noopener noreferrer" target="_blank">Python Software Foundation</a>.</p><p>"In the short term, it will be a huge windfall to a small number of companies that have interfaces that a lot of people use," he said. "These interfaces will suddenly be new control points that people will be able to use to extract revenue from other companies for the right to use what was previously understood to be free."</p><p>The delay to the hearing, which was originally scheduled for March but got pushed back due to the pandemic, has created a bigger challenge for Google. Because of the death of Justice Ruth Bader Ginsburg, there are now just eight justices on the Supreme Court, which means Google must secure a 5-3 verdict in its favor to overturn the appeals courts rulings. In the case of a 4-4 tie, the company could seek to have the case reheard before nine judges at some point in the future.</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="5">
</div>
</div></p><h3>Silver lining?
</h3><p>Over the long run, a world where APIs are subject to copyright protection could actually be a boon to some startups that develop interesting and useful APIs for their software, Jacob argued.</p><p>A decade ago, enterprise software startups found traction by developing and commercializing interesting open-source software projects, <a href="https://www.geekwire.com/2019/chef-co-founder-cto-adam-jacob-stepping-will-remain-board-directors/" rel="noopener noreferrer" target="_blank">which Jacob did successfully with Chef</a>. The cloud era has started to expose the limits of that model, but APIs are even more important in the cloud era.</p><p>"In a world where the API is copyrightable, as an entrepreneur that's a brand-new vector of control," Jacob said. All things considered, he would prefer that the Supreme Court rule in favor of the status quo for APIs, but the software business has always forced its participants to adapt quickly to changes in the wind.</p><p>A large part of the problem is that two decades of software has been constructed without clear legal direction on how (or whether) APIs should be subject to copyright protection, Mitchell said. A victory for Oracle wouldn't bring immediate clarity to the issue, but it would serve as the beginning of a new round of legal wrangling that will define the parameters of how APIs can be protected.</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="6">
</div>
</div></p><p>"Is that bad overall? If you measure good and bad by the involvement of lawyers and paperwork, then yeah, it probably is," Mitchell said. "But were you living in denial?"</p><p>The Oracles and Googles of the software industry will be fine, regardless of which way the justices decide to vote. After all, they have billions of dollars in cash and armies of lawyers that will allow them to iron out licensing agreements and preserve interoperability across their key products.</p><p>But an Oracle victory could drag software development back into a world of silos, in which only the software built by a single vendor or across a consortium of powerful vendors would be able to enjoy the benefits of interoperability that have made the modern internet so compelling. Such a victory could create a new tax on software development, just as software becomes indispensable to the modern economy.</p>
From Your Site Articles
- Snowflake's historic IPO signals surging demand for cloud-based ... ›
- The most interesting man at Microsoft - Protocol ›
- Trump administration sides with Oracle in clash with Google - Protocol ›
- Lawmakers are cramming controversial copyright provisions into a must-pass spending bill - Protocol ›
- Lots of people are gunning for Google. Meet the man who might have the best shot. - Protocol ›
- Google’s AI ethics team is furious with Jeff Dean - Protocol ›
- Coupa is cribbing from SAP and Oracle. Then it wants to beat them. - Protocol ›
- How Google workers secretly built a union - Protocol ›
- Coupa is cribbing from SAP and Oracle. Then it wants to beat them. - Protocol ›
- The most interesting man at Microsoft - Protocol ›
Keep Reading
Show less
Tom Krazit ( @tomkrazit) is a senior reporter at Protocol, covering cloud computing and enterprise technology out of the Pacific Northwest. He has written and edited stories about the technology industry for almost two decades for publications such as IDG, CNET, paidContent, and GeekWire. He served as executive editor of Gigaom and Structure, and most recently produced a leading cloud computing newsletter called Mostly Cloudy.
Power
Companies are 'scrambling' after an EU court kills the EU-US Privacy Shield
More than 5,000 companies rely on the shield. Now they have some work to do.
A complaint filed by Austrian data protection activist Max Schrems led a top EU court to strike down the EU-US Privacy Shield.
