
U.S. senators want social media users to be able to take their data with them - howard941
https://www.reuters.com/article/us-tech-antitrust-congress/u-s-senators-want-social-media-users-to-be-able-to-take-their-data-with-them-idUSKBN1X112C
======
danShumway
> The bill would require communications platforms with more than 100 million
> monthly active members - Facebook has more than two billion - to allow its
> users to easily move, or port, their data to another network, Warner’s
> office said in a statement.

Facebook already has a data export feature. You have to manually navigate to
that page and download a giant zip file. Cool.

The much more important concept being proposed here is delegation:

> Under the bill the companies would be required to maintain an interface to
> facilitate interoperability. Or users would be allowed to choose another
> company to manage a user’s account settings, content, and online
> interactions, the statement said.

Very few people are going to manually export their data from Facebook. But
they might go to a new network that supports cross-posting to Facebook, or an
automatic import that doesn't require them to navigate Facebook's menus.

Delegation is a severely underappreciated digital right. Beyond advocating for
data-exports, we should advocate that users have the right to delegate data-
access through APIs to third-parties. If I can manually update/download my
Facebook status, I should also be allowed to programmatically update it. And I
should be able to authorize another person to update/download it on my behalf.

~~~
neuroticfish
>Beyond advocating for data-exports, we should advocate that users have the
right to delegate data-access through APIs to third-parties.

IMO we should first and foremost be advocating for the right to have our data
destroyed.

~~~
dependenttypes
The concept of data ownership is a very anti-freedom/pro-copyright concept.

~~~
jonfw
With such a shallow view of freedom, physical property ownership is a very
anti-freedom concept as well, is it not? Ownership of a house is an
infringement on the freedoms of other poeple who want to live there?

Intellectual property is no different than any other sort of property. The
right to own property is invaluable, and serves the purpose of maximizing
freedoms in the long run.

~~~
the8472
Ill-gotten goods can be confiscated.

The same for knowledge would involve lobotomies.

Would you please hold still for a moment?

~~~
jonfw
Knowledge != intellectual property

------
MR4D
This bill is great in theory, but....

Getting the language correct and the implementation will be extraordinarily
difficult. For instance:

Let's say you are on twitter. Does twitter have to build an email interface so
I can DM my friends who are on gmail?

Or maybe I'm on Facebook - do they have to let me allow people on Myspace to
"friend" me?

Maybe I see an article on ZDnet, and I'm tired of using multiple accounts, so
instead, I'd like to move away from Discus to Matrix for posting. Who is
responsible here - ZDnet, Discus, Matrix?

Will MSFT be forced to allow me to port my entire Skype history and number to
Verizon? Or to WeChat?

Will AT&T and instagram be forced to allow me to post on instagram using my
AT&T account?

Interoperability of protocols is important (e.g. one email provider not
blocking another). But the law of unintended consequences here is going to be
huge. Security alone is going to be a nightmare.

I agree this goal is laudable, but the government never made Fords have to use
GM parts (only that they use standardized gasoline). I think the idea that
they have to expose an interface makes sense, and is much less problematic
than full portability and interoperability.

 __Words are important here, and the actual word choices in the legislation
are going to radically affect our future. __

Read that last sentence again - this is a huge problem with any major
legislation, and legislation with technology in particular.

~~~
MR4D
One thing I forgot to add - how would this interoperate with the GDPR laws?

For instance, if I move my data from FB to something else, what happens to the
email addresses and phone number of all the people I'm connected with? Assume
this gets even worse when you have social platforms based in different
countries (e.g. EU, US, Russia, China for instance).

~~~
MR4D
Section 6(c) "Technical Standards" looks intriguing. Basically tasking NIST
with publishing technical standards for online messaging, multimedia sharing,
and social networking.

Definitely some good parts here, but I'm still worried about the laws of
unintended consequences. Nobody thought that allowing software patents would
be bad, but clearly that's been way more costly than anyone imagined. I worry
the same is true here.

This paragraph on its own is great. Would love to see a step-by-step approach
rather than doing everything at once. Less change for screwing up, and you can
adjust new legislation as needed.

------
Mountain_Skies
Being able to take your data with you is good but most of the value in social
media is due to the network effect. If you can't seamlessly being your
connections with you, the incumbents will continue to have a huge advantage
over newcomers to the market. In the context of social media, how could
someone bring their connections with them to a new platform without
compromising the rights of those connected to?

