As government agencies in the
United States, the
United Kingdom,
Canada, and
Australia push for increased surveillance powers, one pioneering American is pushing back.
New York-based entrepreneur Nicholas Merrill is making progress on a project he
revealed
in April: an encryption-based telecommunications provider designed to
be “untappable.” After crowd-funding almost $70,000 in donations,
Merrill says that he has held talks with a host of interested venture
capitalists and a few “really big companies” apparently interested in
partnering up or helping with financial support. Now the
“surveillance-proof” software is in development, and he is on track to
begin operating a limited service by the end of the year.
Merrill’s ultimate aim is to create a telecommunications
infrastructure that inhibits mass surveillance. First, he is building an
Internet provider that will use end-to-end encryption for Web browsing
and email. Then he plans to roll out a mobile phone service that will
enable users to encrypt calls, making them difficult to intercept. The
key to decrypt the communications would be held by each individual
customer, not Merrill’s company. Because the telecom firm would be
unable to access the communications, law enforcement agencies that want
to read or listen to communications would be forced to serve warrants or
court orders on individuals directly. “This would make it impossible to
do blanket, dragnet surveillance of all the customers of a
telecommunications carrier,” Merrill says.
The idea for the project is not to help bad guys evade detection,
though undoubtedly that’s how some critics will see it. Rather, Merrill
is particularly keen to develop the technology to help journalists and
human rights organizations—groups, he says, “whose right to
confidentiality is more or less accepted under the law.”
Merrill has a strong record of defending user privacy. In 2004, he became the first ISP executive to successfully
challenge
a secret FBI “national security letter” demanding he hand over customer
information. His willingness to question the constitutionality of the
secret letter at the time put him at odds with most major telecoms
providers, which have a poor track record when it comes to protecting
customer privacy. In
2005 and
2006,
a number of companies were revealed to have handed over troves of
customer data and opened up wiretaps to the National Security Agency,
sometimes without a warrant.
Today, Merrill admits prospective funders of his latest project have
expressed concerns that it could lead to a confrontation with powerful
actors (“It’s challenging to go up against some of the forces that are
trying to open up all communications to wiretapping,” he says). But he
is trying to address this by showing that government and law enforcement
agencies could themselves benefit from his technology. Cybersecurity
and privacy are part of the same problem but framed differently, he
believes. Both could be addressed at once by ubiquitous encryption of
communications and data transfer—protecting user privacy while also
helping prevent malicious hackers from stealing information.
Some establishment figures have already been won over by Merrill’s
argument. The advisory board of his nonprofit research institute,
Calyx,
which is developing the technology, includes a former NSA technical
director and a former federal prosecutor who is also ex-CIA. Whether he
can get the backing of current members of the U.S. law enforcement
community, though, is another matter altogether. Merrill’s technology
could be seen as creating extra barriers for law enforcement and the
authorities would likely oppose it for that reason. Existing U.S.
wiretapping law, called
CALEA,
states that telecom providers "shall not be responsible for decrypting"
communications if they don't possess "the information necessary to
decrypt.” But that may change under reforms proposed by the FBI, which
is
actively seeking more surveillance powers.
As governments increasingly move toward expanding their power to
conduct electronic surveillance, it is inevitable that innovative
technologists, software developers, and cryptographers will work to help
people protect the privacy of their personal communications. Earlier
this week the NSA’s chief tried to
quell concerns over
allegations
that it is building a huge domestic surveillance center in Utah,
dismissing whistle-blowers’ claims as “baloney.” Given the NSA’s
recent history,
however, it is likely many Americans will remain skeptical about the
spy agency’s reassurances—and some will turn to encryption.
Merrill aims to launch his telecommunications firm first in the
United States before tackling the international market, where there are
also
mounting concerns
about government surveillance schemes. “We’re not trying to force
people to use our service,” Merrill says. “What we’re trying to do is
re-envision how the telecommunications industry could work if privacy
and encryption technology was built in from the beginning.”
This article first appeared at
Slate.com
Posts