In something of a flashback to 2001, Microsoft is once again the target of an antitrust lawsuit. Google and other tech companies are facing similar challenges as governments have found the political will to go up against big tech, at least for now. While there are various legal arguments as to why tech companies should be split up, there are also good policy reasons for this. For this essay, I will focus on the sensible warning to not put all your eggs in one basket and argue that this is also rational for digital “eggs.” As might be expected, the 2024 CrowdStrike disaster will serve as the main example of why the one basket approach is a bad idea.
On July 19, 2024, CrowdStrike released a flawed update to its Falcon Sensor software causing about 8.5 million Windows systems to crash and become unable to properly restart. As of this writing, this was the largest outage in history. As businesses ranging from airlines to gas stations rely on these Windows systems, the impact was devastating, and it is estimated the financial damage was at least $10 billion done over the course of only a few hours. In addition to becoming a textbook case about how not to test and rollout security software, it also provides a lesson in the danger of putting some many digital eggs in one basket, especially given the inclination companies often have to cut corners and operate badly. The repeated, self-inflicted failures at the once respected Boeing provides another excellent example of how this sort of easily avoidable failures occur.
While the poor handling of the update is the main cause of the disaster, the fact that CrowdStrike was the security software on so many Windows systems enabled it to be a worldwide disaster. While Microsoft was not to blame, the market dominance of Windows was also a factor since Macs and Linux systems were not impacted by the failure of CrowdStrike. The case of CrowdStrike was, of course, unintentional but there are also intentional efforts to cause harm.
Like many people, I recently received a letter from Change Health Care informing me of a data breach that occurred back in February. While they did offer me free monitoring, my data (and probably yours) is now out in the wild, presumably being sold and used by criminals. Such data breaches are common for a variety of reasons. In terms of why health care data is targeted, the short version is that such data is very valuable and stealing it is relatively easy. The larger a company gets, the more desirable it is as a target. This is because breaching a large company is often not much more challenging than breaching a small company, but the potential payoff is greater. Unfortunately, these companies are not like monsters in video games in that the challenge of getting the treasure is not proportionate to the value of the loot.
This points to the obvious danger presented by data and software companies gaining dominance in markets: when they drop the basket, the eggs break. To be fair to these companies, they are playing the game of capitalism and trying to win it by maximizing their profits by grabbing as much of the market as they can. As noted above, some governments are pushing back but there is the question of whether this will continue in the United States with the change of administration. While the devil is in the details, this danger does provide an excellent justification for keeping market dominance in check, since this dominance entails that the eggs will be stuffed into one basket and companies have shown they are constantly poor stewards. Thus, good policy should be aimed at restricting the size of companies, not to “punish their success” but to mitigate the damage done to other companies and the public caused by their inevitable failures.