How Companies Seized Power From States—and How States Can Claw It Back

On August 30, the Brazilian Supreme Court banned X—the social media platform formerly known as Twitter—from its country’s Internet. The ban was the culmination of a months-long fight between Elon Musk, the platform’s owner and the world’s richest man, and Alexandre de Moraes, one of the court’s justices. Moraes was tasked with investigating the role of online disinformation in attempts to keep former Brazilian President Jair Bolsonaro in power, despite losing the election. As part of these duties, Moraes had ordered X to take down hundreds of accounts spreading disinformation. In response, the platform accused the justice of censorship. Musk withdrew the representatives X legally needed to operate in Brazil, which eventually led the justice to prevent Brazilians from accessing the platform altogether.

Musk did not take kindly to the decision, comparing Moraes to an “evil tyrant.” But Musk did not confine his anger to harsh denunciations. According to reporting by The New York Times, he actively worked around the order. First, Musk encouraged Brazilians to use virtual private networks (VPNs) to evade the blockage. Then, his Starlink satellite network, which provides Internet service to subscribers directly from space, continued providing access to the site. Finally, X rerouted its Internet traffic through new servers, allowing it to circumvent Brazil’s telecommunication controls altogether.

Under mounting pressure from authorities in a country with a significant number of X users (and asset seizures), the company eventually agreed to block the disinformation accounts and pay off its fines. But the brazenness with which a tech mogul was able to defy a state’s decision makes a stark and scary fact very tangible: democratic governments have lost their primacy in the digital world. Instead, companies and their executives are increasingly in charge. This power shift is the sum of society’s systemic dependence on technology firms, the legal gray zones in which they operate, and the unique characteristics of emerging technologies such as artificial intelligence. It is a product of how public institutions have been stripped of their technological knowledge, agency, and accountability. It is a reality that generations of politicians of various parties have allowed to set in.

If democracy is to survive, leaders must fight this coup head on. They need to shrink their overdependence on powerful tech companies. They must empower public interest technology as a counterweight. They need to rebuild their own tech expertise. Most of all, they must build effective and innovative regulatory regimes that can meaningfully hold tech companies (and governments using tech) to account. Doing so is needed to sustain open, free, and vibrant digital societies based on the rule of law.

The Brazilian case is a reminder that it is not too late. Democratic authorities can reclaim their sovereignty and assert themselves effectively in tech—if they choose to use their muscles.

ALL THAT POWER

Private firms are constantly producing new technological inventions, but policymakers have failed to keep pace. In the United States, two key tech regulations, the Communication Decency Act and the Digital Millennium Copyright Act, were passed decades ago—in 1996 and 1998, respectively—long before Steve Jobs had even thought of the iPhone. In the years since, tech companies have progressed from developing products to operating entire systems that affect domains previously exclusively governed by states, such as digital infrastructure and its security guarantees. By unleashing their powerful tools and services into a world without proper guardrails, tech companies have become the de facto governors for technologies of great geopolitical significance, including facial recognition systems, satellite Internet connections, and some facets of intelligence collection. Microsoft has a Threat Intelligence Center that gathers insights as if it were the National Security Agency. Cryptocurrency companies mint their own money like the Federal Reserve. Amazon’s clean energy portfolio surpasses that of some countries, even as it builds power-hungry data centers.

As their authority grows, tech CEOs are becoming larger-than-life figures. Musk is perhaps the most obvious example, given his direct attacks on world leaders and involvement in politics. But other executives have also assumed outsized prominence in public life. Meta CEO Mark Zuckerberg has routinely been called to testified before Congress. He has argued that his business is key to the U.S. competition with China (and should thus be left untouched). Alphabet, Amazon, and Microsoft executives also frequently show up in Washington. In a one hearing, John Kennedy, a Republican senator, even asked the CEO of OpenAI, Sam Altman, whether he might run a possible U.S. AI regulatory agency. Politicians have abdicated their responsibility to unelected, unaccountable technology leaders.

As a result, tech firms large and small now exercise unprecedented power over even the most critical infrastructure. For example, they dominate undersea data cables, which serve as the transportation system for almost all the world’s Internet traffic. Nearly 99 percent of the world’s data travels through them, including $10 trillion in daily financial transactions and highly sensitive government information. Without the cables, all kinds of essential activity would become impossible. They should therefore be governed and secured by states or intergovernmental bodies. But instead, companies build, use, and maintain them as policymakers stand on the sidelines.

