April 12, 2012
Surveillance-free ISP Promises Privacy Over Profits
An upstart telecom and Internet service provider seeks to give customers something very rare in an age of growing surveillance: the complete protection of privacy from government spying, wiretapping, and other unconstitutional anti-privacy measures.
The non-profit company, which is still in its planning stages, was founded by Nicholas Merrill, a 39-year-old former telecom engineer who previously ran a New York-based Internet provider.
Speaking with CNET on Tuesday, Merrill said he wants to build a company that guarantees strict privacy protections for users whenever they go online or use their mobile phones.
The national Internet and telecom company will be committed first and foremost to user privacy, using ubiquitous encryption that would offer privacy-protected mobile phone service and, for as little as $20 per month, Internet connectivity.
The company will use every technological means at its disposal, including encryption and limited logging, to protect customers´ privacy, said Merrill, who is working hard to raise funds to launch the services.
Perhaps of greatest importance, the non-profit company would challenge any government surveillance demands of questionable legality or constitutionality.
Numerous revelations have surfaced in the years following the September 11 terrorist attacks that show the tight relationship between the nation´s telecommunications companies and the U.S. government. Providers such as AT&T and Verizon have turned over billions of telephone records to the National Security Agency (NSA), CNET reported, with Qwest being the only major provider that refused to comply.
Verizon has handed over private customer data to the FBI without court orders, while whistleblowers at AT&T have accused the company of illegally opening its network to the NSA — a practice Congress made retroactively legal in 2008.
Such government intrusion on personal communications has only accelerated in recent years, with Congress and the administration showing no signs of slowing down.
In the past few months alone, lawmakers have sought to expand upon the parameters of the Patriot Act by debating SOPA and PIPA legislation as a means to control information passed between users over the Internet.
Meanwhile, the NSA is building a massive new facility in Utah that could become the world´s largest communications spying network, with the capability to monitor every electronic, voice, and Internet communication in the country -- and store the data onsite for years.
Merrill says his service, which will be run by the non-profit Calyx Institute with for-profit subsidiaries, will make its customers´ privacy top priority.
"Calyx will use all legal and technical means available to protect the privacy and integrity of user data," he told CNET.
If anyone could pull off such a feat, it just might be Merrill. The former telecom engineer is in the unique position of being the first ISP executive to fight back — and win — against the expanded surveillance powers the government has asserted under the Patriot Act.
In February 2004, the FBI sent Merrill a secret "national security letter" -- not a court order signed by a judge -- requesting confidential information about his customers. The letter also forbade Merrill from disclosing the existence of the request.
Merrill sought help from the American Civil Liberties Union (ACLU), fought the gag order, and won. A federal judge prohibited the FBI from invoking that part of the law, ruling that it was an "unconstitutional prior restraint of speech in violation of the First Amendment."
Merrill's identity was kept confidential for years as the litigation progressed through the courts.
In a 2007 op-ed published anonymously in the Washington Post, Merrill wrote that he resented “being conscripted as a secret informer for the government," particularly because he had “doubts about the legitimacy of the underlying investigation."
He was not permitted to publicly discuss his case until 2010.
Merrill said Calyx was inspired by those six years of incessant legal battles with the government. He described his vision of the service to CNET, saying it would include a wireless service like that offered by Clear, with injected end-to-end encryption for Web browsing. E-mail would be stored in encrypted form, so even Calyx couldn't read it after it arrives. These features would then be wrapped up into an easy-to-use package and sold at a competitive price. Ideally, around $20-per-month without data caps, Merrill said.
"The idea that we are working on is to not be capable of complying" with requests from the government for stored e-mail and similar demands, Merrill told CNET.
A 1994 federal law known as the Communications Assistance for Law Enforcement Act (CALEA) was highly controversial when it was enacted because it required telecom providers to equip their networks for easy wiretappability by the FBI. However, the law allows Internet service providers exemption from decrypting customer communications if they are without "the information necessary to decrypt."
In other words, make sure customers own their data, and are the only ones able to encrypt it.
Merrill is currently working to raise funds to launch his services, and has formed an advisory board that includes Sascha Meinrath from the New America Foundation, former NSA technical director Brian Snow and Jacob Appelbaum from the Tor Project, CNET reported.
Merrill´s goal is to raise $2 million to launch the service later this year. For now, Calyx is primarily self-funded, thanks to a travel grant from the Ford Foundation.
Merrill is heading to Silicon Valley later this month to meet with venture capitalists and individual angel investors.
"I am getting a lot of stuff for free since everyone I've talked to is crazy about the idea," Merrill said.
"It's a really urgent problem that is crying out for a solution.”
Indeed, the CNET article about Calyx generated widespread interest on Reddit (www.reddit.com/r/technology/comments/s479x/this_internet_provider_pledges_to_put_your/), with many people wanting to know how they could donate to help the nascent company get off the ground.
"There has been a ton of interest in the idea," Merrill told CNET.
The outpouring of support led Merrill to set up a contribution page on the crowdfunding platform IndieGoGo.com. Merrill said he decided to try crowd-sourced funding to prove that demand for a privacy-first ISP exists.
“I would like to let you know that we have a crowd-sourced funding campaign running now at IndieGoGo, where we are trying to raise funds to launch this highly disruptive and challenging project,” wrote Merrill on the Calyx Web site.
Merrill has set a $1 million target. If he reaches that goal, IndieGoGo takes a smaller percentage of the funds.
ACLU deputy legal director Jameel Jaffer said there is a need for telecom and Internet providers, such as Calyx, that push back against the expansion of intrusive government surveillance.
"Our ability to protect individual privacy in the realm of telecommunications depends on the availability of phone companies and ISPs willing to work with us, and unfortunately the number of companies willing to publicly challenge the government is exceedingly small,” he said.
"I have no doubt that such an organization would be extremely useful.”