~~~
basch
interoperability and distributed federation would be much more powerful than
export. Maybe they dont know facebook already has an export button? And if
that export is in a non-standard-structured format, its not even useful to
import into another network.

~~~
bilbo0s
Interoperability just gives _more_ people potential access to your data. What
most activists are trying to do is move towards _fewer_ people having access
to your data, as well as you having full and legal custody of your data.

Interoperability is better for companies, particularly small ones. But the
idea here is to help people prevent companies from accessing their data willy
nilly. I'd think the goal would be to decrease the number of access points and
to require that strict, explicit, legally binding, criminally enforceable,
consent be given for every access to a user's data.

If you want to help smaller companies compete, that's a different discussion
that can be had. But securing the data of users and providing a great deal
more privacy than user's have right now really is a completely reasonable
effort in its own right. In fact, I would think for the vast majority of
users, the effort to ensure security and privacy should probably take
precedence over providing more companies potential access to their data.

~~~
ethbro
The counterargument is that regulation around collecting and permitting access
to data simply widens the moat for incumbents.

Facebook and Google can implement a 500-page law.

A startup cannot.

So I think it's important to keep "How are we encouraging competition in the
marketplace?" in mind as these proposals go through.

~~~
bilbo0s
I mean, as I said, "encouraging competition in the marketplace" is a separate
discussion. If we start allowing marketplace needs to determine or even
influence who gets to access a user's data, we're already moving away from the
goal of the user being the final arbiter of who gets to access his data.

Not to put too fine a point on it, but letting marketplace needs influence who
gets access to a user's data is how we got to this point in the first place.
It's a separate discussion, and it needs to be kept separate. Besides,
whatever people come up with in that regard, the commercial entities that want
access to users' data can really have no reasonable objection to obtaining
strict, explicit consent to access that data. With the concomitant legally
binding and criminally enforceable rules attached.

Competition in the marketplace is good, but people are a society's priority.
We can't lower the barriers to access on a user's private data in the name of,
"this is good for business."

~~~
emiliobumachar
> Competition in the marketplace is good, but people are a society's priority.
> We can't lower the barriers to access on a user's private data in the name
> of, "this is good for business."

That's a reasonable position to take in the two joint discussions, but that's
not "keeping the discussions separate", that's defining your priority and
optimizing for it at the expense of other concerns. Dismissing those concerns
because they are not important enough is fine, dismissing them as if they
didn't belong to the discussion is dishonest.

I contest that the discussions are separable at all. The same regulation can
be very good disregarding its effect as a barrier to entry, and very bad not
disregarding it. Whether or not any particular regulation is good on net
depends on pros and cons analysis that actually takes all relevant cons into
account.

------
AdmiralAsshat
Who asked for this, exactly? I know plenty of users who would like to _delete_
their data--I can't think of too many that want to port it over somewhere
else.

Is the idea that this would fuel competition by allowing people to migrate
their history over to decentralized/federated alternatives?

~~~
ghaff
>delete their data

Which is arguably, at least in part, actually in opposition to this. To the
degree that data can be better exported and spread around, it's more likely to
be persisted than if it's locked up in a single company's system.

~~~
JumpCrisscross
> _Which is arguably, at least in part, actually in opposition to this_

Disagree. Today, questions about persistence and portability are made by
companies. Users have virtually no say.

