Tech Firms Need More Regulation

The industry must cooperate to solve problems—but government must take a more active role as well.

Orange cords and computer network equipment
Heinz-Peter Bader / Reuters

Information technology is having an immensely uneven economic impact on the world, creating huge wealth for some while leaving others behind, as it displaces jobs and fails to reach communities that lack broadband connectivity. It’s changing the face of war and peace, creating a new theater of warfare in cyberspace and new threats to democracy through state‑sponsored attacks and disinformation. And it’s increasing the polarization of domestic communities, eroding privacy, and creating an emerging capability for authoritarian regimes to exercise unprecedented surveillance of their citizens. As artificial intelligence continues to advance, all these developments will accelerate.

People argue about immigration, trade, and tax rates for wealthy individuals and corporations, but we seldom see politicians consider, or the tech sector acknowledge, the role that technology is playing in creating these challenges. It’s as if we’re all so absorbed in the resulting symptoms that we lack the time and energy to focus on some of the important underlying causes.

It’s unrealistic to expect the pace of technological change to slow. But it’s not too much to ask that we do more to manage this change. In contrast to prior technological eras—marked by inventions such as the railroad, telephone, automobile, and television—the age of digital technology has progressed for several decades with remarkably little regulation, or even self‑regulation. This hands‑off attitude needs to give way to a more activist approach.

Tech companies and the tech sector as a whole need to step up and do more to address these issues responsibly and proactively. But in the three centuries since the dawn of the Industrial Revolution, no major industry has successfully regulated every aspect of its operations completely by itself. It would be naive to think the first success case will emerge now. That’s why we also need government to take a thoughtful but active approach to regulating technology. The greatest risk facing technology firms isn’t overregulation—it’s that government won’t do enough, swiftly enough, to address the technology issues affecting the world.

A more active approach doesn’t mean that everything should be left to governments and regulation. That would be as shortsighted and unsuccessful as asking governments to do nothing at all. Individual companies need to step up, and work more collaboratively across the tech sector.

When Microsoft was in the hot seat with antitrust issues around the world two decades ago, we recognized that we needed to change. I took from our battles three lessons that we continue to learn from and apply. They seem as relevant to the entire tech sector today as they did to our company in the past.

First, we needed to accept the heightened expectations that those in government, the industry, our customers, and society at large had for us. We had to assume more responsibility, whether it was required by law or not. We were no longer an upstart. We needed to strive to set an example rather than argue that we could do whatever we wanted.

Second, we needed to get out and listen to what other people had to say, and do more to help solve the technology problems that needed to be solved. That meant building constructive working relationships with more people. But that was just the start. We had to understand perceptions and concerns. We needed to do a better job of solving small problems before they grew out of control. We sat down more frequently with governments and even our competitors to find common ground. We recognized that we’d undoubtedly face some hard questions, and we would need to find the courage to compromise.

There were days when some engineers argued that we should instead keep on fighting. At times, I almost felt that they were calling my courage into question. While occasionally we needed to stand our ground, there were many moments when it took more bravery to compromise than it did to keep fighting. And it took persistence as well. The quest for common ground often led to negotiations that ended in impasse and failure before we could come back together and reach an agreement. We needed to develop the ability to fail gracefully, complimenting the other side even when things fell apart so we could preserve the ability to work through the hard problems again when the right moment arrived. It almost always did.

And finally, we needed to develop a more principled approach to our work. We needed to maintain an entrepreneurial culture, while also integrating it with principles that we could talk about both internally and externally. We began to develop such principles, first for antitrust issues and later for interoperability and human-rights questions. Among its other virtues, this approach both helps and forces us to think about the responsibilities we bear and the best ways to address them.

Spreading these approaches across the tech sector will require a cultural change. For a lot of good reasons, tech companies have traditionally focused first on developing a product or service that is exciting, and then on attracting as many users as possible as quickly as possible. Often, little time or attention is devoted to issues beyond this. As Reid Hoffman has captured accurately in his term blitzscaling, a “lightning‑fast path” that prioritizes speed over efficiency provides the best approach to developing market‑leading technology on a global scale. Even when companies achieve this type of leadership position, they retain an ongoing need to move quickly. It’s easy to imagine the concerns that would arise in Silicon Valley when weighty demands threatened to slow innovation down.

These concerns are important. But given the role that technology now plays in the world, it’s equally dangerous for a tech company to move faster than the speed of thought, or simply to fail to think at all about the broad implications of its services or products. Companies can still succeed while doing more to address their societal responsibilities. While we need to move fast, we also need to put some guardrails on our technology. An ability to anticipate issues and define a principled approach to address them is more likely to keep the car on the road as it gains speed. It helps avoid at least some of the public controversies and potential reputational damage that can force executives to spend more time on issues other than product development and user growth.

But even with the best of intentions, this type of effort does not come easily. The most natural course is to keep expanding a product and sell it to anyone who will buy it. Discussion about self-restraint almost always provokes internal objections. (I speak from experience.) Regulating a company’s own conduct therefore requires leadership from the top. Senior leaders need to think broadly, and they need to encourage their people to do more than simply find problems with every potential solution and instead find solutions for every potential problem.

