In this world where online privacy — or more accurately the lack thereof — is becoming more and more of an issue for many, there is no lack of complaints, but a distinct lack of solutions. One man thinks he has the way to put an end to this. Nicholas Merrill wants to start an Internet service provider with one thing at the forefront of its policy: Respecting user privacy. By means both technological and policy related, Merrill’s in utero service would fight tooth and nail to keep its customers information from getting into the hands of anyone who doesn’t need to see it. With bills like CISPA on the horizon, he could stand to find quite a few customers.
Merrill is no stranger to Internet privacy issues, nor to providing Internet service. In 2004, back when Merrill ran a small, New York-based ISP, the FBI sent him a letter, but not an official order, asking — not demanding — that he hand over a little information about his users. The letter did demand, however, that he not tell anyone about this modest request. Being the privacy advocate he is, Merrill fought back, and with the help of the ACLU, managed to overturn the gag order. Even so, he wasn’t able to discuss the case in public until 2010. It’s fair to say that now, he’s more of a privacy advocate whenever and potentially a privacy poster boy in the making.
Merrill’s masterplan is an ISP run by a non-profit, the Calyx Institute, and a few for-profit subsidiaries. The customer, and their privacy, would be of the utmost importance in two respects. First of all, Calyx would prioritize encryption, sealing up all web browsing and email data in a way that even Calyx itself wouldn’t be able to peek if it wanted to, which it doesn’t. Second, Calyx would not get in bed with the government when it comes to information requests, or coaxing, or threats.
It’s that second part that is really, really important. CISPA, a bill which is currently working its way through Congress, stands to make Internet privacy a thing of the past by legalizing any and all sharing of private data between companies and the government so long as that data is tangentially related to “cybersecurity.” What CISPA can’t do, however, is require companies to hand over data, and what Calyx won’t do is volunteer it.
There is one small problem however, and it’s a federal law called the Communications Assistance for Law Enforcement Act. What the act says, in essence, is that ISPs and other telecommunications carriers have to keep their networks easily wiretappable for the FBI. There’s a way around this though. The act also states that ISPs can’t be responsible for decrypting data if they don’t have the necessary keys to do so. Basically, so long as Calyx provides it’s end-users with what they need to encrypt, and keeps itself from being able to decrypt, there’s nothing anyone can do about it.
Right now, Merrill is going around raising the necessary funds to organize and launch the service and is aiming to do so sometime later this year. Presumably, it’s not going to be too difficult considering that privacy-conscious users are somewhat of an untapped market (get it?) and if privacy law and privacy policies keep tending they way they have been, it’s going to be a growing market as well. Of course, the FBI isn’t particularly keen on the plan, and clearly they aren’t too keen on Merrill in general after his stunt back in 2004, but what better person could you ask to run your privacy-prizing ISP? With any luck, Merrill’s play could really jump-start the “privacy as a feature” market, something that is becoming increasingly enticing and potentially lucrative despite the fact that it ought not to exist. Still, it’d be nice to have some where to get it if it does stop being the norm. Maybe privacy isn’t dead after all.
- The low-down on CISPA, the new SOPA in spirit
- Most major ISPs are about to start working with rightsholders to throttle torrenters
- The U.K. seems to be making moves to force ISPs to block The Pirate Bay
Have a tip we should know? [email protected]