Giving users say in the matter may mean some make bad portability decisions.
But there is nothing fundamental to user-initiated portability that interferes
with user-initiated deletion. Today, I can do neither with Facebook.

~~~
ghaff
>Users have virtually no say.

Well, that's true. Because once content by or about you is out there, neither
you nor anyone else really has the power to force anyone to delete it. That's
not so much a company making a decision but a collective decision that you
don't generally have a "right to be forgotten."

But that's not so much individual companies making an affirmative decision to
always preserve data as no one providing individuals any real rights to erase
what they've made public.

~~~
JumpCrisscross
> _once content by or about you is out there, neither you nor anyone else
> really has the power to force anyone to delete it_

If you port your data to every social network on the planet, an act tantamount
to publishing, yes, your data will be public. That isn't an argument against
granting users this right.

Social media companies distributed users' data when it was in said companies'
interests. Letting users make that decision themselves may mean bad decisions
will be made. But that's better than companies making users' decisions for
them, with zero regard for what the users themselves want.

> _a collective decision that you don 't generally have a "right to be
> forgotten"_

There is no right to be forgotten in America. (There can't be without gutting
the First Amendment.)

~~~
jagged-chisel
Honest question (I'm not making the connection on my own, so please help me
out): how does giving me the ability to instruct a social network to delete my
information (and a law to enforce that instruction) infringe on the network's
first amendment rights?

~~~
JumpCrisscross
> _how does giving me the ability to instruct a social network to delete my
> information (and a law to enforce that instruction) infringe on the network
> 's first amendment rights?_

There is a difference between the right to deletion and the right to be
forgotten. Right to deletion is "I gave you these data, these data are mine,
please delete them." Right to be forgotten means "you have these data, they
concern me, please delete them".

Say you tweet something. That tweet, under current law, is Twitter's. Let's
say a right to deletion is enacted. Now, you can require Twitter to delete the
tweet from its records. This is great!

Now say that while the tweet was up, a newspaper quoted it. Now, when someone
searches your name, that article comes up. A right to be forgotten means you
can require search engines de-list that article from your search results.

Rights to deletion don't necessarily interfere with the First Amendment
because they concern your first-party data. Rights to be forgotten, by dealing
with third-party data, often public, published data, are more problematic.

~~~
dependenttypes
> Rights to deletion don't necessarily interfere with the First Amendment
> because they concern your first-party data

The first amendment does not talk about copyright or distinguish first with
third-party data.

~~~
JumpCrisscross
> _The first amendment does not talk about copyright or distinguish first with
> third-party data_

The Constitution talks about copyright and a series of court cases have
circumscribed commercial speech within the First Amendment's projections,
_e.g._ you can't commit fraud and call it free speech.

------
zubspace
> The bill would require communications platforms with more than 100 million
> monthly active members - Facebook has more than two billion - to allow its
> users to easily move, or port, their data to another network, Warner’s
> office said in a statement.

I assume that this proposal is based on good intentions. But how they want to
overcome the technical hurdles is a mystery to me.

Who decides, how facebook should structure their exported data? Will there be
a standard? Social media platforms like facebook, twitter, reddit or youtube
are so fundamentally different that I doubt it is possible to create a common
standard.

And who decides which services need to have a compatible data format?

The idea of downloading my twitter feed and post it on mastodon and vice versa
is, I guess, a pipe dream. Or will I be able to download my Imgur posts and
import them in Reddit? Can I export all my Youtube videos and import them on
Vimeo? Yeah, go figure...

I think a better alternative would be a requirement for such companies to open
up their API. I want full access to my twitter feed for free. This would allow
third parties to create a single interface to many different networks, like
twitter and mastodon.

~~~
ClumsyPilot
We have open banking API in UK, which is much more useful than having an
export button. It allows for actual interoperability.

You could draw inspiration from that.

~~~
Kalium
One of the reasons that open banking works well is that every bank has
essentially the same offerings and therefore the same type of data. It's
perhaps possible that social networks may be marginally less uniform.

