The fourth time was the charm.
Last Thursday, California Gov. Jerry Brown , which requires a warrant before California law enforcement can seize the contents or metadata of your communications, demand location records from your cell phone provider, or use a StingRay to gather information about your smartphone. This comes after Brown had vetoed in the past four years, none nearly as ambitious as CalECPA. So getting CalECPA signed into law is truly a watershed moment for California privacy law — but also a clear signal that we have a real opportunity to make digital privacy a reality across the country.
California’s economy is largely driven by cutting-edge technology, but until last week its digital privacy protections lagged far behind. That’s no longer the case. breaks from the archaic “180-day rule” in federal law and replaces arbitrary distinctions between “electronic communications services” and “remote computing services” with a single rule for any online service: Get a warrant.
It also ensures that not just the contents of your communications but the essential that reveals who you talk to, what you read about, and when and where you go receive the protection of a warrant standard. It covers not only direct physical searches of your smart phone but also remote access through new technology like StingRays. And it makes sure that every time a warrant is issued the target is actually notified so that surveillance is not secret forever. It’s a huge step forward in a state where even small steps were failing not long ago.
One of the reasons CalECPA was successful was because of the dramatic shift in public awareness of and attitudes towards surveillance over the past few years. Edward Snowden’s taught Americans that simplistic assurances that were no substitute for meaningful privacy protections. Evidence has mounted that police have misused surveillance powers to monitor First Amendment-protected activities like peaceful protests or . And events in Ferguson and elsewhere have continued to undermine trust in law enforcement and government in general.
The courts likewise have recently reaffirmed the right to privacy in our technological world. The Supreme Court has recently issued two unanimous decisions extending the Fourth Amendment’s warrant requirement to and . At the same time, Justice Scalia pointedly urged lawmakers to take up the mantle of moving privacy law forward, noting that “legislatures, enacted by the people, are in a better position than [courts] to assess and respond to the changes that have already occurred and those that almost certainly will take place in the future” when it comes to “privacy protection in the 21st century.” The White House has also called on lawmakers to update the law to
Meanwhile, eroding trust in both the government and technology has created a realization that the status quo is simply untenable. Online companies who lost of dollars as a result of the NSA revelations recognized that consumers’ willingness to engage in online activities hinged upon their possession of meaningful digital privacy rights. And law enforcement agencies also realized that they needed to rebuild partnerships with their communities rather than treating everyone like a suspect.
So when CalECPA was introduced in January of this year, we weren’t alone in supporting it. Instead, CalECPA was supported from the outset by tech giants like Google, Facebook, and Apple as well as more traditional civil rights and civil liberties organizations and community groups. And, unlike in years past, law enforcement agencies were ready to come to the table and work through specific substantive concerns rather than rejecting the entire concept of stronger privacy on principle. Some law enforcement agencies even formally joined the cause: the San Diego Police Officers Association officially supported CalECPA, stating that it “strengthens community relationships and increases transparency” and was “in the best interests of all Californians.” And that broad support paid off, giving California arguably the , if not the world.
But what happened in California doesn’t have to stay in California. The backdrop for CalECPA’s success is true nationwide: We the people ; companies want clear and consistent rules that help them rebuild consumer trust; and no one wants to be left behind as technological and societal progress marches on. Put that together and you have a recipe for change.
has moved at a glacial pace, with even modest reform a challenge to enact despite in the House alone. CalECPA shows that states don’t have to wait for D.C. — they can lead it instead. And the more states that follow, the more pressure there will be on the federal government to finally bring federal privacy law out of the digital dark ages. California has taken one big step towards that goal.
Who’s next?