[Infowarrior] - The privacy-first ISP
Richard Forno
rforno at infowarrior.org
Wed Apr 11 07:33:33 CDT 2012
This Internet provider pledges to put your privacy first. Always.
Step aside, AT&T and Verizon. A new privacy-protecting Internet service and telephone provider still in the planning stages could become the ACLU's dream and the FBI's worst nightmare.
by Declan McCullagh April 11, 2012 4:00 AM PDT
Nicholas Merrill is planning to revolutionize online privacy with a concept as simple as it is ingenious: a telecommunications provider designed from its inception to shield its customers from surveillance.
Merrill, 39, who previously ran a New York-based Internet provider, told CNET that he's raising funds to launch a national "non-profit telecommunications provider dedicated to privacy, using ubiquitous encryption" that will sell mobile phone service, for as little as $20 a month, and Internet connectivity.
The ISP would not merely employ every technological means at its disposal, including encryption and limited logging, to protect its customers. It would also -- and in practice this is likely more important -- challenge government surveillance demands of dubious legality or constitutionality.
A decade of revelations has underlined the intimate relationship between many telecommunications companies and Washington officialdom. Leading providers including AT&T and Verizon handed billions of customer telephone records to the National Security Agency; only Qwest refused to participate. Verizon turned over customer data to the FBI without court orders. An AT&T whistleblower accused the company of illegally opening its network to the NSA, a practice that the U.S. Congress retroactively made legal in 2008.
By contrast, Merrill says his ISP, to be run by a non-profit called the Calyx Institute with for-profit subsidiaries, will put customers first. "Calyx will use all legal and technical means available to protect the privacy and integrity of user data," he says.
Merrill is in the unique position of being the first ISP exec to fight back against the Patriot Act's expanded police powers -- and win.
Nick Merrill says that "we will use all legal and technical means to resist having to hand over information, and aspire to be the partner in the telecommunications industry that ACLU and EFF have always needed but never had."
In February 2004, the FBI sent Merrill a secret "national security letter" (not an actual court order signed by a judge) asking for confidential information about his customers and forbidding him from disclosing the letter's existence. He enlisted the ACLU to fight the gag order, and won. A federal judge barred the FBI from invoking that portion of the law, ruling it was "an "unconstitutional prior restraint of speech in violation of the First Amendment."
Merrill's identity was kept confidential for years as the litigation continued. In 2007, the Washington Post published his anonymous op-ed which said: "I resent being conscripted as a secret informer for the government," especially because "I have doubts about the legitimacy of the underlying investigation." He wasn't able to discuss his case publicly until 2010.
His recipe for Calyx was inspired by those six years of interminable legal wrangling with the Feds: Take wireless service like that offered by Clear, which began selling 4G WiMAX broadband in 2009. Inject end-to-end encryption for Web browsing. Add e-mail that's stored in encrypted form, so even Calyx can't read it after it arrives. Wrap all of this up into an easy-to-use package and sell it for competitive prices, ideally around $20 a month without data caps, though perhaps prepaid for a full year.
"The idea that we are working on is to not be capable of complying" with requests from the FBI for stored e-mail and similar demands, Merrill says.
A 1994 federal law called the Communications Assistance for Law Enforcement Act was highly controversial when it was enacted because it required telecommunications carriers to configure their networks for easy wiretappability by the FBI. But even CALEA says that ISPs "shall not be responsible for decrypting" communications if they don't possess "the information necessary to decrypt."
Translation: make sure your customers own their data and only they can decrypt it.
Merrill has formed an advisory board with members including Sascha Meinrath from the New America Foundation; former NSA technical director Brian Snow; and Jacob Appelbaum from the Tor Project.
"I have no doubt that such an organization would be extremely useful," ACLU deputy legal director Jameel Jaffer wrote in a letter last month. "Our ability to protect individual privacy in the realm of telecommunications depends on the availability of phone companies and ISPs willing to work with us, and unfortunately the number of companies willing to publicly challenge the government is exceedingly small."
The next step for Merrill is to raise about $2 million and then, if all goes well, launch the service later this year. Right now Calyx is largely self-funded. Thanks to a travel grant from the Ford Foundation, Merrill is heading to the San Francisco Bay area later this month to meet with venture capitalists and individual angel investors.
"I am getting a lot of stuff for free since everyone I've talked to is crazy about the idea," Merrill says. "I am getting all the back-end software written for free by Riseup using a grant they just got."
< - SNIP - >
http://news.cnet.com/8301-31921_3-57412225-281/this-internet-provider-pledges-to-put-your-privacy-first-always/
---
Just because i'm near the punchbowl doesn't mean I'm also drinking from it.
More information about the Infowarrior
mailing list