[AfrICANN-discuss] This Internet provider pledges to put your
privacy first. Always.
Anne-Rachel Inné
annerachel at gmail.com
Sun Apr 15 13:28:22 SAST 2012
This Internet provider pledges to put your privacy first. Always.
http://news.cnet.com/8301-31921_3-57412225-281/this-internet-provider-pledges-to-put-your-privacy-first-always/
Step aside, AT&T and Verizon. A new privacy-protecting Internet service and
telephone provider still in the planning stages could become the ACLU's
dream and the FBI's worst nightmare.
<http://www.cnet.com/profile/declan00/>
by Declan McCullagh <http://www.cnet.com/profile/declan00/> April 11, 2012
4:00 AM PDT
[image: Nick Merrill, who challenged a demand from the FBI for user data,
wants to create the world's first Internet provider designed to be
surveillance-resistant.]
Nick Merrill, who challenged a demand from the FBI for user data, wants to
create the world's first Internet provider designed to be
surveillance-resistant.
(Credit: Sarah Tew/CNET)
Nicholas Merrill is planning to revolutionize online privacy with a concept
as simple as it is ingenious: a telecommunications provider designed from
its inception to shield its customers from surveillance.
Merrill, 39, who previously ran a New York-based Internet provider, told
CNET that he's raising funds to launch a national "non-profit
telecommunications provider dedicated to privacy, using ubiquitous
encryption" that will sell mobile phone service and, for as little as $20 a
month, Internet connectivity.
The ISP would not merely employ every technological means at its disposal,
including encryption and limited logging, to protect its customers. It
would also -- and in practice this is likely more important -- challenge
government surveillance demands of dubious legality or constitutionality.
A decade of revelations has underlined the intimate relationship between
many telecommunications companies and Washington officialdom. Leading
providers including AT&T and Verizon handed billions of customer telephone
records <http://www.usatoday.com/news/washington/2006-05-10-nsa_x.htm> to
the National Security Agency; only Qwest refused to participate. Verizon turned
over customer data<http://www.washingtonpost.com/wp-dyn/content/article/2007/10/15/AR2007101501857.html>to
the FBI without court orders. An AT&T whistleblower accused the
company
of illegally opening its
network<http://news.cnet.com/ATT-sued-over-NSA-spy-program/2100-1028_3-6033501.html>to
the NSA, a practice that the U.S. Congress retroactively made
legal in 2008 <http://news.cnet.com/8301-13578_3-9986716-38.html>.
By contrast, Merrill says his ISP, to be run by a non-profit called the Calyx
Institute <https://www.calyxinstitute.org/> with for-profit subsidiaries,
will put customers first. "Calyx will use all legal and technical means
available to protect the privacy and integrity of user data," he says.
Merrill is in the unique position of being the first ISP exec to fight back
against the Patriot Act's expanded police powers -- and win.
Nick Merrill says that "we will use all legal and technical means to resist
having to hand over information, and aspire to be the partner in the
telecommunications industry that ACLU and EFF have always needed but never
had."
(Credit: Sarah Tew/CNET)
In February 2004, the FBI sent Merrill a secret "national security letter"
(not an actual court order signed by a judge) asking for confidential
information about his customers and forbidding him from disclosing the
letter's existence. He enlisted the ACLU to fight the gag order, and won. A
federal judge barred<http://news.cnet.com/Judge-disarms-Patriot-Act-proviso/2100-1028_3-5388764.html>the
FBI from invoking that portion of the law, ruling it was "an
"unconstitutional prior restraint of speech in violation of the First
Amendment."
Merrill's identity was kept confidential for years as the litigation
continued. In 2007, the Washington Post published his anonymous
op-ed<http://www.washingtonpost.com/wp-dyn/content/article/2007/03/22/AR2007032201882.html>which
said: "I resent being conscripted as a secret informer for the
government," especially because "I have doubts about the legitimacy of the
underlying investigation." He wasn't able to discuss his case
publicly<http://www.washingtonpost.com/wp-dyn/content/article/2010/08/09/AR2010080906252.html>until
2010.
His recipe for Calyx was inspired by those six years of interminable legal
wrangling with the Feds: Take wireless service like that offered by Clear,
which began selling 4G WiMAX broadband in
2009<http://news.cnet.com/8301-1035_3-10353237-94.html>.
Inject end-to-end encryption for Web browsing. Add e-mail that's stored in
encrypted form, so even Calyx can't read it after it arrives. Wrap all of
this up into an easy-to-use package and sell it for competitive prices,
ideally around $20 a month without data caps, though perhaps prepaid for a
full year.
"The idea that we are working on is to not be capable of complying" with
requests from the FBI for stored e-mail and similar demands, Merrill says.
A 1994 federal law called the Communications Assistance for Law Enforcement
Act <http://epic.org/privacy/wiretap/calea/calea_law.html> was highly
controversial when it was enacted because it required telecommunications
carriers to configure their networks for easy wiretappability by the
FBI<http://news.cnet.com/Feds-step-up-push-to-wiretap-VoIP-calls/2100-7352_3-5157282.html>.
But even CALEA says that ISPs "shall not be responsible for decrypting"
communications if they don't possess "the information necessary to
decrypt."