Photo: Alex Halada/AFP via Getty Images
July 16, 2020
Emily Birnbaum ( @birnbaum_e) is a tech policy reporter with Protocol. Her coverage focuses on the U.S. government's attempts to regulate one of the most powerful industries in the world, with a focus on antitrust, privacy and politics. Previously, she worked as a tech policy reporter with The Hill after spending several months as a breaking news reporter. She is a Bethesda, Maryland native and proud Kenyon College alumna.
July 16, 2020
Tech companies across the U.S. are scrambling to figure out how they can remain in compliance with international privacy laws after Europe's highest court struck down the EU-US Privacy Shield.
In a win for privacy activists, the Court of Justice of the European Union invalidated the Privacy Shield on Thursday, saying the framework does not adequately protect European users from the U.S. government's far-reaching surveillance laws. The decision will force the 5,384 companies that currently rely on the EU-US Privacy Shield to recalibrate their privacy policies, particularly when it comes to how and why they collect data on EU users.
<p>"Like many businesses, we are carefully considering the findings and implications of the decision of the Court of Justice in relation to the use of Privacy Shield and we look forward to regulatory guidance in this regard," Facebook lawyer Eva Nagle said in a statement. </p><p>While Facebook, Google, Amazon and Microsoft all partially rely on the EU-US Privacy Shield to transfer data on EU users, 70% of the companies that have been certified under the framework are small- to medium-size businesses, according to the Computer and Communications Industry Association. And those companies, which have fewer resources and likely don't have established servers in the EU, will likely face the greatest challenges as they seek to comply with the decision, said Omer Tene, a vice president with the International Association of Privacy Professionals. </p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="1">
</div>
</div></p><p>Tene said the privacy professionals he's speaking to are "scrambling," although the decision was not shocking to those watching the case closely.</p><p>Eleven U.S.-based companies reached by Protocol on Thursday said they are reviewing the decision with their legal advisers, poring over complicated and extensive agreements and contracts to ensure their current data transfer agreements are still in compliance with the law. Several said they are waiting on further guidance from European and U.S. regulators and might have to make some changes to how they do business. </p><p>"Discord is reviewing the ECJ decision and looks forward to regulatory guidance from the European Commission and the Department of Commerce," said a spokesperson for Discord, a popular chat site with users around the world. </p><p>Dave Koslow, the chief operating officer of electronic agreements company DocSend, said "there's some work to do" for the company in the immediate term. "We'll need to review our agreements and make any adjustments necessary to accommodate the change in regulations," Koslow said. </p><p>While the court struck down the Privacy Shield, its opinion upheld "standard contractual clauses," shorter-term agreements that allow American companies to handle EU data. The court called on data authorities in Europe to ensure those clauses provide an "adequate level of protection" for EU users, which will likely lead to heightened EU scrutiny of those clauses. </p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="2">
</div>
</div></p><p>Tech firms including Fitbit, Ancestry.com, Box, cloud software company Domo and Akami Technologies all said they will rely on those agreements in lieu of the EU-US Privacy Shield. </p><p>"We rely on multiple legal bases to lawfully transfer personal data around the world," said a Fitbit spokesperson. (EU regulators are currently investigating Fitbit's acquisition by Google.) "These include your consent, the EU-US and Swiss-US Privacy Shield, and EU Commission approved model contractual clauses, which require certain privacy and security protections."</p><p>Rafi Azim-Khan, the head of data privacy at Pillsbury, said the "seismic" court case is only the latest reminder for companies that privacy is now a "board-level issue." </p><p><em><strong>Correction:</strong> This story was updated at 4:51 p.m. to correct where Dave Koslow works.</em></p>
Keep Reading
Show less
Emily Birnbaum ( @birnbaum_e) is a tech policy reporter with Protocol. Her coverage focuses on the U.S. government's attempts to regulate one of the most powerful industries in the world, with a focus on antitrust, privacy and politics. Previously, she worked as a tech policy reporter with The Hill after spending several months as a breaking news reporter. She is a Bethesda, Maryland native and proud Kenyon College alumna.
People
A wall of silence holding back racial progress in tech: NDAs
Tech employees who spoke to Protocol said they experienced racism and discrimination in the workplace but can't speak out for fear of retribution from their employers.
