Hi,

Welcome to BIG, a newsletter about the politics of monopoly. If you’d like to sign up, you can do so here. Or just read on…

Today I’m going to write about big tech’s very bad week.

First, some housekeeping. It’s been a year since I started writing this newsletter, and I’ll send out an issue this weekend on what I’ve learned and what I think we are accomplishing together. Also, at 1pm today, my organization will put on a Zoom event with Congresswoman Katie Porter, former Federal Reserve governor Sarah Bloom Raskin, legal scholar and Mehrsa Baradaran, small business investor Sam Long, and former Senate Banking Committee counsel Graham Steele on the Federal Reserve called ‘A Tale of Two Bailouts.’ You can RSVP here. (And yes we’ll put the video up online afterwards).

And now…

Big Tech’s Reckoning

Something changed this week. I’m not sure what, but it feels more and more like significant policy action against big tech is inevitable, probably break-ups but certainly restructurings of their business models. Though it’s impossible to pinpoint a shift in the political consensus, the signs are unmistakeable. It’s not just the constant drumbeat of announced investigations and leaks of potential antitrust suits. It’s the change in opinion leaders.

Two days ago, Joe Scarborough on MSNBC went on a seven minute rant straight to camera on Mark Zuckerberg and Sheryl Sandberg, accusing them of destroying American democracy in return for money, and screaming into the camera that Congress needed to stand up to billionaires in Silicon Valley. Scarborough is as close as you can get to representing Washington, D.C. conventional wisdom, his morning show often sets the terms for legislative action and political chit-chat.

Scarborough’s rant is part of a broader upsurge of rage at Google, Facebook, and interestingly for the first time, Apple. There are other signals of political anger; yesterday 60 groups, mostly progressives and unions but also the conservative Internet Accountability Project, sending letters to the House Antitrust Subcommittee asking for subpoena’s of critical documents to compete the big tech investigation. (My organization signed onto both letters.)

In Congress and among journalists, both sides are exposing big tech. On the left, Congresswoman Jan Schakowsky and Senator Richard Blumenthal demanded that the Federal Trade Commission force Google to stop profiting from pandemic-related scams proliferating on its search engine. This follows Judd Legum’s journalism through his newsletter Popular Information showing Facebook has refused to adhere to its own policies on promoting the extremist violent network known as Boogaloo.

On the right, Google kicked the right-wing site The Federalist out of its ad network, depriving the media outlet of revenue. In response, Tucker Carlson on Fox News called for a Republican primary challenge against Utah Senator Mike Lee, who he argues protects Big Tech. The Department of Justice, as well as a set of Republican Senators, escalated their campaign to strip the immunity for platforms that lets them avoid legal responsibility for third party content that flows over their properties.

But the most interesting shift had to do not with the right or left, but with Apple. Apple has largely escaped the same anger enveloping Google, Facebook, and Amazon, because the corporation largely sells overpriced electronics instead of seeking to remake mankind in a weird techno-utopian image. But this week, Apple bullied Basecamp’s David Heinemeier Hansson, a well-known and outspoken technologist. Heinemeier Hansson is also politically connected, last year he testified before the House Antitrust Subcommittee last year on monopoly power of big tech platforms.

This week, Heinemeier Hansson’s company released a new email service called Hey, which cost $99/year and has a different user interface and privacy settings than competitors like Gmail. Apple, after allowing the release of the app Hey on its app store, decided to block an update to the app with bug fixes, claiming that Hey violates its app store terms. Specifically, Apple claims Hey did not implement Apple’s "in-app purchase” feature, which is Apple’s own payment and billing system for apps that lets users buy a service directly from within the app store. Instead, Hey allows users to go to its website, buy the service, and login to the app separately.

In reality, it’s not a technical squabble at all, it’s a fight over money and power. Apple charges 30% to most apps on its app store, essentially a tax if you want to get onto the iPhone. But it doesn’t charge that to every single app. Netflix and Dropbox, have special arrangements, probably because they are too big for Apple to push around. Uber doesn’t pay the fee either. Apple doesn’t impose the fee for its own apps, which Spotify, a competitor to Apple’s music and podcasting apps, has noted.