Translation: make sure your customers own their data and only they can
decrypt it.
Merrill has formed an advisory
board<https://www.calyxinstitute.org/about/advisory_board>with members
including Sascha Meinrath from the New America Foundation;
former NSA technical director Brian Snow; and Jacob Appelbaum from the Tor
Project.
"I have no doubt that such an organization would be extremely useful," ACLU
deputy legal director Jameel
Jaffer<http://www.aclu.org/blog/author/jameel-jaffer>wrote in a letter
last month. "Our ability to protect individual privacy in
the realm of telecommunications depends on the availability of phone
companies and ISPs willing to work with us, and unfortunately the number of
companies willing to publicly challenge the government is exceedingly
small."
The next step for Merrill is to raise about $2 million and then, if all
goes well, launch the service later this year. Right now Calyx is largely
self-funded. Thanks to a travel grant from the Ford Foundation, Merrill is
heading to the San Francisco Bay Area later this month to meet with venture
capitalists and individual angel investors.
"I am getting a lot of stuff for free since everyone I've talked to is
crazy about the idea," Merrill says. "I am getting all the back-end
software written for free by Riseup <https://help.riseup.net/en> using a
grant they just got."
While the intimacy of the relationship between Washington and
telecommunications companies varies over time, it's existed in one form or
another for decades. In his 2006 book titled "State of
War<http://www.amazon.com/gp/product/0743270665/002-4042663-9225666?v=glance&n=283155>,"
New York Times reporter James Risen wrote: "The NSA has extremely close
relationships with both the telecommunications and computer industries,
according to several government officials. Only a very few top executives
in each corporation are aware of such relationships."
Louis Tordella, the longest-serving deputy director of the NSA,
acknowledged overseeing a project to intercept telegrams in the 1970s.
Called Project Shamrock, it relied on the major telegraph companies
including Western Union secretly turning over copies of all messages sent
to or from the United States.
"All of the big international carriers were involved, but none of 'em ever
got a nickel for what they did," Tordella said before his death in 1996,
according to a history<http://www.cia.gov/csi/studies/winter99-00/art4.html>written
by L. Britt Snider, a Senate aide who became the CIA's inspector
general.
Like the eavesdropping system that President George W. Bush secretly
authorized<http://news.cnet.com/Bush-allies-defend-NSA-surveillance/2100-1028_3-6030518.html>,
Project Shamrock had a "watch list" of people whose conversations would be
identified and plucked out of the ether by NSA computers. It was initially
intended to be used for foreign intelligence purposes, but at its peak, 600
American citizens appeared on the list, including singer Joan Baez,
pediatrician Benjamin Spock, actress Jane Fonda and the Rev. Martin Luther
King Jr.
[image: Nick Merrill says that "if we were given any orders that were
questionable, we wouldn't hesitate to challenge them in court."]
Nick Merrill says that "if we were given any orders that were questionable,
we wouldn't hesitate to challenge them in court."
(Credit: Sarah Tew/CNET)
Even if Calyx encrypts everything, the surveillance arms of the FBI and the
bureau's lesser-known counterparts will still have other legal means to
eavesdrop on Americans, of course. Police can remotely install
spyware<http://news.cnet.com/8301-10784_3-9746451-7.html>on a
suspect's computer. Or install
keyloggers <http://news.cnet.com/8301-10784_3-9741357-7.html> by breaking
into a home or office. Or, as the Secret Service outlined at last year's
RSA conference, they can try to guess
passwords<http://news.cnet.com/8301-31921_3-20035168-281.html>and
conduct physical surveillance.
That prospect doesn't exactly please the FBI. Last year, CNET was the first
to report <http://news.cnet.com/8301-31921_3-20032518-281.html> that the
FBI warned Congress about what it dubbed the "Going Dark" problem, meaning
when police are thwarted in conducting court-authorized eavesdropping
because Internet companies aren't required to build in back doors in
advance, or because the technology doesn't permit it. FBI general counsel
Valerie Caproni said at the time that agents armed with wiretap orders need
to be able to conduct surveillance of "Web-based e-mail, social networking
sites, and peer-to-peer communications technology."
But until Congress changes the law, a privacy-first ISP like Calyx will
remain perfectly legal.
"It's a really urgent problem that is crying out for a solution," Merrill
says.
*Update 12:05 p.m. PT:* This article sparked a lengthy Reddit
thread<http://www.reddit.com/r/technology/comments/s479x/this_internet_provider_pledges_to_put_your/>,
complete with repeated suggestions that Nick Merrill should turn to
Kickstarter to raise money. Merrill told me this morning that Kickstarter
"wouldn't accept Calyx as a campaign because it's not a physical product,
or arts-related." But he has set up a contribution
page<http://www.indiegogo.com/calyx>,
with a $1 million target, on IndieGogo.com, a self-described crowdfunding
platform. "There has been a ton of interest in the idea," Merrill told me.
"Due to popular demand I have decided to try crowd-sourced funding the idea
in order to prove that the demand exists." If he makes the $1 million
target, IndieGogo takes a smaller percentage. Internet privacy aficionados,
what say you?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.afrinic.net/pipermail/africann/attachments/20120415/58f0c3fe/attachment.htm
More information about the AfrICANN
mailing list