Tech companies are also deeply involved in state bureaucracies, making governments vulnerable in mundane but serious ways. In 2013, for example, Dutch tax authorities deployed controversial, privately built algorithmic risk assessments to identify fraudulent taxpayers. It was a disaster: because of faulty assessments, including through racial profiling, tens of thousands of families lost their homes, jobs, and custody over their children as the opaque, self-learning risk assessment tool was rigorous and discriminatory. The political fallout ultimately drove the government to resign and permanently damaged people’s trust in the state. But the company that deployed the faulty software has emerged relatively unscathed. Similar algorithms remain in use and on the market around the world, with the potential to wreak even more havoc.

WEAPONS OF WAR

Tech’s power grab extends to another core activity of states: war. AI applications have controversially been used to identify massive numbers of targets in Gaza. Ukraine uses satellite companies to gain intelligence and to communicate. This reliance has given tech firms remarkable leverage over how countries handle their defense. One of the companies Ukraine depends on, for example, is Starlink, which has emboldened Musk to weigh in on the conflict’s course. He has done so to call for peace negotiations along the lines of Kremlin objectives, irritating Kyiv and its supporters.

In other instances, tech firms have effectively become direct parties to conflicts. Confrontations increasingly take place in cyberspace, and so states increasingly depend on private companies for defense. Consider what happened when Colonial Pipeline’s networks were struck by a ransomware attack in 2021. The company is one of the biggest energy providers in the United States, and so the strike halted the flow of oil across much of the U.S. East Coast. Several U.S. states declared states of emergency as lines formed at gas stations. Flights had to be rerouted. At a meeting with tech CEOs in the aftermath of the attack, U.S. President Joe Biden conceded that “the reality is most of our critical infrastructure is owned and operated by the private sector.” He continued: “The federal government can’t meet this challenge alone.” It was a rare, open admission that the governmental had lost power when it comes to protecting the country in the digital realm.

Despite the growing use of destructive cyberattacks, the White House considers such attacks to be below the threshold of war. There are also no clear-cut international rules about what cyberattacks are prohibited. Espionage through digital means is typically not considered a violation of state sovereignty, so it is left unpunished. In 2022, Paul Nakasone, then the head of U.S. Cyber Command, said that the United States used offensive cyber capabilities to take out Russian targets but did not consider such attacks a direct engagement of Russia. Washington did, however, draw a redline at NATO’s borders for physically fighting Moscow’s forces.

In the midst of all this legal and political ambiguity, companies have become more comfortable acting as mercenaries. Spyware firms are for hire and sell sophisticated intelligence tools to dictatorships and democracies alike. Companies also play key roles in crucial nodes online: Amazon Web Services uses machine learning algorithms to go after state-sponsored threats, and Google’s Threat Analysis Group takes YouTube channels offline for running coordinated influence operations. These kinds of operations shift the domain of conflict to nonstate actors who have radically different motives—and levels of accountability—than governments.

THE MATRIX IS EVERYWHERE

Too often, states operate at an information disadvantage when it comes to technology. With few exceptions, they lack the access to information as well as expertise required to understand (let alone regulate) new algorithms and inventions. Because knowledge is power, this dearth leaves policymakers in a weak negotiating position vis-à-vis powerful tech companies, which leads to even more outsourcing. Companies such as Palantir Technologies are now trusted to perform critical data analyses when it comes to matters of defense, health care, and border control. They are doing so even though they lack the democratic authority, accountability, and experience needed to make these calls. “Saving lives and on occasion taking lives is super interesting,” Alex Karp, Palantir’s CEO, said in an interview with The New York Times in the summer of 2024—as if life-and-death decisions were a computer game.

Tech firms are also consolidating power through their pocketbooks. The biggest tech companies are exceptionally wealthy: Microsoft’s market cap stands at $3.2 trillion, more than the GDP of France, the seventh-largest economy in the world. As a result, these firms have no problem spending hundreds of millions of dollars on lobbying. And the lobbyists often find they are pushing on open doors. Because politicians and other officials have so little tech expertise, corporate representatives can easily mold their thinking. Tech companies have similarly used their money to frame the world’s collective understanding of their industry by investing in think tanks, conferences, and academic institutions.

One of the frames tech businesses have been most successful in promoting is that, as Facebook put it when trying to dissuade European regulators from implementing the EU’s data protection directive in 2012, “regulation stifles innovation.” This argument is as wrong as it is self-serving, especially as big tech companies become gatekeepers and make life for innovative start-ups difficult. Yet the phrase remains popular through today. Regulation is dynamic, not fixed, adjusting as industries do. In many cases, responsible guardrails have actually sparked innovation. Companies, for instance, invented more environmentally friendly or sustainable products after stricter environmental protection laws came into force. And even if regulation did slow innovation, the tradeoff may well be worth it. Philosophically, innovation is not more important than the rule of law, consumer protection, nondiscrimination, or any of the other values central to democracy. If an innovation has the potential to curtail fundamental rights or contradict public values, regulation has every right to supersede it. Politicians should recognize this fact and act accordingly.