Apple also makes an arbitrary distinction between consumer and business applications, supposedly allowing business applications to bypass its in-app purchase feature. Basecamp’s previous products took advantage of this path, and Heinemeier Hansson thought it was reasonable for them to release their new product this way as well. But Apple claims that Hey is a consumer oriented product, so Hey should pay the 30%. What makes Apple’s claim even more noteworthy is that its distinction between consumer and business oriented apps is informal, as Apple doesn’t actually draw such a line in its own app store review guidelines.

In other words, it’s not just that Apple has the power to tax, which is the sign of a monopolist, but it’s also that it discriminates among its customers based on its own financial and strategic interests. Apple is under investigation by both Congress and European regulators for its business practices, but when confronted in public with a high-profile scandal, Apple simply doubled down on its rejection of the Hey app. The attitude seems to be one of total indifference to values of fairness, and a belief that antitrust laws simply do not matter or are unenforceable. Such an attitude has served them well for decades, but it is now virtually a dare to policymakers to legislate.

Apple’s behavior today is a result of the court-mandated collapse of the legal regimes, known as refusals to deal or essential facilities doctrine, designed to prohibit such business practices. For background on the law, scholar Lina Khan’s excellent law review article on separations of platform and commerce notes there’s a long history of break-ups that occurred as a result of this kind of conflict of interest, in industries as varied as railroads, banking, data processing, TV networks, and telecommunications, and the underlying content they carried.

Normally this kind of dispute would stay as a mere business spat, but Heinemeier Hansson hit a nerve. Yesterday, the Chairman of the House Antitrust Subcommittee, David Cicilline, called out Apple for “highway robbery” on a podcast on The Verge. He revealed that Apple CEO Tim Cook has refused to testify before his committee, and discussed how this event impacts the ongoing investigation. And it’s not just antitrust proponents who are mad, but Apple fans and allies as well. John Gruber who runs the popular site Daring Fireball, argued that Tim Cook is betraying the legacy of Steve Jobs. Microsoft President Brad Smith, who does not particularly like assertive antitrust activity, called for antitrust scrutiny on the app stores of both Google and Apple.

Basecamp’s refusal to knuckle under has also revealed an undercurrent of fear and anger towards Apple. Tinder and Epic Games went after the corporation, with Epic’s head of security saying, “The iOS App Store’s monopoly protects only Apple profit, not device security.” Ben Thompson, who writes the a widely read industry newsletter Stratechery, asked for accounts from app makers on their experiences with Apple.

I now have over 50 stories from developers who have had Apple squeeze their web services for in-app purchase flows over the last few months, and they range from one-person shops to some of the biggest companies in the world. It is extremely clear to me that this is not an accident, but a coordinated campaign to drive more App Store revenue…

In fact, I would go so far as to say that executives in the tech industry are more afraid of Apple in 2020 than they were of Microsoft two decades ago. App Store Review is such an absolute gatekeeper, and the number of ways that Apple can retaliate are so varied and hard to verify, that no one is willing to publicly breathe a word against the company — again, except for Basecamp. I wish I could prove this to you — the stories I have received the last few days tell the tale — but no one is willing to go on the record, to me or to regulators. The risk is too great, because Apple’s level of control, and willingness to use it, is so overwhelming. I wish I were exaggerating, but I’m not.

I’ve written before about fear in American business. I noted how executives are afraid to talk until they are no longer under the thumb of a monopolist; Adam Goldstein of online travel agency Hipmunk spoke out against the coercive data practices airlines after he left his business and Brian Kelly of AppNexus went after Google after selling out to AT&T. This fear is everywhere, not just among executives. I’ve heard fear in the voices of doctors, cheerleaders, pharmacists, nurses, telecom input producers, office supply makers, and technologists.

Thompson is hearing the same thing. He is a former Microsoft employee, and he’s highly sympathetic to business leaders of both large and small corporations. It’s evident there’s something here that’s gone far beyond the politics of the left or right, but illustrates a brewing rebellion from within the business world itself towards monopoly power. In 1950, Emanuel Celler, who chaired a Congressional committee on monopoly power, articulated the importance of antitrust law in preventing fear from dominating business. Here’s what he wrote in Reader’s Digest:

Under our ancient common law your neighbor must not point a gun at you, even though he has never shot anyone. Similarly, our antitrust laws were intended to protect businessmen not only from violence but from fear of violence.

That sums it up.

