When the Eagles released "Hotel California" in 1977, they were singing about drugs and the grip that addiction can hold over people. "We are all just prisoners here of our own device" is a stark reminder of how our own actions can end up trapping us, from which "we can never leave". But in the 21st century, these lyrics have taken on a new meaning. Look around any crowded place nowadays and it’s quite clear that many of us have become prisoners of literally our own devices -- smartphones, tablets, laptops, anything and everything with an Internet connection. Our lifestyles practically require us to always be on and connected to everyone else.
The Internet is our digital drug, and while it has proven immensely useful as a communications utility and public good, it has also enabled a select handful of powerful companies to take advantage of that need by monopolizing the Internet and segmenting it -- and us with it -- into silos under their control.
Not only is this kind of vertical integration bad for business -- effectively squeezing out smaller companies or up-and-coming digital entrepreneurs from breaking out as the new Facebook or the new YouTube -- but it slowly erodes away the average user’s freedom. Data has become its own currency, the oil of the digital world as many others are saying. As these monopolizing companies ask for more and more of it, we give it to them because we need their service; these services are so convenient to how we work with people. With that comes an increasingly omnipresent feeling of being watched, that our data is always collected and monitored, which in turn changes our behavior. We act differently if we’re always being watched -- and a forced change in behavior is a gradual disintegration of our online freedoms.
But it doesn’t have to be that way.
European Data Solutions in a Post-Safe Harbor World
The European Court of Justice’s ruling to invalidate the Safe Harbor agreement was a huge step forward for privacy advocates, both in the U.S. and the E.U. For too long American intelligence agencies like the NSA had been able to co-opt the data transfer deal to spy on the personal information of European citizens. But with the ECJ’s overturning of that agreement -- and with it, the NSA’s means of breathing down the necks of E.U. end users -- American companies will now have to find alternatives for facilitating intercontinental data transfers, alternatives that put data privacy and security front and center.
We’re already starting to see those alternatives bear fruit. Microsoft, whom the U.S. government has hounded to relinquish the emails of a Hotmail user stored on a Microsoft server in Ireland, recently announced that it was building a pair of new data centers in Germany, which will be managed and operated by an independent German "data trustee". That third party group will be the one responsible for storing and processing E.U. customer data, ensuring that it never leaves Germany -- and that, even if prompted by the U.S. government, Microsoft would be unable to access that user data unless permitted by the trustee.
While it’s a meager step forward, and a much bigger paradigm shift is likely waiting for us come January, Microsoft’s move is a significant signal to both the U.S. government and the E.U. public that European data privacy is not something to be infringed on so easily just to make spies’ lives easier.
CalEPCA and the Public Policy Laboratories of the States
The adoption of the California Electronic Communications Privacy Act (CalEPCA) in the U.S. also strikes a blow for privacy advocates and against government overreach by requiring law enforcement agencies to acquire a warrant before they can search through a person’s email, texts or other online documents -- regardless of it being stored on a device or in the cloud. This kind of legislation is not only sorely needed but long overdue. The federal government passed the Electronic Communications Privacy Act way back in 1986 -- and given how far the Internet and online communication have come in the last 30 years, that law may as well have been passed a century ago.
That kind of outdated legislation opens a lot of potential vulnerabilities and pain points for tech companies in charge of safeguarding customer data and simultaneously fielding data acquisition requests from law enforcement agencies. Authorities have long capitalized on these digital gaps in Fourth Amendment protections to ramp up data requests: Google has seen consumer data demands from law enforcement skyrocket by 180 percent over the past five years, and AT&T received over 260,000 similar requests in 2014 alone.
But CalEPCA brings a much-needed game changer to the table, now requiring law enforcement within the state to secure a judicial warrant before they can begin rifling through a California resident’s online life. It’s the same expectation we have of police before they can begin looking through homes and physical papers -- and the same expectation that 75 percent of Americans have, who believe that email, texts and location data qualify as sensitive information -- so why shouldn’t that be the standard for online too?
Although it’s only a state law affecting California now, it provides a model that others could follow on later, bringing to life Justice Louis Brandeis’ words of how a "state may, if its citizens choose, serve as a laboratory" for wider public policy. It’s especially significant that we’re seeing this lab experiment take place in California, America’s premiere tech hub and home to companies supporting the law like Apple, Google, Facebook, Dropbox and Twitter. There’s no state better to draw this line in the sand and show the government -- and the other 49 states, for that matter -- that it’s more than time for some 21st century data privacy rules.
"You can check out anytime…"
But, to contradict Don Henley, it’s finally time to leave. It’s time to leave the days where the Internet wasn’t treated as an essential communications utility. It’s time to leave the mentality that law enforcement and governments should be allowed to read your emails and text messages without provocation or permission, all for "your own protection". It’s time to leave the digital Hotel California so that we aren’t slaves to our own devices and the data brokers behind them, subconsciously changing our behavior online in the process, but in full control of where our information is being stored and who can see it. The invalidation of Safe Harbor and the passage of CalEPCA both signify a return to the democratization of the Internet and the resurgence of online privacy as a right, not a dispensable luxury.
Rafael Laguna is Chief Executive Office and co-founder of OX. Laguna was chairman of the board until 2008 when he became CEO. Under his guidance, OX extended its product offerings into SaaS and established the indirect distribution model through Cloud service providers. With more than 25 year’s experience, Laguna has a proven track record of success in building and growing software companies. He was crucial to the investment and the successful sale of SUSE Linux to Novell in 2004 and managed as chairman the turnaround of Bäurer AG and its subsequent takeover by Sage in 2006. Passionate about the open source movement, Laguna acts in an advisory role for openBIT e.V.