To regain internet autonomy from Big Tech companies, lower switching costs with legislation that allows new services to subvert network effects and encourage adversarial interoperability.


Too often, our discussion of Big Tech’s dominance starts and ends with a simplistic account of network-effects-driven inevitability, as though the winner-take-all market we have today could not have been avoided: you joined Facebook because your friends were there, someone else signed up because you were there, case closed.

The glaring omission from this discussion is the role that switching costs play in that winner-take-all structure: what do we have to give up when we turn zucker-vegan and quit our Facebook, Instagram, and WhatsApp accounts?

Network effects are important: they’re how Big Tech got big. But switching costs are more important, because they’re how Big Tech stay big.

Facebook—and other tech giants—have gone to extraordinary lengths to engineer switching costs that are as high as possible. In their ideal world, your departure from their walled garden would forfeit any hope of remaining in contact with the friends, community and customers who stayed behind. They use your peers to take you hostage, and use you to take them hostage.

Enter interoperability: new services that plug into existing ones, blasting a hole in the garden wall that lets you leave, but continue to send and receive messages through that hole. Proposals like the American ACCESS Act and the European Digital Markets Act (DMA) will require the largest companies to provide interoperable interfaces to nascent competitors, allowing users to jump ship to rivals operated by co-ops, nonprofits and startups.

This is great news, but it will be tough to administer. The big platforms will, from time to time, have legitimate cause to shut down these interfaces (for example, if they detect an attempt to exfiltrate large amounts of user data using an unsuspected bug in the interface).

However, the incumbents will also have ample motivation to cheat and shut down these interfaces on the pretext that they believe a data-heist is in progress. Distinguishing cheating from prudence is a difficult, fact-intensive process, made harder by the fact that the sprawling, bespoke IT systems used by the tech platforms are truly only legible to the engineers who built and maintain them, who all work for the other team.

Delays caused by shutdowns have real consequences for the project of liberating users through interoperability. Frequent and/or lengthy disconnections will discourage users and founders, and scare off investors.

But this doesn’t mean that we should throw up our hands—far from it.  Rather, we need a mechanism that will make firms want to cooperate. That mechanism is “adversarial interoperability,” which we at the Electronic Frontier Foundation call “competitive compatibility” or “comcom” (because “adversarial interoperability” is a mouthful and the acronym “AI” was already taken).

What’s “comcom”?” It’s a catch-all term for the guerrilla tactics that kept the tech industry dynamic and pluralistic for decades: reverse engineering, scraping, bots, and other improvisational techniques for plugging something new into something that already exists, with or without its proprietors’ permission.

It was comcom that created the IBM PC clones, let Windows users take their Microsoft Office documents with them to the Mac and read them with Pages, Numbers, and Keynote, let Google index the web…and let Facebook enclose it.

“After all, the one thing that publicly listed firms hate more than complying with regulation is facing an unquantifiable risk.”

While comcom may sound far-fetched—after all, can’t Facebook’s army of engineers keep out ragtag, ill-mannered interoperators?—it is a principle built on the very foundation of computer science: universality.

That is, the bedrock principle that we really only know how to make one kind of computer, the Turing-complete von Neumann machine, and it can run every program we know how to write. That means that interoperators always have an advantage. To block reverse-engineering, you need to build a technology without making a single mistake, whereas a successful reverse-engineer need only find and exploit a single error made by an incumbent firm.

Adversarial interoperability is not a substitute for interop mandates like the DMA. Rather, the two are complimentary, and when combined, they are like a two-part epoxy. Mandates are strong, but rigid, easy to subvert and hard to remediate. Adversarial interoperability is flexible, but chaotic, a perennial game of cat-and-mouse as incumbents alter their technology to lock out intruding interoperators, who then have to spin up new exploits to restore connectivity.

Apart, each is fragile in its own way, but together, they are more durable than either is on its own.