Thanks for reading. If you liked this essay, you can sign up here for more issues of BIG, a newsletter on how to restore fair commerce, innovation and democracy. If you want to a book to learn more about the anti-monopoly roots of American society, read my book, Goliath: The 100-Year War Between Monopoly Power and Democracy.

cheers,

Matt Stoller

P.S. Let’s not leave out Microsoft from the fun. Back in May, I noted how Microsoft is eating up the security market. Here’s an email from a BIG reader.

Hey Matt,

Regarding the blurb about "Microsoft Swallowing the Security Vendor
Market" from your May 15th post, I wanted to rely my own personal
experience.

I work in cyber security for a domestic-based Fortune-100. Our IT and
Cyber Security departments are separately managed, but ultimate report
to the same C-Suite Officer. Thankfully, we're removed enough that our
security side, though significantly smaller in both headcount and
budget, enjoys some level of autonomy from our IT counterparts.
Unfortunately, our IT leadership made the decision to invest in
Microsoft's E5 licensing program last year, then immediately pressured
our group to implement and replace many of our key security controls.
The pitch from leadership was compelling on the surface as it promised
tighter "integration" of solutions and cost savings for not having to
purchase additional security technology. We had no choice but to
evaluate all of the potential Microsoft solutions.

Apologies if this gets too technical. There were several areas where we
were forced into concessions we didn't want to make.

- IT's has strategically transitioned many services to Microsoft's Azure
cloud to leverages promised savings for not having to buy, power, cool,
and administer servers. Portions of our web infrastructure were migrated
immediately. Once in the cloud, however, my team lost the ability to
adequately monitor for security threats with our current technology
because we had positioned our controls at our network perimeter. The
cloud-based security controls do not provide the same capabilities.
There is no network-based firewall or adequate system logging, and the
application-firewall breaks the site functionality. We're left with an
indefensible platform that is now to complex to secure because it would
require a fundamental redesign of the entire system. We've suffered
several cyber incidents since, luckily none that severely impacted the
business or customers, but I feel it's just a matter of time...

- Our email system was also migrated to the cloud. The Office 365
security controls are good on the surface, but again, without having the
mail on premises, we can't leverage any additional security controls.
Our mail sandbox platform, which used to analyze every email attachment
before delivering the message to the recipient, cannot function with the
cloud platform. Microsoft claims to offer comparable features, but after
working with Microsoft Professional Services to implement their best
practices, we see many cases where the security features are lacking.
They're logging for email is abysmal, which further complicates our
ability to detect and respond to cyber incidents.

- Generally speaking, all of Microsoft's security technologies are a
mish-mash of one-off acquisitions that are not integrated with each
other. There are at least seven different web portals that each contain
partial versions of the policy settings, alerts, and logs required to
adequately perform security functions. There are another three or so
portals that claim to consolidate the various logs into a central
locations, but all are impossible to operationalize on the scale we
need. For many years we've used the very popular and powerful Splunk
logging platform to support our security infrastructure, and of course,
Microsoft makes it incredibly difficult to export their information into
that platform, while also launching their own logging platform,
Sentinel, for "free"!

- Lastly, we're at the start of a project to migrate our end-point
antivirus product to the Microsoft Defender product. I cannot get past
the fact that Microsoft has built a commercial tool to protect their own
operating system and office productivity applications from their own
inherent security flaws. Regardless, we successfully fought to deploy an
additional third-party tool for endpoint detection and response. During
that battle, we had to justify the additional expense of this
third-party tool by arguing it compensated for clear gaps in the
Defender solution. Microsoft representatives were included in this
process, and I found their behavior to be reprehensible. They
consistently misrepresented Defender's capabilities and bad-mouthed the
third party. This was AFTER the E5 license agreement was signed.
Microsoft was clearly interested in making sure no money was paid to
their new security competitors.

I have two big fears with Microsoft pushing aggressively into the cyber
space: 1) it'll push better, smaller products out of the market, or
force more consolidation that will dilute the value that specialized
solutions have, leaving only their bloated and ineffective solutions,
and 2) if Microsoft gets decent market penetration from big orgs like
mine, but decides in a couple of years that Cyber Security isn't
important or profitable anymore and abandons the market, where will that
leave it's customers that adopted their platforms full-sale?

Nation-state and criminal threat actors are running rampant through our
domestic organizations, small and large, and Microsoft isn't helping the
problem.

Thanks for being informative and awesome,