------
riffic
G Suite, or what was originally "Google Apps for Your Domain" is a white-
labeled Gmail.

Commercial social media companies can theoretically make some serious money by
whitelabeling their services and selling those to whoever has an audience.
Stop thinking about things in terms of followers - it's the publishers that
need to be captured for revenue.

What I'd _really_ like to see from U.S. Senators is legislation to require all
*.GOV agencies spin up their own ActivityPub-compliant implementations and
publish through that means, rather than via accounts on commercial social
media services.

Eventually, media and other institutions will follow.

if anyone is interested in learning more, just look up Mastodon Project, the
Fediverse, and ActivityPub in Wikipedia.

edit: By "whitelabeling" I mean "Twitter/Facebook/Instagram/Youtube for Your
Domain", federated and ActivityPub-compliant. Enterprises will eat this shit
up.

~~~
mxuribe
I've thought of this very same thought myself ever since I've had a presence
on the fediverse (waaaaay back in the gnu social, statusnet, etc. days). Even
if brands only gain the benefit of better control of their brand presence (on
platforms that they control) instead of being beholden to the likes of
Facebook, etc....I do agree that there's a business to be had for offering
commercial social media hosting.

------
jnieminen
The EU has also a similar right [1].

[1] [https://ec.europa.eu/info/law/law-topic/data-
protection/refo...](https://ec.europa.eu/info/law/law-topic/data-
protection/reform/rights-citizens/my-rights/how-can-i-access-my-personal-data-
held-company-organisation_en)

------
yami
Isn't it the whole idea behind
[https://solid.inrupt.com/](https://solid.inrupt.com/) ?

~~~
rhythnic
+1 for solid. Solid has these concerns baked into the design. It's the best
solution I've seen for user-owned data and interoperability, not to mention
the wealth of possibilities enabled by linked data. To try to legislate those
concerns into the current centralized web is going to cause a lot of grief.