Let me give you a real-world example. In 2012, the voters of Massachusetts passed an interop mandate via a ballot initiative with an overwhelming majority—about 70 percent. The mandate was an automotive right-to-repair rule and it required automakers to allow independent mechanics access to the diagnostic information in their cars’ internal wired networks.

Immediately, the automakers switched to relaying this diagnostic data over wireless networks, not covered by the mandate. In 2020, eight years later, voters returned to the ballot box and passed another automotive repair mandate, this one requiring that independent mechanics be provided access to the wireless error codes, too. That mandate passed with another overwhelming majority, but the automakers have gone to court, and two years later, it’s still not in effect

That means that it’s been a decade since automakers’ monopolistic capture of the repair market was banned by law, and they’re still running that racket. That’s a decade where independent mechanics closed their shops and exited the trade or went to work for Big Car. It’s a decade where drivers learned that visiting an independent mechanic was a roll of the dice, and often they would turn you away, saying only the manufacturer could fix this.

Imagine if this mandate had been bolstered by comcom: three bright college kids could have used their interoperators’ advantage to reverse-engineer the error codes in those new cars. They could have designed and sold alternatives to mechanics across the state at a healthy profit. Imagine if they could have found investors to help them build ancillary services, like warranties and parts markets.

Well, that would have been a different story. If that was a possibility, it’s likely the automotive firms would have been incentivized to do the right thing. After all, the one thing that publicly listed firms hate more than complying with regulation is facing an unquantifiable risk.

So you’d hope that, confronted with either the chaos of techno-guerrilla warfare and the predictable world of coloring within the lines, that they’d plump for compliance. But of course, no one ever lost money betting against the hubris of corporate monopolies, so maybe they would cheat. And if they did, well, college kids to the rescue.

Comcom and mandates are intensely complementary—they’re strength and flexibility, carrot and stick. But comcom is hard to do—just not for technological reasons. Large firms have promulgated new legislation and regulations, and new interpretations of existing rules, that make comcom illegal, even a felony. Examples include anticircumvention laws like Section 1201 of the DMCA (USA) and Article 6 of the EUCD (EU); Cybersecurity laws like the Computer Fraud and Abuse Act; Software patents; and Exotic contract theories like “tortious interference.”

Reforming these laws to restore comcom is a big lift, a project that will take decades. We can’t afford to wait for that project to play out.

Luckily, we don’t need to wait to reform these laws to make the world safe for comcom. We could just wait for large firms to cheat on the DMA or the ACCESS Act and, when they offer a settlement, we could impose a special master to decide when they have a bona fide case against a firm that is harming users versus when they are using legal pretexts in pursuit of the maintenance of their monopolies.

There are other means at our disposal, such as procurement rules. As a matter of good, prudent administration, no public body should ever procure a product without first extracting a binding promise from the vendor not to legally attack interoperators. This is a very old principle that we’ve somehow forgotten. President Lincoln insisted that the armorers who supplied rifles to the Union Army use interoperable tooling and ammunition. Whereas today, US military aircraft are full of single-sourced, proprietary components that are marked up with four- and five-digit profit margins.

Every time a government motor-pool buys a car, or a school district licenses Google Classroom, or a ministry selects Microsoft Teams for videoconferencing, they should be extracting binding nonaggression covenants from these suppliers.

These aren’t the only means to restore the legal basis for the ancient and honorable tradition of adversarial interoperability. We could enact an interoperator’s defense in law, for example, that could work like an anti-SLAPP statute, enabling interoperators to end litigation early by demonstrating that they were lowering switching costs, or improving security, accessibility or usability and should thus be immunized from civil liability.

Irrespective of how we restore comcom, we should do it—it’s the mechanism that both stabilizes interop mandates, and makes them administrable.

This is not just a matter of competition for its own sake. This is about guaranteeing users the fundamental right to technological self-determination, a right that corporate monopolists will not yield willingly. This is nothing less than empowering users to seize the means of computation.

Learn more about our disclosure policy here.