Alternative Compliance


To better support small businesses operating in regulated sectors, we should develop “alternative compliance” mechanisms — parallel regulatory regimes that achieve the goals of existing regulations but take an alternative, data-oriented approach to achieving them.  Such an approach would be especially friendly to the smallest of small businesses, and would take advantage of available connectivity and data, simultaneously achieving the public goals of access to economic opportunity and public safety / consumer protection.

Access to work and jobs

Digital platforms are enabling new ways of working.  It’s easier than ever to start a small business, whether that’s cutting hair, giving rides, running errands, making food, providing professional services, or making products.  Financing platforms like Kickstarter, Indiegogo and CircleUp make it easier to raise capital (when that’s necessary), and marketplace platforms like Lyft, Thumbtack, Upwork, Etsy and Josephine not only make it easier to reach customers, but also provide trust & safety systems necessary to secure commerce.

The result is that it’s never been easier to find, get, or make-your-own, work. Digital platforms make onboarding fast and convenient, and give workers / makers / sellers the ability to get into market and build their reputations & businesses from there.

This is by and large a good thing.  We want access to jobs and work; we want a broad diversity of products and services; we want more competition in the marketplace; we want quality and convenience for customers.  Digital platforms give us all these things.  It is a profoundly pro-small-business and pro-consumer moment in time.

The traditional regulatory model: barriers to entry

But of course, there is a catch.  The process of quickly on-boarding via a digital platform, getting yourself out into the market, and building a reputation over time (tracked by data in a digital platform) is often at odds with our traditional mechanisms for regulating commerce, which have always employed a licensing / permission based model, where the main tool is creating barriers to entry.

Regular readers will recognize this diagram and the following one:

Screen Shot 2016-08-04 at 1.30.48 PM

The traditional approach makes sense in a time when the ability to monitor and track compliance is limited and enforcement is expensive.  For a long time (really, until just the last few years), this has been the case.

However, by its nature, this model is exclusionary — it is hard to get started, because it takes time and money to fulfill typical regulatory requirements.  This has the effect of advantaging larger businesses over smaller ones, incumbents over startups, and companies over individuals.

Further, the overall effectiveness of this style of regulation is limited — once actors are in the market, ensuring for public safety and consumer protection is difficult and expensive, leading to a standard regime of occasional spot checking (think restaurant inspections) and attention only to the most egregious violations.

The web model: fewer barriers to entry, but more accountability

Given the real-time data infrastructure of the web, an alternative model is possible, which focuses on accountability over permission / barriers to entry:

Screen Shot 2016-08-04 at 1.30.55 PM

This is how every web platform works: by increasing the use of data to increase accountability, we are now able to lower the initial barriers to entry.  

The result is a powerful democratizing effect, across every industry (ride sharing, home sharing, manufacturing, cooking, professional services, etc), making it easier for small businesses to get started and reach customers.  Consumers have more choices, and more competition on the supply side makes the market healthier.

It also leads to many (realized and potential) improvements in public safety and consumer protection, as constant performance monitoring leads to an unprecedented level of accountability.  This comes not only in the form of peer review (ratings on eBay, Lyft, etc.) but also in the form of vast volumes of data (coming from apps, phones, sensors, etc.) that give us a granular, real-time view of what’s happening.  This is brand new and very powerful from a regulatory and public policy perspective.  

Conflicts between the traditional model and the web model

And now, in every regulated sector, we are seeing a clash between the traditional, permission + barriers-to-entry model and the web’s data + accountability model.

For one recent example, we can look at the acceleration of the home-cooked food economy, fueled (but not created) by platforms such as Josephine and Homemade.  Sarah Kessler from FastCo details the recent conflicts in The Food-Sharing Economy Is Delicious And Illegal—Will It Survive?

Here, we see the tension between independent food entrepreneurs (people selling prepared food from their home kitchens) and the traditional food safety regulators.  While health departments have always cracked down on DIY food sales, the issue is exacerbated now by the addition of digital platforms further opening these markets, and providing systems to reduce friction from these transactions.

In the article, Sarah quotes me on an idea for “alternative compliance mechanisms” that could help bridge this divide, and that’s what I want to focus on here.

Bridging the gap: alternative compliance for web-enabled small businesses

Alternative compliance is a mechanism for achieving the goals of traditional consumer safety regulations, but using different tools & approaches.  Same goals, alternative techniques.  

