This is a section of a chapter on findings from a published dissertation: Enacting Privacy in Internet Standards.
Competition is a potential concern in any standard-setting project, because it could be used for collusion of some players against others. This concern comes up with DNT and privacy in a few ways:
But some informants with standard-setting experience also explicitly note standard-setting as valuable for competition: it lets them compete on other things because there will be interoperability, rather than a browser-wars situation of incompatibility.1 Procedural matters are especially emphasized here: due process, transparency, dispute resolution. And in the case of an anti-trust concern arising over a DNT compromise in the spring of 2013, we can get particular insight into the different roles that transparency may play in the effectiveness and legitimacy of governance processes and how policymakers contribute.
Competition concerns and due process in standard-setting is historically especially related to intellectual property and patent encumbrance. That comes up remarkably infrequently in my interviews with standard-setting participants and was rarely mentioned in the context of Do Not Track. That was a surprise to me, since I prompted interviewees regarding legal considerations and because there was a documented issue of a patent that might inhibit use of expressed privacy preferences in Do Not Track, where a separate patent group was formed to investigate and resolve the issue. We might take that as evidence that the patent didn’t ultimately play a significant role in DNT negotiations or implementations, or simply that this study does not provide any further insight into the question of patent encumbrance and the effect on standard-setting.
Open door versus closed door negotiating is a common debate about multistakeholder efforts in general and shows up regularly, with different positions, among my interviewees. Some who are more familiar with self-regulation processes note explicit advantages of relatively closed door processes, because it can encourage candor among participants or provide less pressure of how particular negotiating positions may be reported in the press (or otherwise) and because it can facilitate packages of negotiated compromises. W3C’s standard-setting process, on the other hand, follows an increasingly open-door process, with public minuting of every meeting and publicly archived emails of conversations. That openness is also cited with advantages from some interviewees: there may be legitimacy advantages of open discussions in contrast to “smoke-filled back rooms” (some version of that cliche is used by people on both sides of this particular mini-debate), it provides increased access to those who may not otherwise be guaranteed a role in a smaller closed-door meeting.2
Attempting to combine the benefits of both such approaches, Peter Swire3 tried to both engage people in very regular and openly documented meetings via teleconference and face-to-face meetings while also facilitating closed-door negotiations among a smaller group, including senior players in the advertising industry. This is not entirely novel for W3C or other open standards processes in the sense that side conversations (another notable theme among interviewees) are not considered illegitimate or unexpected in a standard-setting process: of course people are always having multiple conversations with different individuals, groups and subgroups; the goal of the openly documented process is that the ultimate decisions will get reviewed, debated and made in that open venue, after much discussion has already happened in various private and public fora. That practice is sometimes extended even to meetings that everyone can attend; for example, IETF groups have a policy of confirming on the list even decisions that seemed to have consensus at a synchronous or face-to-face meeting, and that concept comes up in other multistakeholder settings as well.
Swire and others believed that there was a workable compromise that emerged from those private, high-level discussions, that could subsequently be discussed and accepted by the larger Working Group involving advocates, policymakers and various sectors of industry. That negotiated proposal was documented in a brief form prior to the May 2013 face-to-face meeting: it would involve the DAA trade association making respecting user DNT signals as an advertising industry self-regulation requirement, along with some efforts by browsers to make it not too easy to turn on a Do Not Track signal.4
Some interviewees found this negotiated agreement feasible for many parties – the closest that the group had reached to that situation. But some thought it would not receive acceptance from a larger swath of industry when more thoroughly reviewed.
The default is cookies will be set, you can be tracked. If you hit Do Not Track, then it’s what we said. That agreement would be collusion. That they could not agree on. I think any antitrust lawyer would have told you they can’t sit in a room and agree to that. […] So if we could have gotten to an agreement that it was off by default and that the X percent of consumers who wanted to not be tracked and exercise choice, we could have gotten Do Not Track.
So I think we were real close. We were probably just a couple of weeks away from having a vote within the working group on a proposal that I know for sure I had said I would support […] And I believe the industry would have supported it, but then it got pulled at the last minute.