But even if they do, they will run into more barriers. Tech companies have gained more power by refusing to explain how their products function. As a result, academics cannot independently research the inner workings of algorithms or AI applications. Tech firms engage in outright deception, too. When Microsoft sought political approval for a data center in Iowa in 2016, it did so under the pseudonym “Project Osmium.” Bidding behind shell companies has become the norm among tech companies. Uber took this practice of obfuscation further with Greyball. In that project, according to reporting by The New York Times, Uber identified law enforcement officers in jurisdictions where the company was not yet authorized to operate. It then made it so that, when they opened the app, they would struggle to determine whether Uber was, in fact, available in their areas. In this way, the company was able to work while evading detection. Outside of sporadic fines, governments have not done enough to rein in these practices, demand transparency, and hold companies accountable.

Regulators are further hampered by the raw pace at which tech advances. Companies have avoided the law in part by inventing technologies so quickly that they stay ahead of it. They can then engage in questionable behavior without having to worry about policy blowback. Clearview AI, for example, scraped the entire Internet for faces before anyone noticed. Large language models were trained on the text body of the entire Internet before governments could weigh in on questions about data protection or intellectual property rights, assuming laws protecting those rights are in force. As companies hoover up masses of information only to lock it behind corporate walls, public institutions lose access to information, and thus agency and credibility. The result is a death spiral, where private power eventually exceeds the capacity of public accountability.

REEL IT IN

So far, democratic governments appear to be shockingly unconcerned about the rising power of tech companies. Activists and journalists have repeatedly set off alarms about the industry, but consecutive U.S. administrations have been deliberately lax when it comes to the sector, hoping to laissez-faire their way through any and all concerns. The EU has been more proactive, but very few of its laws are aimed at ending the power grab. Democracies need a clear vision of how to comprehensively govern tech.

In a society where tech companies cumulatively have critical decision power, the government should take more effective action. The good news is that should they decide to, there are many ways democratic governments can move forward. They involve increasing policymakers’ knowledge about the workings of tech products and then effectively reining in businesses. Governments could start by adjusting trade secrecy protections for the age of algorithms. They should require that researchers have access to data and that tech systems used in the name of governments are accessible, for example, through Freedom of Information Act requests. Doing so would allow the public to learn how these systems operate, facilitating a well-informed regulatory debate. In a similar vein, companies should be held to stronger transparency standards when it comes to bidding on land and energy contracts for data centers or disclosing their investors. If a company is unwilling to say who funds them, they are unfit to do business in the open market.

To take advantage of this newfound transparency, lawmakers would also have to build up internal technology expertise. Such experts would balance out the cacophony of lobbyists trying to frame how lawmakers understand technology. The United States, for example, might bring back the Office of Technology Assessment, a congressional body that helped legislators understand new telecommunications and computing innovations and operated in full from 1974 to 1995. Policymakers need an OTA, or an OTA equivalent, in order to navigate an era that includes artificial intelligence, quantum computing, and biotechnology.

It is not too late to stop the tech coup.

At a more fundamental level, governments must shift the emphasis from passing laws to enforcing them in an agile manner. They need to anchor laws in core principles of justice, equality, nondiscrimination, and liability while doubling down on concrete, tangible enforcement mechanisms that can endure the next, inevitable technological breakthrough. Too often, enforcement is an afterthought, and oversight bodies are left underresourced. Governments must fix this problem by creating more powerful sticks. They could, for example, use procurement to induce behavioral change. As the largest spenders on information technology, states around the world have the financial sway needed to enforce cybersecurity and nondiscrimination standards as well as to hold companies accountable for violating existing laws or being negligent in preventing data breaches. They might do so by establishing a three-strikes model. After three clear strikes, a company should be out of the bidding market.

But the most nefarious tech companies must be outright banned from selling their antidemocratic technologies. In 2021, the U.S. Department of Commerce finally added the NSO Group, the Israeli firm that produces Pegasus spyware, to the Entity List, which limits the ease with which they are traded. This designation is well deserved: Pegasus is a spyware tool popular with repressive governments looking to surveil activists, journalists, and political opponents. But it came far too late. For years, the United States and other countries waffled on banning the company as it (and other firms like it) grew stronger and more sophisticated.

Regulations are just one part of the path forward. States should also invest significantly in creating public digital infrastructure, stronger academic research, and a better digital public square. Additionally, societies need to build a culture of tech ethics and accountability that compels companies to make the right decisions.

Any time the Musks of the world refuse to listen to judges and regulators, it is a good reminder of the fact that states have the ability to rein in big tech and prioritize democratic governance, if only they wanted to. It is not too late to stop the tech coup. But governments need to enact real, systemic reforms to win their power back and enshrine the rule of law.

Loading…