But it’s not just individual tech companies that need to be more proactive. The tech sector as a whole needs to embrace a greater degree of collaboration. Compared with many other industries, the trade associations and voluntary efforts of the tech sector are often fragmented. Given the diversified nature of technology and competing business models of various firms, this isn’t altogether surprising. But despite these differences, firms in the tech sector have room to do more together.

This need is especially pronounced when it comes to priorities such as strengthening cybersecurity and combatting disinformation. This, too, will require cultural change. Too often today, even leading tech companies find it easy to look at a problem like cybersecurity and conclude that they don’t need to work closely with the rest of the industry. Or they decide they won’t join a parade unless they get to lead it. Or that they won’t be part of the parade if it includes some other tech company that’s currently in the hot seat politically, for fear of being “infected” by standing near a company that is facing public criticism. While these concerns to some degree are understandable, tech leaders need to resist them. Such views make it more difficult for the tech sector to address its responsibilities or meet the world’s expectations.

Even if it were possible for the tech sector to proceed without greater government oversight, we should still question whether this would be the best path forward. The sweep of technology issues affect virtually every aspect of our economies, societies, and personal lives. In the democracies of the world, one of the most cherished values is that the public determines its course by electing the people who make the laws that govern everyone. Tech leaders may be chosen by boards of directors selected by shareholders, but they are not chosen by the public. Democratic countries should not cede the future to leaders the public did not elect.

All of this makes it important for governments to take a more active and assertive approach to regulating digital technology.

As they do so, there’s a strong case for governments to innovate in the regulatory space in a way that’s like innovation in the tech sector itself. Instead of waiting for every issue to mature, governments can act more quickly and incrementally with limited initial regulatory steps—and then learn and take stock from the resulting experience. Just as for a new business or software product that ships as a “minimum viable product,” the first regulatory step would not be the last.

If governments can adopt limited rules, learn from the experience, and subsequently use what they learn to add new regulatory provisions—much as companies add new features to products—it could put laws on a path to move faster. Officials must still consider broad input, remain thoughtful, and be confident that they have the right answers for at least a limited set of important questions. But by bringing some of the cultural norms developed in the tech sector into the regulation of technology itself, governments can start to catch up with the pace of technological change.

Governments also can help stimulate market forces through their actions. They typically rank among a nation’s largest technology purchasers, and their procurement decisions can have a powerful impact on overall market trends. Even more important, governments have large and valuable data repositories. By making these data available to the public in appropriate and defined ways, governments can have a decisive influence on the technology markets that will put these data to use. For example, they can help stimulate better‑informed public‑sector and civic efforts to match the skills needed for new jobs with people who want to pursue them. And doing so provides a powerful tool that governments can use to help accelerate the adoption of open‑data models.

A more active regulatory approach will require that government officials develop an even greater understanding of technology trends. This, in turn, will require more conversation between those who create technology and those who must regulate it. This, too, has more than its share of challenges. Historically there has never been a national business or technology center as distant from a country’s capital as Silicon Valley is from Washington, D.C. And the geographic gulf of almost 2,500 miles fails to capture the real distance between America’s political and technology capitals. As Margaret O’Mara, a historian at the University of Washington, recently put it, “Operating far away from the centers of political and financial power in a pleasant and sleepy corner of Northern California, they created an entrepreneurial Galapagos, home to new species of companies, distinctive strains of company culture, and tolerance for a certain amount of weirdness.”

They do have at least one thing in common. Traveling to each place from Seattle (which has its own tolerant appreciation for weirdness), you can understand, given the excitement and activity in each location, why it’s easy to feel, once there, that each place is at the center of the world. But there’s a need to build a stronger bridge across this geographic divide.

Many in tech circles have asserted that people in government don’t understand enough about technology to regulate it properly—even while tech companies have benefited from all manner of government funding and support. It’s a view the press is too quick to reinforce as it jumps on the mistakes that legislators sometimes make if they ask a tech executive the wrong question, or even when they ask the right question the wrong way. But in my experience, government officials have come a long way since the morning 15 years ago when I was talking about digital advertising with a U.S. senator who was unaware that he could read The Washington Post on the internet.

Having worked in the technology sector for more than a quarter century, I realize that the products are complex. But so are contemporary commercial airplanes, automobiles, skyscrapers, pharmaceuticals, and even foods. You don’t hear any serious suggestion that the Federal Aviation Administration should leave aircraft unregulated because they are too complicated for people in government to understand. The flying public would not stand for it. Why is information technology fundamentally different, especially when many of an airplane’s components are now based on it?

The truth is that government agencies have long proved adept at developing the factual capacity to understand the products they regulate. This doesn’t mean the process is free of frustration or that everyone does an equally good job. Nor does it mean that all regulatory approaches make good or even common sense. But the tech sector needs to get over any illusion that it alone is capable of understanding information technology and its intricacies. Instead, it will need to do even more to share information about these nuances so the public and governments can better appreciate them.

A second challenge for governments is far more pronounced. The internet was designed to be a global network, and many of its benefits come from its connected nature. Perhaps more than any other technology in history, its influence and its geographical reach exceed the scope of any single government. This sets it apart from prior inventions such as the telephone, television, and electricity, which are based on networks or grids that typically correspond to national or state lines.