I propose that in regulated sectors (housing, transportation, health, food, labor, etc), we seek to design, in parallel to existing regs, alternative compliance regimes that rely on data & accountability rather than up-front barriers to entry; in short: the ability to opt-out of existing regulations by opting-in to a data-sharing agreement.  


Given any sector where such an alternative compliance mechanism exists, businesses could choose whether to be regulated under the traditional regime, or instead opt-into the alternative compliance regime.  Doing so would relieve them of the traditional regulatory requirements, but would introduce new, data-oriented requirements.  Note: this applies to existing businesses as well — so this is not just special treatment for small businesses or web companies, but rather an alternative regulatory paradigm that any company can opt-in to if they so choose.

For example, to build on the food safety example, here’s what traditional food safety regulation often looks like (emphasis mine):

“If you want to sell food in California, your kitchen needs to have a sink—at least 18 by 18 inches in length and width and 12 inches deep—exclusively for washing and preparing food. It needs another sink with at least three compartments (“with two integral metal drain boards”) for washing, rinsing, and sanitizing dishes. Countertops must be “nonabsorbent,” typically stainless steel, and the lightbulbs above where you prepare food should be “shielded, coated, or otherwise shatter-resistant.” Your can opener must have a “piercing part” that can be removed and cleaned. “It’s about a $50,000 effort,” says Peter Ruddock, the coordinator of the California Food Policy Council. “It would be a significant investment to turn your kitchen into something that you wouldn’t want [in your home].”

An alternative regime might look something like this:

  • Chefs must register with an online platform (Josephine, Homemade, or any other that complies with some basic standards — including possibly one run by a regulator) and create a profile.
  • All transactions must include a verified user review / rating.
  • Platforms must be transparent in disclosing data about cooks (level of experience, details of ratings, etc) to end customers.
  • Aggregate performance data must be shared by the platform with the health department.  Specific inquiries can be facilitated based on evidence of specific harms.  In return for providing this data, platforms receive immunity from intermediary liability.  (Getting this right will be hard, but it is critical.)
  • Individual cooks must have access to their own data in downloadable/API form, thus limiting potential market power of any one online platform.
  • On an ongoing basis, adjustments to related policies can be made based on evidence gained from the data.

In addition to these general ideas, you could also include industry- or function-specific requirements, such as:

  • Require low-cost sensors (of some kind) in any active kitchens (for home cooked food)
  • Link OBD port for acceleration & other driving data (for on-demand drivers)
  • etc.

In alternate compliance mode, getting started as a home chef costs $100, vs $50,000 to build a traditional commercial kitchen.  This is just a sketch, but it gets at the main point, which is that it’s possible to design a parallel system to support data-driven regulation where that’s possible.

In considering such an idea, we’d want to keep the following ideas in mind:

As good or better

Importantly, when we talk about “alternative” compliance, we should stress that doesn’t mean “worse” or “not at all”.  In fact, the level of effectiveness that we should be shooting for is as good or better than existing regulations.

Exactly how “as good or better” is achieved depends on the context of the specific sector, but would be driven by the data (aggregate and individual, summary and real-time) collected by the various platforms and interpreted over time for policy development and enforcement.

Real-time response

One way in which data-driven regulatory systems can improve on traditional systems is the speed in which responses can be handled.  When data is coming from many sources in real-time or near-real-time, responses (such as enforcement or policy adjustments) can happen much more quickly.  In addition, trends can be noticed sooner, based on early signals from widespread data, giving regulators a chance to get further ahead of growing problematic situations.

Lower cost of operations & enforcement

Given the low marginal cost of additional data, alternative, data-driven regulatory regimes can be operated at a lower cost than traditional licensing-and-enforcement regimes.  While there is significant up-front cost in designing and building such infrastructure (as is the case with building any web platform), the ongoing costs are exceedingly low.  In the case of alternative compliance via partnership (with existing tech platforms) regulators can theoretically piggyback on platform investments made by companies already in market.

Further, certain accountability functions can be crowdsourced.  For example, imagine visitors at airbnb venues reporting on the existence of smoke detectors & fire extinguishers, much the same way that users of Foursquare crowd-source data about restaurants (what are the hours, do they accept credit cards, etc).  By building infrastructure for end-users to report data, the centralized burden on monitoring and enforcement can be further reduced.