------
xkde
At this point, if Facebook wasn’t public and I was Zuckerberg, I’d wind down
the company and update the home page to simply read, “I’m leaving it as I
found it. Take over. It’s yours.”

~~~
mffnbs
I always used the analogy of a message board that I put in my yard. If people
start dictating that I need to display the nazi graffiti someone spray painted
on it, I'm just going to remove the damn board.

------
munfred
Please note that this article makes a crucial omission: this bill only applies
to communication platforms With more than 100M users _in the United States_.

To my knowledge, only Facebook and Facebook messenger meet that threshold
(please list others for which there is data supporting that they'd also be
affected). So as it is, this bill would make Facebook offer APIs to it's
services, but other services with less users _in the United States_ won't have
to.

Here's the relevant section of the bill:

(7) LARGE COMMUNICATIONS PLATFORM.—The term ‘‘large communications platform’’
means a product or service provided by a communications provider that — (A)
generates income, directly or indirectly, from the collection, processing,
sale, or sharing of user data; and (B) has more than 100,000,000 monthly
active users in the United States.

Link to bill on congress website: [https://www.congress.gov/bill/116th-
congress/senate-bill/265...](https://www.congress.gov/bill/116th-
congress/senate-bill/2658)

Link to the full proposed text as uploaded by Mark Warren:
[https://www.scribd.com/document/431507473/GOE19968](https://www.scribd.com/document/431507473/GOE19968)

------
robbrown451
I absolutely like the idea but hope that they push true interoperability more
than just the "bundle all your data into a single big zip file" feature.

The problem with the latter is it doesn't really do a lot for the vast
majority of users wishing to use a competitor. Sure, they can take their data
there but who is going to be able to see it easily?

I wish it all worked like email. I can use any email provider I want, and
people can send me mail, regardless of which provider they use. It isn't
perfect (for instance gmail does some stuff with images and links to youtube
videos and links to maps and so on that others don't, so I find myself using
the product a bit differently if I know the recipient is using gmail), but
still it is better than facebook etc where if you share via a product, the
people seeing what you share have to use that product too. So basically what
that means is competing (or complementary) products should be able to post
your stuff to facebook as if you had posted it yourself.

Or something. I don't know the exact solution, but I certainly support
legislation forcing such companies to open up their platforms. Network
monopolies are not good for consumers and not good for innovative competitors.

------
mal10c
Hmm.. so I agree that it would be awesome to easily port my data from company
A to company B. I mean, that would be really great! But I kind of don't think
that's an appropriate role for the government. Feel free to disagree, I'm all
ears on other opinions, I just don't feel the government should have that type
of authority to regulate a company like that.... but maybe that's just me.

------
yason
Something like this would be the right way to do social media and networks,
and it would never be allowed to work.

Ideally, I would own my data and I could just bid the social media providers I
want to host my data. I could pick one, or several, and I could pick free
providers with ads or pay for a premium provider with no ads and other
benefits. I could also host the data myself, and messages, posts, friend
requests, and updates would travel from service to service via standard
protocols. Each user would have a cryptographical identity that would be
unalterable across different services; of course you could create many of
them, such as one for your work-self, one for your personal self, and one for
your hobby/forum discussion/spare time self.

This would reduce social media companies into mere infrastructure carriers.
Even telcos talked themselves out of it, I can't imagine social media
companies to want anything except own us.

------
lacker
Facebook is getting pulled in two directions. First, for competitive reasons
people want a Facebook platform that can actually do useful things like export
data.

The problem is that the other direction is for Facebook to keep your data
private. The Cambridge Analytica scandal was basically blaming Facebook for
giving users the ability to export their data to applications that
subsequently sold it to Cambridge Analytica.

Senators are not writing code, so they are not required to be logically
consistent. I predict a future in which Facebook gets fined no matter what
they do.

------
bcheung
I'm 100% for this idea but is a government law really the best way to go about
this? There are already social media alternatives that are decentralized and
give users control and nobody uses it.

There's an increasing amount of bureaucracy in the tech space that it is going
to make it very hard to innovate. Laws typically deeper entrench bigger
companies because they have the resources to have full legal teams and
departments dedicated to compliance. Startups do not.

~~~
mlok
This law is for companies with more than 100 millions users. This bureaucracy
will not be a problem for innovators and startups because it takes a lot of
time to reach this threshold, they are not concerned by this while at the
startup stage.

------
marknadal
You can already do that with
[https://github.com/eraeco/party.lol](https://github.com/eraeco/party.lol)
(Open Source extension)!

It hijacks input/comment areas & saves your tweet/post to your own personal
local archive in the browser, and then encrypts the message so Facebook/Google
can't spy on it.

------
tqi
How would/should permissions work in this if my friend moves to a new service?
Do I also have to accept a TOS in order for them to continue to see my stuff?

The email analogy fails for me because it is clear that once I send an email,
that data now belongs to everyone I sent my email to. Is the same true for a
tweet or photo I post?

------
holler
Better Idea: Create a fund for startups that are building new social media
platforms specifically to compete against Fb/Twitter/Reddit/Etc. Create
pathways for them to compete and enter the public domain. Give them free
national advertising slots. Only companies with less than 100M users can
apply.

------
droithomme
Maybe they can handle this like the phone number portability rules. All
internet users will be charged a $5 or so monthly "social media portability
tax" which will then be distributed to these 100 million+ user companies to
help pay for the cost of maintaining the portability systems.

------
robomartin
What's missing here is the ability to ERASE all of your data from any service
at your desired level of granularity.

In other words, I ought to be able to tell Facebook to only keep a one month
history on me and truly delete everything else, including from backups. If

I want a 100% erase of everything, I should be able to get that too. It should
be a simple single button operation with suitable confirmation.

Perhaps I want all my pictures erased. It should be easy.

How about all of my facial recognition data for myself and my children? That
too.

