• United States



Fight the Patriot Act and win. Next? Promise privacy, a surveillance-free ISP

May 10, 20128 mins
Data and Information SecurityEncryptionMicrosoft

Nick Merrill, once known as John Doe, secretly fought for our First and Fourth Amendment rights, battled against NSL abuse, a gag order, excessive government secrecy, and almost entirely redacted documents from FBI counterintelligence. Living under such mentally-exhausting circumstances for years is bound to change a person, but Merrill believes it is "better to die on your feet than live on your knees" and is "hoping to do further legal challenges to some of the warrantless wiretapping laws in America.” What’s next after fighting the Patriot Act and winning? Merrill intends to create a surveillance-free ISP with end-to-end encryption that promises to put your privacy above profit. The Calyx Institute promises to be an ISP that will stand up to the government.

If an ISP said privacy is more important than profit, would you believe it? What if that ISP and mobile wireless carrier charged you as little as $20 a month, provided end-to end encryption on all electronic communications, and said “no” to any kind of government surveillance? Would you believe and help support it then? The Calyx Institute Founder Nicholas Merrill fought the Patriot Act and won; he said he had to live as a “liar” from 2004-2010, lying by omission to everyone he knew because he was gagged by a National Security Letter (NSL), a gag order which could still put him in prison for 10 years if he says the wrong thing. Now Merrill intends to build a surveillance-free ISP that promises to stand up to government for your privacy.

John Doe was the first to fight against the FBI’s National Security Letter in court. In 2007, the Washington Post published his letter about his NSL gag order experience in which Merrill wrote, “At some point — a point we passed long ago — the secrecy itself becomes a threat to our democracy.” In an interview with RT, Merrill talked about how upsetting it is that most of this out-of-control surveillance, which is invisible to users, is in violation to the Constitution. He stated you “have the feeling that this type of consistent violation of the principles upon which the country is founded can tend to rot the underpinnings of the rule of law from the inside out.” That ‘secrecy poisoning’ sentiment about government surveillance that is killing democracy in America was echoed by the ACLU which took Merrill’s case and later published the Doe v Holder timeline. To RT, Merrill mentioned one of his goals is to help America “permanently get things back to the way they taught me it was in school.”

Now Merrill via The Calyx Institute wants to provide privacy-by-design, end-to-end encryption that hides what users are doing on the Internet, writing in email, and saying on the phone from a telecommunication or ISP provider. It is likely to be an uphill battle since a typical reaction by “the law” is that encryption indicates a person is a cybercriminal, is into child porn, or is intending to do something illegal. To a lesser extent, the feds might claim that speaking anonymously or via pseudonyms is part of the “going dark” and promoting “online evil” issue. Ironically, that very same “we can’t read it” design that enhances security and privacy might even be desirable to government agencies, law enforcement, or the military in the same way Tor is used by those groups.

Merrill has said many interesting things that reflect he is in a unique position to comprehend NSLs and government secrecy, and hopefully to create an ISP that promises to stand up to the government. Merrill spoke at the 27th Chaos Communication Congress about the importance of resisting excessive government surveillance, about Americans being “terrorized by our own government” and about the challenges he endured to expose and to challenge the constant violations of our right to privacy. It was at 27C3 that Merrill stated he is “hoping to do further legal challenges to some of the warrantless wiretapping laws in America.”

I encourage you to watch as Merrill tells his story which started in 2004 when the FBI called him, then the feds knocked on the door of his ISP and handed him an NSL not signed by a judge. The NSL demanded “16 explicit categories” of information (which can’t be disclosed or it ‘may result in a danger to the national security of the United States’ — Merrill said to trust him, it’s ridiculous). The NSL which gagged Merrill also asked for any other information he considered to be an “electronic communication transactional record.” Merrill knew the Calyx client and suspected the NSL was connected to political speech and not “in connection with an investigation about terrorism or clandestine intelligence activities.” He was told not to tell anyone or he could go to prison for a decade, but Merrill took the NSL to the ACLU. For six years the ACLU and “John Doe” secretly fought for our First and Fourth Amendment rights, battled against NSL abuse, government secrecy, and almost entirely blacked-out documents from heavy hitters in FBI counterintelligence.

