I have written and talked about the need for a “right to be represented by a bot.” By a bot here I mean software that runs on my behalf as an enduser and mediates my interactions with online services. In the web world, the browser is such as bot. For instance, I can run an ad blocker which I instruct on which parts of a site to show to me. I can also run something like 1Password that manages my security. I could use a custom bot to say keep an automatic personal copy of all the images and text I post on third party sites.
Why are such bots important? Because they shift power from the operator of the site to the participants. And that is critical in a world dominated by network effects where the leading company in any field may have 80% plus market share. These networks operate thousands if not millions of computers analyzing participants’ data. Each participant though, in the absence of bots, is reduced to using their fingers and brains. That of course is a highly uneven contest. The use of classical antitrust tools is, I believe, the wrong way to regulate these networks. Instead we should be changing the laws to shift power away from the network and to the participants.
Unfortunately we are doing the exact opposite. We are giving further power to the networks through a broad reading of a terrible piece of legislation know as the Computer Fraud and Abuse Act (CFAA). Before I go on let me be clear that without a doubt we do need laws that make some computer and online activities illegal, but we should err on the side of having these be narrower so as to limit negative side effects.
There are several recent examples of actual cases and threatened law suits that illustrate exactly how companies are using the CFAA to limit the power of endusers. Most damaging is the decision by the Ninth Circuit in the case of Facebook v. Vachani, which is discussed at length in two great articles by Orin Kerr. The short summary: Facebook used the CFAA to shut down exactly the kind of bot service that I envision. Here is what the bot, called Power, did:
Power’s software allowed Facebook users to authorize Power to go into their Facebook accounts and gather information for them for use at Power’s website. Power users also authorized the software to send Facebook messages to other Facebook users for them.
Users were specifically authorizing the bot to access their accounts. The bot was acting on behalf of a user who could have accomplished the same tasks manually but at a much slower rate.
More recently, LinkedIn brought suit against 100 or so “scrapers” under the CFAA. I don’t know the details of all of these scrapers and one can reasonably discuss whether or not there should be some legal limits to scraping, but one thing is certain: interactions with LinkedIn can be painful and I would love to use a bot for some of them. For instance, I currently have 920 pending invitations on LinkedIn and the company provides zero tooling for efficiently processing these (the UX for going through these is a mess). If the Ninth Circuit interpretation of the CFAA stands it will be illegal to build a bot to help me sort through my invitations.
Another recent example is a cease and desist letter sent by the Pokemon Company to a developer of an API. APIs are really the way all bots should be implemented as “scraping” technology is brittle and non performant. Instead of being able to threaten action under the CFAA to shut down APIs, we should be working to reverse the legal situation: anything I can do in the UI, I should be able to do via an API. That would allow me to delegate a third party to take actions on my behalf. Now you may think that it is silly to want to play a game via a bot, but it clearly illustrates the powershift. With the API it was possible to construct a service such as Pokevision, where players could locate Pokemon that had been shared by others. These were all shut down as a result of cease and desist letters under the CFAA.
In all of these cases the CFAA is used to limit the power of endusers, instead giving more power to the operators of networks. At present course and speed we are headed to a future where you can only buy locked-down devices where all software goes through a monopolistic app store and any attempts at creating third party software that represents endusers is made illegal. A future in which computing is controlled by the few, not the many.