One way to appreciate this challenge is to consider the technology that perhaps was the most similar to digital technology in its regulatory impact. As the 1800s progressed, railroads played arguably a bigger role than any other invention in redefining the United States. They extended beyond the boundaries of the state governments that initially had assumed the most authority to regulate the economy. In the decades that followed the Civil War, the nation’s railroad companies in many ways became larger and more powerful than many state governments.

Things came to a head in the 1880s. There was virtually no tradition of regulating the economy at the federal level except during times of war, and proposals in Washington, D.C., to regulate railroads repeatedly went down in defeat. The state governments responded by passing laws to regulate railroad rates that affected trips beyond their borders. In 1886, the Supreme Court struck these down, ruling that the federal government alone had this power. Suddenly the public confronted a stark reality: The states could not regulate railroads, and the federal government had refused to do so instead. This new political dynamic broke the impasse, and the next year Congress created the Interstate Commerce Commission to regulate railroads. The modern federal government was born.

The global reach of contemporary information technology is akin to the railroad tracks of the 1880s that kept progressing beyond jurisdictional lines. But today there is no global counterpart to the ICC. And understandably, there exists no appetite for creating one.

How can governments regulate a technology that is bigger than themselves? This is perhaps the single greatest conundrum confronting technology’s regulatory future. But once you ask the question, one part of the answer becomes clear: Governments will need to work together.

Many hurdles will need to be overcome. Roiling geopolitical headwinds are causing many governments to pull inward. It’s difficult to expect great leaps in bringing nations together when the day’s dominant headlines talk about countries leaving trade blocs or pulling out of long‑standing treaties. And many governments are finding it difficult even to make decisions that matter only to themselves.

But amid these pressures, the inexorable course of technology is forcing more international collaboration. Issues such as surveillance reform, privacy protection, and cybersecurity safeguards have all required governments to deal with one another in new ways. We will need to continue to build coalitions of the willing. Six governments and two companies came together publicly in 2017 to address WannaCry, the cyberattack launched by North Korea that disabled computers in more than 150 countries in a single day. An initial group of 51 governments in 2018 was part of the support for the Paris Call, which advances cybersecurity, including through the protection of elections, in a multi-stakeholder effort that now counts more than 500 supporters. In each instance, there were important and even critical omissions. But progress came not by dwelling on who was missing but on who could be persuaded to join. This in turn led to continued momentum and additional expansion later on.

Some issues may lead to global consensus and others may not. Many of today’s technology issues involve questions of privacy, free expression, and human rights. A coalition of the willing is most likely to require the world’s democratic countries to come together. This is not a small group. Today there are roughly 75 democratic nations with a total population approaching 4 billion. This means that more people live in democratic societies than at any time in history. But recently, the world’s democracies have become less healthy. Perhaps more than that of any group of societies, their long‑term well‑being requires new collaboration to manage technology and its impact.

This makes it even more important to sustain momentum until the day the United States government resumes its long‑standing diplomatic role by both supporting and leading these types of international initiatives. There is no mistaking the fact that the world’s democracies are weaker when the United States stands apart.

Continued progress also requires governments to recognize that in addition to regulating technology, they need to regulate themselves. Issues such as cybersecurity and disinformation will shape the future of war and the protection of our democratic processes. Just as no industry in history has fully engaged in successful self‑regulation on its own, there’s no precedent for a nation protecting itself by relying solely on the private sector or even by regulating it. Governments will need to act together, and part of this will require new international norms and rules that limit national conduct and hold countries accountable when they violate those rules.

This will lead to new debates about the virtues of international rules. You can already hear concerns about how some countries will follow these rules while others will not. The world has had arms-control treaties and limitations in place since the late 1800s, and for more than a century, controversies have swirled around the same points. The harsh reality is that some countries will violate these agreements. But it is easier for the rest of the world to respond effectively when an international norm or rule is in place.

Many issues will require compromise. For successful business leaders who have helped build some of the world’s most valuable companies, this is not always easy to contemplate. They typically succeeded against long odds by doing things their own way; regulation will restrain their freedom in the future.

This, perhaps, explains why some tech leaders argue in public and assert even more in private that the greatest risk to innovation is that governments will overreact and overregulate technology. The risk is clear, but we currently remain far from falling over this precipice. Politicians and officials have started calling for regulation, but so far there’s been a lot more talk than action. Rather than fret excessively about the dangers of overregulation, the tech sector would be better served by thinking about what shape intelligent regulation should take.

There’s a final consideration, and it’s the most important. These issues are bigger than any single person, company, or industry, or even technology itself. They involve fundamental values of democratic freedoms and human rights. The tech sector was born and has grown because it has benefited from these freedoms. We owe it to the future to help ensure that these values survive and even flourish long after we and our products have passed from the scene.

This context provides clarity. The greatest risk is not that the world will do too much to solve these problems. It’s that the world will do too little. And it’s not that governments will move too fast. It’s that they will be too slow.

Technology innovation is not going to slow down. The work to manage it needs to speed up.