Many people of color who work in the tech industry find themselves unable to speak out about instances of racial discrimination because they are bound by stringent NDAs.
Image: Markus Spiske/Kristina Flour/Protocol
July 1, 2020
Emily Birnbaum ( @birnbaum_e) is a tech policy reporter with Protocol. Her coverage focuses on the U.S. government's attempts to regulate one of the most powerful industries in the world, with a focus on antitrust, privacy and politics. Previously, she worked as a tech policy reporter with The Hill after spending several months as a breaking news reporter. She is a Bethesda, Maryland native and proud Kenyon College alumna.
July 1, 2020
Earlier this month, Pariss Athena appeared on a podcast to discuss her experiences as a Black woman in web development. During the wide-ranging conversation, she mentioned that she had experienced racism while interning at a large tech company in 2017.
Almost immediately after the podcast was published, Athena asked the host to take it down. She'd forgotten she was under a nondisclosure agreement, or NDA, with the company she interned with and feared she could face legal retribution.
<p>"I outed the company, and I had to delete everything because I forgot I signed an NDA," she told Protocol this week. </p><p>Athena, who popularized the hashtag "#BlackTechTwitter," says that during her internship, the company paired her with a back-end developer whose computer background had pictures of Confederate flags and pickup trucks. The man's Facebook page was full of anti-Black Lives Matter posts, including many that featured photos of Black people burning the American flag and attacking police. Ultimately, she said, working alongside him made her "feel like a slave." </p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="1">
</div>
</div></p><p>"It is frustrating that I can't speak up about it," she said.</p><p>Her story is familiar to many people of color who work in the tech industry, who find themselves unable or unwilling to speak out about instances of racial discrimination they have faced because they are bound by stringent NDAs that require them to stay silent publicly about their experiences in the workplace. Amid a national reckoning over race brought on by the killing of George Floyd, many employees have <a href="https://www.protocol.com/former-pinterest-employees-say-they-were-victims-of-racism-and-discrimination" target="_self">spoken out</a> <a href="https://www.businessinsider.com/the-inside-story-of-pinterest-toxic-workplace-2020-6" target="_blank">about</a> <a href="https://www.latimes.com/business/technology/story/2020-06-24/diversity-in-tech-tech-workers-tell-their-story" target="_blank">racism</a> <a href="https://www.google.com/search?q=google+racism+wsj&oq=google+racism+wsj&aqs=chrome..69i57j69i64j69i60l2.2541j0j4&sourceid=chrome&ie=UTF-8" target="_blank">they</a> <a href="https://www.bloomberg.com/news/articles/2020-06-16/black-lives-matter-highlights-adversity-facing-black-tech-ceos?srnd=technology-vp" target="_blank">experienced</a> <a href="https://www.wsj.com/articles/black-executives-are-sharing-their-experiences-of-racism-many-for-the-first-time-11593182200" target="_blank">in the industry</a>. But still, thousands of stories will likely never be told as tech workers weigh the potentially devastating ramifications of breaking their NDAs, many of which exist to keep instances of workplace harassment behind closed doors.</p><p>"Companies are using NDAs as a way to force peoples' silence," said Ifeoma Ozoma, a former Pinterest employee who earlier this month <a href="https://www.protocol.com/former-pinterest-employees-say-they-were-victims-of-racism-and-discrimination" target="_self">publicly alleged</a> that she experienced racism, discrimination and abuse at the company. She sought the advice of her lawyer before going public in a viral Twitter thread. "That's not right," she said. "If we want the system to fundamentally change, people have to be able to talk about what happened to them."</p><p>Six current or former tech employees who spoke with Protocol said they experienced racism and discrimination in the workplace but can't speak out for fear of retribution from their employers. The employees, who either spoke on the condition of anonymity or declined to name the tech companies they worked for on the record, said they believe NDAs are holding back racial progress in the industry, even as the country's top tech companies have vowed solidarity with the Black Lives Matter movement and redoubled their diversity commitments over the past month. </p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="2">
</div>
</div></p><p>"It's frustrating because it forces people to to speak generally about everything, like, 'Oh, those VCs are terrible' or 'Those big Silicon Valley tech companies are so racist in their hiring or treatment of workers,'" said James Jones, a startup lawyer in Boston. "It's a lot more difficult to ignore and push aside specific individual situations that also come with receipts." </p><h3>Deep pockets and strict secrets