There was a short period there where I thought we had a deal. The browsers were going to be tough enough on the advertisers and the privacy people were going to get enough of what they needed that I thought we had a deal and then it fell apart, as deals sometimes do.
my conclusion was […] some of the [advertising self-regulatory] groups didn’t actually understand enough of what they were talking about. So they could think they had agreed to something and then their member companies would find out about it and be like, “no, we can’t.” So that was my conclusion of how that was going to die, was that as soon as it got to a wider audience.
It surprised me how often I heard that a widespread agreement on Do Not Track was simply impossible (because of business model impacts, or lack of trust among parties, or with the inadequacy of the forum for discussion) but also that an agreement was basically settled on and would have been acceptable if not for a single hurdle in the Spring of 2013. Sometimes a person has expressed both of those views to me in a single conversation.
The hurdle in this case was a concern expressed by (at least) representatives of the Federal Trade Commission regarding the anti-trust implications of the negotiated compromise. Concerns had been expressed prior to the May 2013 face-to-face meeting; in the publicly archived minutes, Swire explicitly notes that he thinks anti-trust is not a concern with the proposal because of the general improvement in consumer welfare and choice through the adoption of DNT.5 But a repetition of that issue in side conversations at the Sunnyvale meeting led to a private huddle of some of those participants – while the rest of the Working Group had an extended coffee and snack break. I recall speaking to another Working Group member during that break about a smaller technical matter (communicating signals between servers and end users) and that member expressing skepticism about the value of working out any such details when the real blocking issue was being discussed elsewhere.
Having not been in that smaller side conversation, and not having any notes from it, I find myself both as a participant and as a researcher frustrated and unable to draw an express conclusion of what exactly was discussed. It seems that some anti-trust concern had been expressed regarding an agreement from browser vendors (key implementers of DNT and open to agreement with the DAA proposal framework) to agree to some limits on what blocking they would engage in for online services that complied with user’s expressed DNT signals – the concern being that this would inhibit competition between browser vendors on privacy features around cookie-blocking, tracker-blocking, ad-blocking, default settings and how DNT signals were set by users or perhaps restrictions put in place by browsers on the installation of extensions that would set DNT signals. That I can’t get more specific on what in particular was the concern is a side effect of the lack of transparency and different interpretations from different people I spoke with.
However those details were discussed, Swire and others were not confident that a deal could be announced or agreed upon with this expressed anti-trust concern from the FTC, and the remainder of the Working Group meeting focused on a smaller set of actions the group could take going forward6 but without any of the larger deal resolution that had been hoped and planned for.
A lack of transparency about this particular conversation or controversy is frustrating for the researcher, sure, but this example also illustrates some of the different ways that transparency can contribute to the legitimacy of a governance process.7 Transparency can: 1) establish a record for later debate or review; 2) provide the opportunity to address facts or issues during a deliberation; and, 3) better inform stakeholders about influences or disruptions to a process.
That transparency comes up in the context of anti-trust in a standard-setting body is not unusual; indeed, transparency is a key procedural protection that standard-setting bodies rely on to avoid the liability of potential anti-competitive behavior for their participants. By having meetings, discussions and decisions clearly documented, groups can have a record of their reasoning that can rebut subsequent allegations of anti-competitive motives.
In this sense, transparency is building evidence for later arguments. This is one characteristic of transparency in legislative contexts, where, for example, the Congressional record can build evidence for later judicial interpretation or review. Standard-setting organizations like W3C also use this as a logistical cost-saver: by having records publicly archived, responding to legal threats and steps like discovery becomes trivial – counsel can provide a link to a mailing list rather than exhaustively reviewing private records for relevance. In this case, though, transparency is lacking not around a decision that might have implicated the parties in collusion, but rather around the details of a concern about a decision that was not made.
It seems plausible that the anti-trust objection was misinformed or even simply misunderstood; without having it publicly described, there was no further opportunity by the broader group to analyze or evaluate its significance. Closed-door conversations can be derailed in ways that might have been corrected in more transparent settings. In this way, transparency is a benefit for legitimacy not in uncovering corrupt motives, but instead in allowing issues to be rebutted and responses to be made. This is characteristic of transparency in administrative law, where rule-making procedures typically involve transparency about all data and comments that went into a decision, so that impacted stakeholders have the opportunity to respond.
