, , , , , , , , , ,

Some very good news in this week: a well-known digital rights activist is raising funds to establish a service provider that would take every technical and legislative measure to protect its customers’ privacy. CNET described it as ‘the world’s first Internet provider designed to be surveillance-resistant’.

The story behind this started just short of a decade ago, when Nick Merril, then the president of another ISP, received something known as a ‘National Security Letter from the FBI. The NSL, from what I gather, is a demand for information on a client/customer that includes a gag order preventing the recipient from disclosing that demand. Not only did that amount to a warrantless search, the gag order went against the US constitution. Merill went ahead and contacted his lawyer anyway, a lengthy series of court cases followed, and he won a victory of sorts.

Merill is one of a few to challenge a National Security Letter. The vast majority of service providers are too willing to comply with warrantless demands for information on their customers. Some are in the business of selling that information anyway, as we know from the Phorm and AOL search engine scandals of 2006. It’s a betrayal of trust that’s become epidemic.

The non-profit Calyx Institute, which Merill heads, aims to raise $1,000,000 in order to get the project going, and perhaps to fund whatever legal cases. At the time of writing, it’s somewhere around the $50K mark already.

Will the Calyx Institute succeed? It’s hard to tell at this stage. On the one hand, setting up an ISP in itself isn’t difficult, with the right funding. All that’s needed is enough networking equipment and a direct connection to an Internet backbone. Enough people, organisations and busineses concerned about digital rights, security and surveillance issues to make the project commercially viable.

On the legislative side it’s a huge grey area. Laws are re-written, things are criminalised, goalposts are moved. Calyx should be pretty solid though, with a network designed to make compliace wih CALEA extremely difficult, and having a board of directors that includes a former NSA technical director and a Tor Project executive, among several others with experience in anti-censorship/anti-surveillance. Merril has mentioned the possibility of civil rights lawyers from high-profile groups becoming involved in any future cases, which could potentially lead to things snowballing into another civil rights movement.

Other service providers should really follow this example. Many hacker groups are driven by necessity to develop decentralised peer-to-peer stealth/mesh networks, leveraging recent technologies like WiFi, IPv6 and cheap embedded systems, and this could render current ISPs obsolete within the next 10-15 years.

Security and Crime Prevention
It’s easy to imagine how the press would spin this: ‘ISP a haven for criminals, terrorists, [insert bad guy]’. Same as with the Tor Project.

My argument is the opposite. Stronger security is the best way of preventing crime while preserving civil liberties. Criminals rely on security flaws to commit identity theft, raid bank accounts, etc. Where terrorism or child pornography are concerned, security provides an element of non-repudiation, and the audit trail, and therefore the evidence, becomes more solid. In short, it becomes much harder to commit a crime and get away with it.
For example, decent wireless security and anti-malware reduces the chance of third-parties using that network to cover their tracks. Conversely, surveillance measures such as rootkits and backdoors can weaken security, and be exploited any number of ways.