Well over a year ago, Phil Verveer, a veteran of the Department of Justice and the Federal Communications Commission, casually suggested to me that the notion of a systemically important financial institution found in the 2010 Dodd-Frank reform legislation might be useful in understanding when and how to regulate tech companies. The key idea, developed in light of the 2008 economic crisis, was that the failure of such a significant financial institution could “threaten the stability of the financial system of the United States.”
Time passed, and then the notion reappeared in the report that he, Tom Wheeler, and Gene Kimmelman released in August 2020 through the Shorenstein Center at Harvard. In the report’s words, financial companies of systemic significance “need not be massive,“ but are “essential to the workings of the financial system.” Their “failure would trigger a cascade effect that could cripple the entire system they inhabit.”
The report called for a new digital platform agency to “develop criteria for digital market companies that reflect this same degree of importance to the workings of digital markets, as Dodd-Frank did for the financial system.” This could be the case, the report suggested, when economic conditions such as network effects give a company a dominant position over a key aspect of the digital market.
Now the New York State Department of Financial Services has recognized that certain technology companies are systematically important and should be subjected to supervisory regulation. Its recent report was prompted by a cybersecurity incident at Twitter, where hackers gained unauthorized access to the Twitter accounts of digital currency firms and attempted to defraud their customers. After an investigation, the Department concluded: “In other industries that are deemed critical infrastructure, such as telecommunications, utilities, and finance, we have established regulators and regulations to ensure that the public interest is protected. With respect to cybersecurity, that is what is needed for large, systemically important social media companies.”
The particular concern was that the lack of good security practices at Twitter caused losses for digital currency firms regulated by the Department. Although Twitter is not a part of the financial services world, failures in Twitter’s information security systems created significant risks for financial services companies. As a result, in the last section of the report, the Department advocates that Twitter and the other social media giants be labelled “systemically important” by analogy with the designation of financial institutions where their failure or disruption could create or increase risks throughout the financial sector.
The Department wants an expert agency to subject these systemically important social media companies to enhanced regulation “such as through the provision of “stress tests” to evaluate the social media companies’ susceptibility to key threats, including cyberattacks and election interference.”
The message for the tech industry giants is that policymakers are thinking of them in the same way as they think of other firms whose proper functioning is crucial to the public and to a wide range of other industries. By labeling tech giants as systemically important, policymakers are saying that they are like “telecommunications, utilities and finance.” They provide critical services that people and other industries cannot do without.
The notion of a service essential to contemporary life evolves with time. In the early days of the deployment of electricity, it was not a necessity. But as electricity spread to more and more homes and businesses, more and more products and services utilized it. The cost of not being hooked up to the grid grew until participation in modern life could not be fulfilled without access to electricity. The same process occurred in the deployment of telecommunications services. At first, they were available to businesses in urban areas, and spread gradually to rural and suburban parts of the country. Regulation, and, crucially, government subsidies were a necessary part of ensuring the universal and affordable availability of these essential services.
The pandemic has taught policymakers and the public, if they did not already know it, that broadband access is now an essential part of contemporary life. Low income families often cannot afford even bare-bones broadband services, which are vital during this time of pandemic for their ability to work from home and for their children to receive distance education. In some form, these new developments in at-home work and learning will almost certainly outlast the current pandemic. Government measures such as expanding the telecommunications Lifeline program to bring affordable broadband access to underserved urban and rural areas should be a priority for the new Biden administration.
Of course, tech companies are not telecommunications firms, but many digital companies have become providers of services that are just as essential to full participation in contemporary life as broadband access. Online shopping, social media platforms, and search engines jump to mind immediately. Everyday life and business would be immeasurably more difficult without the services that these companies provide. They have embedded themselves throughout our social, economic, and political lives. How companies deliver these services is no longer a matter of purely private interest but is of vital concern to the general public and to other industry sectors that depend on them. Policymakers have noticed this and are moving to regulate the tech giants to protect the public.
If competition can be relied on to protect the public interest in delivering essential services, all the better. That is why measures to actively promote such competition are needed. The Justice Department’s antitrust case against Google is a start in this direction and is likely to be expanded upon by new officials in the Biden Department of Justice. As the Shorenstein report and the antitrust report from the House Judiciary Committee have noted, much more needs to be done.
At the same time, policymakers need to look at which measures, such as the information security stress tests suggested by the New York State Department of Financial Services, need to be put in place to protect the public interest. Special privacy and content moderation rules might be needed as well.
When companies are systemically important, regulation is not just nice to have. Regulation itself becomes an essential service, one that only an active, agile and competent government agency can provide. The Biden administration should be looking carefully at how to regulate these companies in the public interest.
Facebook and Google are general, unrestricted donors to the Brookings Institution. The findings, interpretations and conclusions in this piece are solely those of the author and not influenced by any donation.