Either / or, not both

It’s important that such a system would need to be “either / or” — meaning, businesses (chefs, drivers, etc) would be regulated either by the old system or by the new one — not both.  This is important, because the whole point of reducing barriers to entry is to allow market participants who wouldn’t have made it before under the permission/licensing based system.  So, if we were to use an alternative compliance mechanism, but the newly available data to simply enforce the all of existing rules, then we’re missing the whole point.

For example, if we allow home-cooked food sales if it’s tracked by an online platform, but then use the data in the platforms to enforce existing home-cooked food laws and put the chefs out of business, all we are doing is creating a better enforcement system for existing laws, not broadening the scope of what’s possible and safe in the world, and really opening up markets to new entrants.

The big opportunity here is to give ourselves the space to explore new ways of doing things, to innovate, to experiment, while still reserving the right to make adjustments if the situation warrants it.  

We need to give ourselves room to change our norms, policies and laws, over time, as we become comfortable with new technologies and new ways of doing things.  This is what innovation is — and this is why it’s so important to not simply enforce the current laws to their maximum extent, but rather to give ourselves the space to explore new ways of doing things, while closely tracking the outcomes so we can manage for trust & safety.

Thus, participating in a digitally-enabled alternative compliance scheme should give market participants the chance to prove themselves outside of the existing rules — it must give them immunity from the existing rules, and the chance to prove that their businesses can be operated safely and in a trusted way, and monitored through data access.

Put another way, an alternative, data-driven compliance regime says “we’ll let you do this, so we can learn from it”.

For regulation that learns, data is an asset.

The trick, then, is to enable regulation that learns; regulation that’s dynamic, not static, that evolves and improves over time.

Critical to that goal is the mindset that data is an asset.  The more open we are to new kinds of business operating, the more we have the opportunity to see data that comes from activities, the more we can learn from the data, and then iterate on policy. Thinking about policy and regulation this way therefore biases us towards encouraging activity to happen, rather than stopping it from happening.

Building on existing regulations

One approach might be to build on top of an existing regulatory but hack to make it more useful.   For instance, perhaps within the context of, say, taxi licensing, one could construct an alternative approach to a single part of the process (perhaps vehicle inspection, or background checks — using a tool like Checkr).  Taking a partial or incremental approach can have the dual benefits of a smaller scope, and building off of systems that are already understood and trusted).

Possible approaches to implementation

An alternative compliance regime could be executed a number of different ways, for example:

  • By partnering with commercial platforms/marketplaces (as in the above example) — let any online platform become a compliance partner by meeting some basic, open standards.
  • By regulators building their own online infrastructure to manage registrations, transactions, and data (more difficult, but not impossible)
  • By using third-party platforms that broker data and transactions between commercial actors and regulators (such as Airmap for drones)
  • By establishing open standards for data reporting (similar to existing reporting requirements)

The point being, that what’s necessary to implement such an alternative compliance mechanism is a data platform.  In some cases that can be an existing platform, but it could be also be a new platform developed by the government.

Identifying suitable sandboxes

Bringing this high level idea down to earth, it makes sense to try and identify targeted areas where it would be possible to construct such an alternative regulatory environment.

An ideal sandbox would be a relatively narrow sector, with relatively low stakes in terms of public safety & consumer protection, in a jurisdiction where there’s sufficient local control and autonomy to try something new without having to do lots of coordination and negotiation across city/county/state/federal jurisdictions.

Regulating with Data

  •   Comments

At this year’s Personal Democracy Forum, the theme was “the tech we need“. One of the areas I’ve been focused on here is the need for “regulatory tech”.  In other words, tools & services to help broker the individual / government & corporation / regulator relationship. In a nutshell: we are entering the information age, and… Read more »

Cable boxes, ridesharing and the right to be represented by a bot

Here are two tech policy issues that don’t seem related but are: the FCC’s current push to open up the set-top-box, and the lawsuits challenging Uber’s and Lyft’s classification of drivers as independent contractors rather than employees. The way to see the connection is through the lens of control vs. competition.  More specifically, they are… Read more »

Crypto debate: separating Security from Control

For the past few weeks, I’ve been following the FBI / Apple phone unlocking case, and digging deep into the debate around encryption, security and privacy. This debate is as old as the sun, and the exact same arguments we’re going through now were fought through 20 years ago during the first crypto wars and… Read more »

The Freedom to Innovate and the Freedom to Investigate

Earlier this week, I was at SXSW for CTA‘s annual Innovation Policy Day. My session, on Labor and the Gig/Sharing Economy, was a lively discussion including Sarah Leberstein from the National Employment Law Project, Michael Hayes from CTA’s policy group (which reps companies from their membership including Uber and Handy), and Arun Sundararajan from NYU, who… Read more »