However, it also seems feasible that the anti-trust objection may not have been the ultimate problem, but rather that ad industry consensus was unstable and couldn’t remain around the DAA “Draft Framework” proposal. Under that analysis, the main impact of the anti-trust concern would be procedural or disruptive – it made it harder to get a simultaneous commitment from many stakeholders in May 2013, which subsequently made it harder to implement a DAA and browser agreement, even though anti-trust may not itself have been a large substantive risk.
Taken in that procedural disruption way, it becomes more subjective how to frame the impact: if you want to blame the FTC for the lack of DNT agreement, you can do so; if you’d rather blame ad industry trade associations, you can do that; if you want to blame some other group, you can – there will be little documentation to settle those disagreements ultimately now. There would always be contemporary and retrospective debates about those questions, but it can be qualitatively different when points identified as key by the participants lack transparency. From a retrospective view in conducting research on this process, more transparency might have provided more evidence regarding what would make multistakeholder processes more or less likely to reach consensus outcomes, but that kind of transparency may be different from the transparency necessary to support the legitimacy of a consensus agreement.
What we might be able to take away from a procedural disruption interpretation, though, are some reflections on policymaker participation in multistakeholder negotiation.
FTC representatives deliberately chose to employ a soft touch and communicated with stakeholders more through side conversations and less as leading the way within the process or setting out very particular goals. That appears to be an intentional strategy to delegate not just technical implementation details but also the political process of finding an acceptable outcome to the stakeholders themselves through the multistakeholder group, rather than being the direct source of the final outcome.8 Some participants retrospectively concluded that more aggressive engagement could have moved things forward.
So, trying to get the FTC to be more aggressive in there. I mean, again, it’s not the FTC’s instinct. I just think the instinct is to lay low, but maybe it shouldn’t be.
Many also attribute FTC’s use of soft power as driving engagement with the Do Not Track process or with work on DNT at all. That these might be examples of “soft power” doesn’t mean they’re similarly soft in touch in the sense of being hands off or indirect: Chairman Leibowitz could give quite prominent speeches on the topic.
Whenever the FTC chairman gave a speech about problems in this area or someone senior in the European Commission did, there seemed like there was more interest in dealing
[industry] wanted to know if Leibowitz was going to make good on his threats to take action, and so call it regulation by raised eyebrow or whatever you want to call it.
But that combination of a loud supporter of the process and a quiet on-the-sidelines participant may lead to challenges when the FTC has a concern or discourages a negotiated agreement in process. Positions communicated by policymakers in private fora can have a strong influence, and one that lacks the transparency benefits of administrative law including activating stakeholders and providing a possibility to respond.
Competition also comes up as a theme not just in the specific sense of the collusion targeted by anti-trust law. One perspective that some interviewees emphasize is that market competition is simply a constant background motivation for corporate investment in participating in technical standard-setting.
Standards are a competition, right? Standards are always a deliberate act. […] People come to the table with vested interest. Everybody at the table in a standards body has an objective that they’re working towards, something that they see as an outcome, and there are winners and losers in the standards process.
Regarding the DNT process in particular, interviewees refer to these competition issues, sometimes with aggressive language.
Everyone was using it as a way to get a competitive advantage to screw the other group
I don’t always agree with this privacy advocate, but we often can have a discussion, but at least I know where they’re coming from. They’re not trying to steal my customers or kill my products so they can sell more of their products. But when it’s a competitor, you know that they are trying to steal your customers and to kill your product to sell more of their product.
In many cases, the “competitor” is, implicitly, a competitor in a slightly different field (or that entire field or business model), rather than a more direct competing company. So, a third-party advertising network might identify the competitor as the browser vendor whose changes in functionality may affect their business model (rather than another third-party advertising network with a similar business model directly competing for the same customers on a similar basis), or a company with a large first-party presence might be able to siphon advertiser customers from third-parties.
These particular arguments are interesting to me because they seem to put a normative preference for the status quo, a kind of entitlement to current infrastructure. It’s ‘uncompetitive’ in this sense to change the technical infrastructure that another company’s business model currently relies on, but it’s not implied that there was some obligation to build the technical infrastructure to be that way in the first place.