</h3><p>Nearly everyone in the tech industry has signed an NDA at some point. Polling by Blind this week found that 65% of tech workers report having an NDA with their employer, and 38% of those workers said that agreement limits them from speaking out about "injustices in the workplace."</p><p> The issue isn't limited to the tech industry — <a href="https://papers.ssrn.com/sol3/Papers.cfm?abstract_id=2401781" target="_blank">research has shown</a> that nearly one-third of U.S. workers are bound by NDAs — but they are particularly ubiquitous in tech, according to workplace discrimination lawyer Vincent White.</p><p>"[Tech companies] have the deep pockets to pay for counsel, and they have the foresight to decide that preventing [people from speaking out] is worth quite a bit down the road," White said. He said NDAs have become more stringent over the last several years amid the rise in Silicon Valley activism. Bigger companies often even include forced arbitration clauses, which outright prohibit employees from suing them over discrimination complaints.</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="3">
</div>
</div></p><p>There are different kinds of NDAs. They range from the somewhat restrictive, general type that new employees often sign before they start their jobs, to the far more specific agreements that are signed by employees after they go through a dispute at the company. Employees typically sign the latter NDA in exchange for a financial settlement or severance. </p><p>Most NDAs include noncontroversial provisions that prevent employees from sharing trade secrets or intellectual property. But they sometimes include language to prevent employees from speaking in a negative way about the company or testifying in another person's lawsuit against the firm. </p><p>Tom Spiggle, a Virginia-based lawyer who focuses on workplace discrimination, estimated that only about 10% of companies ever actually pursue legal action against former employees for breaking NDAs. But when firms do go after NDA violations, it can ultimately cost the employee anywhere from $10,000 to $100,000 in legal fees, Spiggle said, depending on how far the legal battle goes. </p><p>For Nicole Sanchez, the board chair of Code 2040, a nonprofit dedicated to racial equity in tech, the risk is too high. "Like so many others, I wish I could [speak out]," said Sanchez, who is also the founder and managing partner of Vaya Consulting, a top diversity and inclusion advisory firm. "But it means leaving myself vulnerable to a lawsuit against people with way more resources than I will ever have." </p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="4">
</div>
</div></p><p>"There are too many people in my life depending on me for financial security," she said. "How could I jeopardize them like that?" </p><h3>The stories untold
</h3><p>Nick DeJesus said it's been hard for him to come to terms with the realization that he likely faced racial discrimination at the cybersecurity firm he worked at for eight months in 2018. DeJesus, who declined to name the company, said he was the only Black man on a team with all white co-workers, who routinely overlooked, ignored and devalued him. He said over time, his co-workers began complaining about him to HR, but when he talked to his manager about the complaints, his manager couldn't name anything that he was doing wrong. At one point, he heard several of his white co-workers belittling a diversity and inclusion training, DeJesus said.</p><p>The final straw came during a meeting with about 20 people at the firm, where managers were laying out tasks for each of the teams. They left DeJesus' name off the list. "After seeing all those subtleties, like not being invited or feeling included, and then to not to see my name on a list of who's gonna work on what, that was really uncomfortable," he said. </p><p>Ultimately, in response to an increasingly hostile environment, DeJesus quit. He's still unable to talk publicly about it because he's bound by an NDA. "This is a problem that's only been visible to Black and brown people," he said, noting there are "subtleties" that make people of color feel "crazy for even bringing it up." </p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="5">
</div>