Internet meets world: rules go boom

  •   Comments

Since 2006, I’ve been writing here about cities, the internet, and the ongoing collision between the two. Along the way, I’ve also loved using Tumblr to clip quotes off the web, building on the idea of “the slow hunch” (the title of this blog) and the “open commonplace book” as a tool for tracking the… Read more »

Big innovation and small innovation

  •   Comments

Yesterday at one of our bi-monthly team deep dives at USV, we got into the conversation of essentially “Big Innovation” vs. “Small Innovation”.  Those who have followed USV for some time know that at the core of the investment thesis is a belief in “decentralized”, “bottom-up” innovation — the kind that really became possible with… Read more »

Beam should have a hardware API

  •   Comments

We’ve got a few Beam telepresence robots at USV, and use them all the time.  Fred has written about them here.  We had a team meeting today, and we had two beams going at once — Fred and I were the first to arrive, and we were chatting beam-to-beam — he in LAUtah, me in Boston,… Read more »

Learning to skate

For the past few winters, I’ve been teaching my kids to ice skate.  Above is my son Theo at hockey practice a few weeks ago. At a certain point along the way, I got the bug and realized that skating was awesome and hockey was a beautiful sport.  So for the past year or so,… Read more »

Zero-rating: putting Net Neutrality to the test

It’s been an intense 10 months since the FCC approved its latest Open Internet rules (aka Net Neutrality). On the wired side, we’ve seen the unbundling of content, as channels such as HBO (via HBO Now) and ESPN (via Sling TV) have split from cable to go “over-the-top” with direct-to consumer offerings.  These are a direct result of the… Read more »

Hello, 2016

  •   Comments

Breaking the ice — been off the blogs for quite a while now. Looking forward to this year, the way I tend to every year.  2015 was a tough one for me personally — went through a bunch of shit on the family front that both demonstrated how tough life can be and also how… Read more »

As Massachusetts ponders ride-sharing regs, where’s the data?

  •   Comments

Today, hearings begin at the Massachusetts state house over how to regulate the budding ride-sharing / on-demand transportation industry (Uber, Lyft, et al). Adam Vaccaro over at has a good summary of the various competing bills — a pro-Uber bill that welcomes new Transportation Network Companies (TNCs) with relatively light-touch regulation, and a pro-taxi… Read more »

Supporting workers in the gig economy

  •   Comments

If there’s one thing I’ve learned throughout my years as a human, it’s that life is hard and people need help in order to make things work. That help can come in many forms: family, friends, co-workers, teachers, unions, healthcare providers, agents, assistants, coaches, therapists, strangers on the internet, you name it.  Point is, we… Read more »

Pain x Resistance = Suffering (the case for throughput)

  •   Comments

For the past nine months or so, I’ve been seeing a therapist specializing in mindfulness. Perhaps the best decision I’ve ever made. One of the things we spend a lot of time talking about is resistance – everyone has their own quirks and issues, and that’s one of mine.  The tendency to hit the brakes when… Read more »

Brutal honesty delivered kindly

  •   Comments

On my way to SF this week, I stopped over in Boulder, visited Techstars and then had dinner with Brad Feld, where got to talking about the dynamics inside and around venture firms.  He has obviously been doing this for a long time, and for me, less of a long time (3-1/2 yrs at this point)…. Read more »

The Blockchain as verified public timestamps

  •   Comments

Two weeks ago at USV’s annual CEO Summit, Muneeb Ali from OneName explained the blockchain in a way I hadn’t heard before, and which I thought was really helpful: the blockchain is time. That’s a somewhat abstract way of saying it, so more concretely we could say that: The blockchain is database of verified public timestamps. Every… Read more »

The more things change…

Here’s a slide from 2009, when we were convincing transit agencies to open up their data, and then later building MTA BusTIme:   And here’s one from yesterday, from a talk I gave at the Shift Conference (blog post to follow w more on that):    

Regulation, the Internet way

Today at USV, we are hosting our 4th semiannual Trust, Safety and Security Summit.  Brittany, who manages the USV portfolio network, runs about 60 events per year — each one a peer-driven, peer-learning experience, like a mini-unconference on topics like engineering, people, design, etc. The USV network is really incredible and the summits are a big… Read more »