Large shifts in technology don’t seem to have the same entitlement effect, and so, for example mobile device operating systems don’t have to provide all the same tracking features that desktop Web browsers previously had. For example, references to the “post-cookie world” are commonplace in the online advertising trade literature – the terminology can refer to many things, but often includes “mobile” (referring either to mobile operating systems not providing the same cookie functionality or the relative popularity of iOS and Safari which has had stricter cookie limitations), device proliferation or, especially recently, increased cookie blocking from browsers.
Once a system has been around for a while though, making changes leads to calls of anti-competitive practices, although usually between companies that aren’t direct competitors. In a way, this becomes a version of backwards compatibility and avoiding deprecation of features: advertisers will regularly lobby Apple or Google to slow down their publicized plans to limit access to IDFA (the iOS identifier for advertising) or third-party cookies.
There is similar sentiment from those who don’t identify it as an explicit attack or attempt to undermine others: “it’s sort of an interesting shift in power because it would only constrain everybody else.” Or, related, that the differences in compliance costs could have disparate impacts based on company size even if a technical and regulatory architecture required consistent application by all competitors:
The cost of implementing things is more easily borne if you are a major corporation. If you are tiny and you suddenly have all of these compliance things to worry about, you can’t even get off the ground, right?
These are considerations that are familiar to public policy experts, although in some cases they’re being expressed (sometimes with a sense of novelty) by individuals with more engineering-focused backgrounds. Concerns about the impacts of consolidation among tech firms or among firms involved in defining the prominent platforms or protocols for the Internet are widespread beyond this study of privacy in standard-setting. Corporate consolidation and influence in Internet standard-setting may be described in part through more quantitative analysis of participation patterns.9
But standard-setting is also explicitly identified as a pro-competitive process by some interviewees, and the cooperation between direct competitors is common and notable.
Relationships can become convivial and informal between representatives of directly competing companies:
it’s not just they’re in their own little world and I’m in my own little world, and the only time we meet on the battlefield is at the W3C, but I’ll pick up the phone and call [redacted] and say, “Hey, what are you doing about this?” And it’s a very comfortable thing, so I don’t have the write an email and proof the email and make sure that it comes from the right point of view.
And that extends beyond the interpersonal level: “it’s friendly competition.” This comes up in the sense of collaborative development of a platform, e.g. “the Web platform,” by competitors – either among browser vendors or of the Web field more broadly. That standard-setting is a competitive act or effects the competitive market between companies doesn’t negate that standard-setting for the Internet and the Web is a cooperative act that enables a range of commercial and non-commercial activity. As we will see, that shared perspective among the individuals who conduct that work, but also work for employers competing for customers, helps define the ultimate and often policy-related effects of these processes that bridge diverse and competing organizations.
See “The Web, Recommendations and Living Standards” in Chapter 1 for a brief description of the “browser wars” and incompatibility of features between browsers and websites.↩︎
Openness can refer both to access (who’s able to be in the room) and procedural transparency (who can see the details of what happens in a room); these are often, but not always, aligned. Here, “open door” will refer more to the transparency dimension.↩︎
Swire, a well-known privacy scholar and former White House official, was recruited as a co-chair of the Tracking Protection Working Group in 2012, taking over from Aleecia McDonald.↩︎
The six point “Draft Framework” was documented in a short document in April: https://lists.w3.org/Archives/Public/public-tracking/2013Apr/att-0298/one_pager_framework_as_distributed.pdf↩︎
Minutes, May 6th↩︎
See the full day’s meeting minutes Minutes, May 8th (messier) and the final deliverable agreed on and published at the end of the meeting: Consensus Action Summary (deliverable from May 2013 meeting).↩︎
This is a very limited subset of the potential uses of transparency for governance generally; consider, for example, the four kinds described by Kosack and Fung (2014).↩︎
For concerns regarding legitimacy and accountability with strategies of delegation, see “Drawing comparisons” in Internet Standard-Setting and Multistakeholder Governance. This distinction between technocratic and stakeholder-balancing or democratic views also arises in questions over the individual’s role in the following section on Individuals vs organizations in standard-setting process.↩︎
See the section on Who participates and why it matters, but also ongoing research work, within the Bigbang project or in the work of Niels ten Oever, including: ten Oever and Beraldo (2018) and Arkko et al. (2019).↩︎