A person, wearing a suit, in silhouette reaching out to a sculptre made of green LED lighting tubes and white LED-lit spheres
Photo: Jacob Kepler/Bloomberg via Getty Images

The looming government battle over the code that shapes our lives

Protocol Policy

Hello, and welcome to Protocol Policy! Today we look at the role algorithm audits will likely play in tech policy enforcement. The Commerce Department officially decided to block the export of chipmaking software to China. And TikTok and Meta revealed more of their respective game plans to combat election misinformation heading into midterms.

Who watches the algorithms?

Modern life is increasingly spent within the confines of algorithms. Streaming services recommend shows based on our precise viewing habits, social media delivers news snippets molded to our world views and TikTok somehow figured out you can’t look away from backyard grilling videos.

  • For many of us, our eyes spend more time focused on screens than on the world around us: The average U.S. adult spends almost 13.5 hours per day consuming media, and over 1.5 hours of that time comes from social network use, according to eMarketer estimates.

Given how much algorithms affect our lives — and, by extension, society — it’s no surprise governments want to regulate them. But you can’t regulate what you can’t measure or observe. That’s where audits come in — and the question is no longer whether algorithms will be audited, but instead how soon, to what extent and by whom.

Algorithm auditing is still surprisingly unsettled in the U.S. and the EU. As Protocol’s Sarah Roach recently pointed out, neither jurisdiction has directly mandated oversight of recommendation algorithms, even as lawmaker scrutiny of these systems mounts. As recently as February, a group of Democratic U.S. Senators introduced legislation that would require the Federal Trade Commission to gather reports on algorithms and scrutinize their functions. The bill didn’t pass, but it shows the appetite for action.

Without audits, effective algorithm policy enforcement isn’t possible. I encountered this truth when writing about data pipelines and privacy-by-design legislation earlier this year: It turns out many companies don’t even know themselves whether they’re compliant with regulations, given the incredible complexity of data pipelines and the algorithms they feed.

  • So for any government that wants to effectively enforce algorithm legislation, building auditing capabilities is a must.
  • Otherwise, it’s a bit like writing reams of tax law without having the IRS: Policy is only as good as the enforcement backing it up.

Two audit models have recently emerged: one from China’s regulators and another between private companies.

  • The Cyberspace Administration of China demanded that 30 of the largest domestic tech companies share algorithm information as part of an effort to curb data abuses. Late last week, the agency published the list of compliant companies, which included Alibaba, Tencent and ByteDance.
  • In the U.S., Oracle recently began conducting audits of the TikTok algorithm to help address concerns over China’s influence. Under the arrangement, Oracle will regularly check on algorithms used by TikTok to make sure they aren’t showing signs of manipulation, per Axios.
  • It’s worth noting that this approach between TikTok and Oracle isn’t a response to any direct government mandates. Rather, it’s an attempt by TikTok to proactively (though some would say retroactively) address U.S. policymakers’ concerns.

The TikTok-Oracle arrangement also raises some interesting questions about a potential algorithm audit industry. It’s easy to imagine a future in which companies will offer algorithm audits as a government compliance service, just as Deloitte, KPMG and PwC already do for financial audits.

  • Conflicts of interest could be an issue. The SEC is already probing the Big Four accounting companies over such concerns, alleging that several of them have consulting arms that solicit their audit clients. Even with this one algorithm auditing example, there’s already a potential conflict of interest since Oracle provides TikTok with cloud-computing service.
  • The dynamic nature of algorithms doesn’t lend itself easily to audits either. Companies rely on black box algorithms, algorithms that feed into other algorithms, and extremely disorganized data pipelines. These systems are also constantly changing. All this makes algorithm audits much more complex — and potentially costly — than traditional financial audits.
  • It could also discourage innovation. Tinkering with algorithms tends to make them more effective (notice I didn’t say “better”). But if tinkering comes with increased compliance costs, then companies might do it less often.

Sooner or later, the U.S. and EU governments will likely decide something is better than nothing. Tech companies have long argued they need to keep algorithms private because they’re valuable trade secrets. Given the building political pressure to rein in algorithms — and of equal importance, to do so effectively — governments are likely to demand at least some form of auditing. Since we’re still in the early innings of this process, there’s an opportunity for tech companies to shape policy in a manner that diffuses some of that pressure without requiring a full code review.

— Hirsh Chitkara (email | twitter)

In Washington

The Commerce Department is officially restricting export of certain software used in advanced chip design. The move expands U.S. government efforts to hamper China in building the most complex chips domestically. Protocol revealed the plans earlier this month.

The FDA finalized a long-awaited rule that should give some 30 million Americans access to far cheaper hearing aids over the counter by the fall. Tim Wu, a top tech and competition policy expert at the White House, crowed about the move. The new rule has long attracted bipartisan backers.