In other words, these services should not be allowed to store data on you that
you don't want them to have. We should not toss out privacy just to protect
someone's business model.

I had an interesting experience with Turo.com. It's a P2P car rental service.
I decided I wanted to try it. To sign-up I had to give up what I would call
deep personal info: Name, address, date of birth, credit card, driver's
license and maybe a few more things (don't remember). I ended-up not using it
even once. It just didn't fit my needs.

I contacted the company with a request to cancel my account and delete all of
my personal information from their database. They refused. Well, they wanted
to have the account go dormant at first. I pressed and they agreed to cancel
the account. No data deletion though. I said: What possibly justification do
you have to keep such sensitive information in your database and backups when
I am not a customer and don't want to use your service? Well, long story
short, they agreed to delete the data. My guess is they lied to me. Without a
court order I have no way to verify that my data isn't sitting in multiple
backups ready to be hacked or used by another company if they sell the company
or go bankrupt and the database is sold as an asset.

The consequences of having your data stored in databases forever could come
years, decades later, when an event lands your data in the hands of someone
with nefarious intent or someone who might accidentally and without intention
cause you and others harm.

This is just one example.

We really need a law that says our data is ours and we get to decide who can
keep it, what they can keep, for how long and under what conditions. This
isn't hard and it is common sense. Put a different way: Just because a 15 year
old in a garage decides to launch an internet business it doesn't mean that 15
year old is entitled to own our data and do with it as he or she pleases.

~~~
acollins1331
They don't want that. They want to be able to ping facebook and get a
universally readable source of everything about you.

------
buboard
The users can already do that. FB and twitter do that , who doesn't actually?

It's a good tactic that has been followed since blogs became a thing. Like
when people could download their tumblr when it committed suicide.

~~~
supercanuck
maybe they want DRM for data

------
Derelicts
After watching Mark Zuckerberg testifying on Capitol hill I think it's obvious
Facebook and Alphabet are leading the show... A very interesting case is
Alexander Nix speech against UK comittee, recommend.

~~~
spicyramen
Can you unpack this statement?

------
beatpanda
Haha, remember more than a decade ago when we all thought that
interoperability was more profitable, and that everything would just naturally
tend toward open standards? Wow. We were all just stupid?

------
rpmisms
Title translation: supporting this bill polls well.

------
rocketflumes
won't big players like FB benefit from this? It seems more likely that people
would port data from smaller networks to bigger ones than the other way
around.

------
godzillabrennus
Good move. It’s data we create, we should own it.

~~~
Mirioron
You do own it. You can copy paste your posts around as much as you want. Does
Twitter have to put in work to make it easier for you for no benefit of their
own though?

~~~
buboard
Twitter -> Settings -> Your twitter data -> Download your data.

The option is already there. It has been for years

This is not a big deal at all

------
munherty
Misses the mark...

------
lugg
Right to federate is the new right to repair.

------
archie2
For God's sake can the US government stop meddling in this kind of garbage.
The republic is collapsing around us and we're supposed to be conserned about
being able to port our facebook posts over to twitter. WHO CARES

~~~
Taylor_OD
I understand where you are coming from but because one part of the government
is failing doesnt mean the rest of it should shut down and focus solely on it.
How would any long term change be enacted if every elect shifted focus every
time something new and seemingly more important came up?

------
azujus
I believe we are helping to build part of that future in my current startup.
People should own their own data and have a right to use it for their own
benefit.

(Startup: argyle.io)

~~~
ClumsyPilot
I am happy to hear about your startup, but if you are going to promote it, at
least outline what's your approach / why should I be interested.

------
readhn
Another distraction from politicians!

The issue for me and many other folks is not taking the data - but its the
ability to remove specific users data COMPLETELY and FOREVER from all of the
companies servers!

So far this capability and access are reserved to special branches within the
government (3/4 letter agencies etc).

Every human should be able to wipe off their own digital footprint forever!