</div></p><p>Debby Jimenez Garcia, who is Mexican-American, has a similar story. She says she experienced months of microaggressions from her white male bosses at an ad tech company in New York City, where she felt they were "setting her up to fail" because she is a woman of color. She ultimately filed a complaint against the company with New York's Equal Employment Opportunity Commission, but retracted it after she negotiated at $12,000 severance package in exchange for her silence. Her NDA, which was reviewed by Protocol, includes a provision that specifically prohibits her from criticizing the company in social media posts. </p><p>One Black man, who spoke to Protocol on the condition of anonymity, said he was forced to sign an NDA in order to receive severance pay when he was suddenly laid off from a New Jersey-based ecommerce company last year. He said that after he encouraged one of his employees to report sexual harassment, he was singled out: "Don't act like you're innocent in all of this," the company's CEO allegedly told him.</p><p>"When I talked to the head of HR, it turned into an interrogation," he said. "My employee was a white woman, I'm a Black guy helping report it, and now all of the sudden I'm some sort of suspect."</p><p>Ultimately, the company's executives apologized for treating him unfairly, acknowledging that it was inappropriate. But he was still terminated two months later, seemingly out of the blue. He was the only Black man at the company. </p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="6">
</div>
</div></p><p>One Black woman, who works in tech in San Francisco and also requested anonymity, said it's hard to even discuss these kinds of stories with people she knows because "everyone" is bound by NDAs. She said it's common for tech companies to require people to sign restrictive NDAs on their way out after "agitating" for them to leave, particularly after the employee spoke out internally about discrimination they faced at the firm.</p><p>"People are scared, they don't know what they're signing," the woman said. "Then something will happen later, and they realize they want their voice back." </p><h3>What comes next<br></h3><p>For a few days at the beginning of June, some tech workers began posting the hashtag #BreakYourNDA. The push didn't get very far, and the hashtag languished. </p><p>"I think it has to be more organized and coordinated so that it's not just one person doing it on their own," said the Black woman who works in tech in San Francisco.</p><p>There's a lot at stake for employees who chose to speak out, especially underrepresented minorities who fear for their future in the high-paying tech industry. Those same employees often can't afford pricey attorneys to review their NDAs and draft their public statements. </p><p>Peter Beasley, the executive director of the nonprofit Blacks in Technology and founder of his own software company, said he thinks the issue goes beyond just NDAs. Often, he says, people of color experience embarrassment and humiliation from the instances of racism they face in the tech industry. And when others see this disparagement happen, and no one does anything, the injurious behavior is reinforced and racism in tech becomes institutionalized, he said.</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="7">
</div>
</div></p><p>"Frankly, until now, there was no one to listen," Beasley said. "And there's also [the concern]: Will anybody else speak out with me? And then, will this hurt my chances at my next employer?"</p><p>Still, some of the tech employees interviewed for this article said they are hopeful that the country is at an inflection point that mirrors the #MeToo movement, during which hundreds of women intentionally broke their NDAs to speak out about sexual harassment they faced in the workplace. </p><p>"Now, I feel more confident sharing these things than ever," DeJesus said. "There's genuine listening happening." </p><p>Over the past several years, in light of the #MeToo movement, multiple states have passed new laws and regulations, such as California's CCP 1001, which prevent companies from silencing employees who experienced sexual harassment. Ozoma said she believes the federal government should pass a similar law that prohibits companies from silencing factual information about all discrimination claims.</p><p>Until then, Ozoma suggests there's one temporary solution. "If you really want to hear what the issues are at a company," she said, "release everyone from their NDAs." </p>
From Your Site Articles
- Former Pinterest employees say they were victims of racism and ... ›
- Tech's diversity efforts are at a crossroads: Make progress or backslide ›
- Tech talks the protest talk. Will it walk the walk? - Protocol ›
- Google Docs is being used as a protest tool. That could put the ... ›
- A CEO's pledge: 'I will not accept bias or racism in our company ... ›
- How tech HR departments fail Black and brown employees - Protocol ›
- 'I wrestled with what I considered hypocrisy at Carta daily' - Protocol ›
- ‘Were your grandparents slaves?’ - Protocol ›
Keep Reading
Show less
Emily Birnbaum ( @birnbaum_e) is a tech policy reporter with Protocol. Her coverage focuses on the U.S. government's attempts to regulate one of the most powerful industries in the world, with a focus on antitrust, privacy and politics. Previously, she worked as a tech policy reporter with The Hill after spending several months as a breaking news reporter. She is a Bethesda, Maryland native and proud Kenyon College alumna.
Latest Stories
See more
Most Popular
Bulletins
January 15, 2021 13:45 EST
Get Source Code in your inbox
David Pierce's daily analysis of the tech news that matters.