Thanks @Leonie, I read it with great interest. I have nothing systematic to add, but here are a few scattered remarks.
A nice surprise! Like you say, it was not obvious.
Are we sure that the tension is really between “big tech” and “open source”, and not between “monopolies” and “non-monopolies”? Back at the NGI Forum, @RobvanKranenburg and I participated in a discussion where a man called Oskar Deventer illustrated a vision for a “data wallet”, some kind of device with all your data, encrypted. People would enter into relationships with third parties, and give them only the data that these third parties needed in order to complete the interaction. The example usually given is that of the club bouncer, who asks to see your ID in order to make sure you are of drinking age. The bouncer, in fact, does not care about most of the data reported on your ID card, like your name, address, or place of birth. He only needs one bit of information: that you are, indeed, of drinking age. A data wallet could automate this process, because you could tell it “give bouncers access to my date of birth”.
But here is the catch. Suppose you are engaging in an interaction for which you have a need, and nowhere else to go. Maybe you are entering a foreign country, for a job interview. Maybe you are trying to open a bank account. What is stopping the immigration service, or bank, to ask your data wallet for all your data? You are vulnerable at that moment, so you might find it hard to push back, even if pushing back is within your right. Deventer’s answer was straightforward:
This is my nightmare. You cross the Chinese or US border, and then some kind of data vacuum cleaner empties your wallet. This might require issuers policy, stating once and for all what can be done with those data. But I do not yet know how to solve it.
With this kind of argument, Cory Doctorow and the EFF have recently turned to advocating aggressive antitrust policy for the tech sector. You would think that the European Commission would seize the opportunity, because it has the most experience in the world when it comes to regulating Big Tech (thanks to Mario Monti vs. Microsoft back in the day, and Margrethe Vestager vs. everyone more recently).
I am not sure I understand this point completely… but I was reminded of Cesar Hidalgo’s work on how human judge machines. His lab psych experiments show that humans judge humans on the basis of intentions, but machines on the basis of outcomes. Translated to safety-and-security, people might feel safer around (fallible) well-intentioned human decision makers than around (equally fallible) algos… is that what you mean?