polypoly polyVerse
2022-08-25

We have interviewed Lars Eilebrecht, CISO of polypoly and member of our Advisory Board. Lars is a software engineer, solutions architect, IT security expert, and Open Source evangelist. He is one of the original developers of the Apache HTTP Server, and co-founder and former Vice President of the Apache Software Foundation.

Tell us a little about yourself. What is your core expertise?

My core expertise is information security, and also to some extent data privacy. But privacy more from the technical side than from the legal point of view. E.g., how to actually apply and implement the requirements of the GDPR. My interest in security started with my studies in computer engineering. One of the classes I took was cryptography. and that really got me interested in the topic of security. Even though I haven't exclusively worked in the security field, it was mostly technical positions where security played a role. And especially now at polypoly it's security with a very strong focus on all aspects of privacy, essentially because that's what we are trying to sort out.

What, in your opinion, is the main problem with the current data economy?

We have several large problems. One is obviously the fact that the majority of companies – mostly in the US – in some way harvest our data, or have access to it. So in Europe we don't have that much in terms of data capital. The other thing is that it unfortunately has become normal that whenever you sign up for a new service like installing a new app, you first have to tick the box accepting their privacy policy. Obviously, people rarely read these things, or if they do, it's difficult to understand what it means for your data and for you. Basically it has become normal that we give away our data to get some free service or even some paid services that analyse customer data and also harvest it in some way, and potentially even selling the data at some point. That needs to change. It shouldn't be normal in order to use a service that I have to immediately give away my data, at least not without knowing exactly what I'm giving away, and what the company is going to do with this. These are the fundamental problems that need to be changed in my opinion.

What motivates you to help solve these problems? Did anything in particular trigger your interest?

I think it's basically two things. On one hand I realized that talking to Thorsten Dittmar, polypoly’s initiator, what the huge scope of their mission actually is. And who doesn't love a nice challenge? It's not going to be easy but that’s part of the fun. The other thing is earlier I said that I'm interested in and care about security and privacy. So among my friends and family I've always been the most privacy conscious person. For example, I don't use WhatsApp because of my privacy concerns. Sometimes that results in raised eyebrows and people not understanding why I'm not using something that friends and family are using. But I've always been the one trying to understand how something works? Is it actually secure? Is it a threat to my privacy? What happens with my data? Based on these, deciding if I use a service or function, I try to limit my exposure. It's difficult to avoid giving away your data in some way, otherwise you can barely use any services. But that's really what the challenge is: To actually change that.

What is the best way to motivate everyday people to join the movement for a fair data economy?

Having worked in security companies or companies that have produced security products that help with privacy, my experience is that simply telling people this gives you more security, or this gives you better privacy isn't going to help. You need to incentivize people to use things like the polyPod, or become a member of the polypoly Cooperative. And I think that only works if they provide an obvious benefit of better insight in and control of their personal data. And potentially at some point in the future, being able to generate income out of your data, because that's what companies like Facebook are doing. They're selling your data, they're using your data, that's how they make money. So it should be possible that everyone can make some money with their own data while still being in full control over it.

How did you become aware of polypoly? And why do you think polypoly is part of the solution?

I blame you! But seriously, just after you started with polypoly you encouraged me to take a look at the company. I think polypoly has been carefully planned. There are several companies that have tried in the past, or are currently trying to solve the problem in some way, or are creating tools that offer better privacy or better insight into user data. But with polypoly I think what is most unique is how it has been conceptualized as a whole. On one hand, we have the polypoly Cooperative which is the European Union’s first data cooperative; it has been chartered in such a way that it’s impossible for any large company to purchase, take majority ownership, or shut it down. For example – what has happened in the past in some cases – smaller companies and startups were bought out, and then the privacy friendly solution basically disappeared. Then we have polypoly Enterprise which focuses on the B2B market, because it's not just about benefits for consumers, but also for businesses and government entities who want to handle their users' data in a privacy-friendly way. And most importantly, we have polypoly Foundation which exists to assist data cooperatives beyond the EU and consult with governments to facilitate that objective. So I think we have a very unique and promising set up, and I believe there's a good chance we can make this work. And I'm not just talking about the technical side of things, but making it work also from a organisational and political point of view.

Given your expertise, how would you advise polypoly to move forward?

I think at this point it’s just a matter of continuing the development of polyPod. There are many people who have started using it or tried it, but at this point it provides limited functionality. We are just at the beginning of this whole journey. And I think it needs more features to incentivise people to continue using it, to put their data in the polyPod and also to potentially become a member of the cooperative. We need the polyPod as the flagship of the entire polypoly movement. It needs to show what's happening with your data, how much data is actually out there available from the various companies, especially the big ones, like Facebook, Google, Amazon, Apple, et cetera. Then we can get an insight into the immensity of being able to do something with our data that we're not able to do by using each of these services individually.