To those of us concerned about the state of freedom in America, concerned about privacy and warrantless government spying, Merrill might be considered a “hero.” In regard to the years of fighting government secrecy, Merrill said it’s “better to die on your feet than live on your knees.” He said, “One person can cause trouble which has a snowball effect on privacy and spying; that it is our ethical obligation to expose and resist it.”

The Advisory Board for The Calyx Institute is made up of some very impressive people who care about Internet freedom, security, protecting people’s privacy from government spying, wiretapping, and other unconstitutional and privacy-decimating measures. Additionally Merrill is consulting with some brilliant university minds to hopefully figure out all the technical and legal issues to make this a reality: “a telecommunications company that puts privacy as its highest value and believes that the users should have the ultimate control and possession over their communications and data.” As for promising privacy over profit, Merrill said on Reddit, “Why would one have to cap the bandwidth? The big telcos only do that to squeeze more profit.” By showing there is a market demand for privacy, The Calyx Institute hopes to nudge telecoms in a positive direction and intends to “release all software developed under an open source model as well as all underlying policies and network designs.”

In order to create this surveillance-free ISP, the “Calyx Institute needs to raise at least $1-million for a bare-bones launch; $2-million would get things up and running quicker.” The amount currently raised is slightly over $66,000. Merrill wrote on Reddit that the best way you can help is to:

1) To donate money to the indiegogo campaign, even if all you can manage is a really small amount like $5, because the raw number of donors helps to prove that there is a market for privacy

2) Get the word out to other folks who might be likely to contribute. Do you know some tech billionaire ? Tell her or him the story – in other words become part of an army of enthusiastic supporters telling people how great it would be to have another option in telecom

3) Help get publicity either via the traditional media or “new” media. Do you know some reporters ? Can you point them to some of the existing coverage

To my readers who sent messages like WTH is going on, I apologize to you. Hopefully now you understand the holding pattern for the last three weeks, delayed reporting on increased FISA surveillance, and the continuing theme of surveillance was in preparation for the Merrill interview which never panned out. Life happens that way sometimes. I’m sorry it ended up nothing more than regurgitated facts and videos, but the idea to see if it can be done is intriguing and the service is much-needed in the USA.

Need even more info before giving at least $5 to a worthy cause? There’s “mainstream” media press such as at NPR and G4’s Attack of the Show. Here’s yet another video, this one about the Calyx Institute’s IndieGoGo campaign.

Like this? Here’s more posts:
  • Sick SSL ecosystem: 90% of HTTPS sites insecure, 75% vulnerable to BEAST attack
  • Smile for the drone: Coming to police stations near you soon
  • FBI Warns Smart Meter Hacking May Cost Utility Companies $400 Million A Year
  • Counterintelligence Surveillance Swelled Another 10% in 2011
  • NASA, Air Force, Harvard, Military, ESA Hacked by Gray Hats ‘The Unknowns’
  • Microsoft Researchers say cybercrime loss estimates are a bunch of bunk
  • Microsoft blames and bans Chinese security partner for leaking Windows exploit
  • New Gov’t Weapon: Warrantless Cell Phone Surveillance
  • CIA wants to spy on you through your appliances
  • Court to DOJ: Surfing on Work PC Isn’t Hacking
  • US-CERT: Social engineers target utilities with fake Microsoft support calls
  • Microsoft Patches Hotmail after 0-day Remote Password Reset Exploited in the Wild
  • No warrant needed, no privacy: Judge rules even deleted tweets can be used in court
  • World’s Largest Unclassified SPIE Conference: Spying & Surveillance Tech
  • DHS social media monitoring: Watched Facebook, emailed police, arrested photographer
  • NSA Domestic Intercept Map? NSA Lies, Spies in Orwellian World of Gov’t Surveillance

Follow me on Twitter @PrivacyFanatic

ms smith

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.