Amazon, apparently not worried about sounding like Mr. Burns, complained in a letter that the FTC is trying “to harass Amazon’s highest-ranking executives and disrupt its business operations” by demanding information on Prime subscriptions from Andy Jassy and Jeff Bezos. Lawyers for the company said the commission should limit the demands because they represent a “tremendous burden” on the men and other top executives who do not have unique knowledge about what the agency wants to know.

Sen. Richard Blumenthal blasted Google’s enforcement of its ad policies, saying the company is effectively giving a pass to frauds. The Connecticut Democrat said his office had found examples of marketing containing deceptive claims about health treatments or ads that seemingly impersonated government websites.

A message from CCIA

New research sponsored by the CCIA Research Center reveals strong price competition between offline & online sales channels, with offline and online prices matching at least 95% of the time. Online prices respond quickly to changes in brick-and-mortar prices, and vice versa, resulting in lower prices for consumers.

Learn more

In the states

California’s privacy agency is officially opposing the congressional data protection bill over its partial preemption of the state’s rules. House lawmakers from California have been at the forefront of opposing the bill, which recently advanced out of committee as many other major stakeholders grow more comfortable with it. The letter is addressed to House Speaker Nancy Pelosi, who of course represents a district in California.

In the courts

Elon Musk is getting documents from one extra person in Twitterworld as part of his quest to delve into the company’s calculations of spam bots. That’ll be Kayvon Beykpour, who was terminated in May during his parental leave. But Musk had sought records from 22 people above and beyond those that Twitter had already agreed to, as the company sues Musk in Delaware court to force him to go through on his planned acquisition.

Immigration advocates are suing data broker LexisNexis in Illinois, alleging its collection and sales of consumer information poses “a grave threat to civil liberties” and allows law enforcement agencies like ICE to get their hands on the data without going through normal processes like subpoenas.

You can’t sue me; I sue you! Idaho-based data broker Kochava is taking the FTC to court, saying the agency is wrongly planning to seek an injunction against the firm to stop deceptive acts, including some that would allow the tracking of “consumers to sensitive locations, such as therapists’ offices, addiction recovery centers, medical facilities, and women’s reproductive health clinics.”

A federal court is allowing the IRS to get information from crypto dealer SFOX on unknown “U.S. taxpayers who conducted at least the equivalent of $20,000 in transactions in cryptocurrency between 2016 and 2021,” according to the Justice Department.

On Protocol

Meta and TikTok are rolling out their election content plans as the midterms kick into high gear, and they look mighty similar to what the services did last time around. Meta will again stop taking news ads in the week before the election, while TikTok is offering “authoritative information” in 45 languages and putting warning screens on unverified political videos.

Local government bureaucracies often stand in the way of the transition to EVs by requiring multiple permits and other red tape before companies can build up charging infrastructure. Some delays spring from a lack of permitting checklists and even processes that stall over the use of electronic signatures instead of ink.

In the media, culture and metaverse

Australia gave Google a legal victory against a defamation lawsuit. The country’s High Court likened Google’s hyperlinks to someone giving directions to a newspaper stand, rebuking the plaintiff’s claim that Google acts as a publisher. The ruling seems to go against previous decisions in Australia’s courts, which in several cases said social media companies could be liable for hosted content.

A group of 70 TikTok influencers have pledged to break off ties with Amazon until the company gives the Amazon Labor Union what it wants. The creators, who have millions of followers combined, will be “shutting down storefronts and halting new partnerships with the e-commerce platform,” according to The Washington Post.

Mozilla privacy researchers warned that 18 of 25 reproductive health and fertility apps it studied collect and share sensitive personal data. The study found that the apps collected data including phone numbers, IP addresses, date of last menstrual period and pregnancy due date.

In data

35%: That’s the drop Airbnb recorded in incidents of unauthorized parties when testing antiparty tools in Australia. The company said yesterday that it would expand those tools to the U.S. and Canada, in an effort to help hosts ensure their dining room tables don’t become beer pong arenas.

A message from CCIA

New research sponsored by the CCIA Research Center reveals strong price competition between offline & online sales channels, with offline and online prices matching at least 95% of the time. Online prices respond quickly to changes in brick-and-mortar prices, and vice versa, resulting in lower prices for consumers.

Learn more

Much Wow

The co-founders of Three Arrows Capital — the crypto fund that imploded and is now being investigated by the SEC — purchased a $50 million yacht that they named Much Wow, a reference to the Shiba Inu meme. As if that weren’t enough, the duo reportedly planned to create a gallery on the yacht for displaying digital NFT art. Their whereabouts are currently unknown.

Have a good day — see you Friday!

Recent Issues