Privacy-first ISP raising money for online services that can't and won't fink you out to spy agencies

Jon sez, "Nicholas Merrill, who previously first challenged the expansion of the National Secret Letter in the Patriot Act, is working on building a ISP infrastructure based on privacy. Help him raise funds on IndieGogo." Here's Declan McCullagh on CNet:

"The idea that we are working on is to not be capable of complying" with requests from the FBI for stored e-mail and similar demands, Merrill says.

A 1994 federal law called the Communications Assistance for Law Enforcement Act was highly controversial when it was enacted because it required telecommunications carriers to configure their networks for easy wiretappability by the FBI. But even CALEA says that ISPs "shall not be responsible for decrypting" communications if they don't possess "the information necessary to decrypt."

Translation: make sure your customers own their data and only they can decrypt it.

Merrill has formed an advisory board with members including Sascha Meinrath from the New America Foundation; former NSA technical director Brian Snow; and Jacob Appelbaum from the Tor Project.

Merrill's looking to raise $1M on IndieGogo; he got his first $28,000 overnight, and has 64 days to go. I just kicked in a hundred bucks.

This Internet provider pledges to put your privacy first. Always. (Thanks, Jon!)


  1. How do I know I can trust this guy?  Seen to many people who claim to be privacy advocates and claim they are standing up for the little show their true colors lately.

    1. I read the linked article and it seems clear he has a legitimate dog in this fight. Am I 100% sure he is not out to trick all of us privacy minded people out of our hard earned dough? No. But it doesn’t seem likely.

      This is the first alternative to the stasi-fication of US telecoms that I have come across – an alternative to Verizon is worth a few dollars to me.  If nothing else, it is a way to express my utter disgust with the federal and corporate encroachments on privacy. Not to mention the price fixing, shitty customer service, bandwidth throttling and censorship.

      I’m just bone tired of  the constant darkness-cursing and I’m willing to fork over the cash if it might help light a candle.

      He’s got my 100 bucks.

      1. I agree with Layla and put in my support as well. As soon as I saw that Jacob Appelbaum (from the EFF) was involved I was in on it. It is run by people that have demonstrated a fervent support for the cause that they are now trying to take the next step to promote so I gave my money as well. I hope others research the project and the people involved and decide to do the same. 
        Also, for those interested in Merrill’s past, an interview about his battle up to this point:

    2. is cooperating with him, and they’re pretty solid and uncompromising in their work for networked autonomy.  I dunno if that means you should trust him (trust no one!), but it does suggest he’s worth taking seriously.

    3.  Not just him, but anyone with access to restricted data at the company. You know various TLAs will be packing the job applications with agents and moles, and contacting any blackmailable employees for favors.

  2. Look ma, an entrepreneur advertising privacy features.
    I guess this will put the theory that privacy is really important to consumers to the test. The question now: does enough demand actually exists to sustain such a product (and will government get in the way of such market-based innovation)?

    1. Isn’t ‘trust’ the issue. ‘Privacy’ sounds like it concerns Winston Smith’s Facebook settings.

      An ISP should be like a psychiatrist or doctor or priest, professionally obliged to confidentiality. When your psychiatrist is secretly implanting transmitters in your teeth, it’s going to undermine his diagnosis of schizophrenia.

      Beyond that, there is the principle that people you pay should work *for* you, not against you. If bodyguards were like ISPs, they’d beat you up at the end of the night.

      I would pay an ethical ISP double. In the UK, please. (I’d actually like an ethical world. Being informed these days amounts to keeping a corruption scorecard.)

      1. No, ISPs should not be obliged to confidentiality. They can choose to offer confidentiality and signal that commitment in the ways they best see fit (oath, warranty, money back guarantee, …). It is just like any other feature, it involves trade-offs and costs.

        If ISPs were committing horrible crimes like you suggest, “trustworthy” ISPs would jump on the occasion to enter the market and gain huge marketshare.
        Also, you’re ignoring the role of government (spy agencies) in this case which is responsible for pressuring ISPs to provide information and carries the guns (direct and indirect).

        The “nasty bodyguard” company wouldn’t last long, unless government cracks down on trustworthy companies that don’t give you out to said government (in which case all competitive pressure is removed).

        1. “Also, you’re ignoring the role of government (spy agencies) in this case which is responsible for pressuring ISPs to provide information and carries the guns (direct and indirect).”

          No, that’s the bit I care about. The War of Terror means the role of government is providing more and more police state apparatus. I would prefer to retain the civil liberties people fought for in the 20th century. Let the laws of the telephone apply to the internet. 

          You seem to suggest the market will do a better job than having legal frameworks.

  3. There aren’t any mandatory data retention laws in place in the US only because the big national ISPs have been so willing to implement them of their own free will. If the policies of this new ISP were to form a genuine hindrance to government information gathering, I expect they’d legislate it and its business model out of existence pretty quickly.

    Then there’s the physical infrastructure issue: he plans to be a reseller of wholesale wireless bandwidth, but wireless really isn’t suited to the sorts of large data transfers that people demand of their ISPs, especially not in a dense urban environment.

    As far as I can tell, his idea is wireless broadband + anonymizing VPN… but why is the first half of this equation needed at all? Why can’t I just connect to any one of a number of anonymizing VPN services, many of which have the benefit of not being subject to the laws of the US?

    The only thing he has going for him is that he has credibility as someone who’s fought the government in defense of his users’ privacy. What he has against him is that he’s subject to the abuse of the US legal system.

Comments are closed.