dslreports logo
 story category
New ISP Promises No Surveillance
Encrypted, Secure Communications for $20 Monthly

CNET offers an interesting read by a new small as-yet-unnamed ISP that is promising customers that they will be shielded from surveillance. Founder Nicholas Merrill wants to start a national "non-profit telecommunications provider dedicated to privacy, using ubiquitous encryption" to offer service for as low as $20 a month.

In addition to using encryption, Merrill says the ISP, run by a non-profit named the Calyx Institute, will spend much of its time challenging the government's rather relentless pursuit of total surveillance outside the rule of law. That's quite the bold claim in the age of raw carrier-supported wholesale data sharing, warrantless wiretapping, and giant encyryption-busting NSA super warehouses.

Merrill might be remembered by some of you as the man behind the first (and only) ISP to fight (and win) against the government's National Security Letters, which allow the government to obtain any customer data they'd like -- while then gagging the ISP from talking about the request with absolutely anyone. Merrill fought the government for six years, and this new ISP is the product of that experience:

quote:
Merrill's identity was kept confidential for years as the litigation continued. In 2007, the Washington Post published his anonymous op-ed which said: "I resent being conscripted as a secret informer for the government," especially because "I have doubts about the legitimacy of the underlying investigation." He wasn't able to discuss his case publicly until 2010.

His recipe for Calyx was inspired by those six years of interminable legal wrangling with the Feds.


From the sounds of it, Merrill and Calyx are going to be offering a wireless service piggybacking on the Clearwire network that uses end-to-end encryption and e-mail stored in encrypted form. Calyx appears to be stocked with people who certainly know what they're doing, ranging from former NSA technical director Brian Snow to the Tor Project's Jacob Appelbaum. That $20 price tag likely means we're not talking about blistering speeds, but more of a utilitarian offering for the security and privacy conscious.

Update: Clearwire reached out to us to note that the CNET story seems to suggest Clearwire is a partner of Calyx, but that they're not (at least not yet). It remains unclear who Merrill plans to turn to in order to operate an ISP of any real scale.
view:
topics flat nest 

AnonXtoo
@gulftel.net

AnonXtoo

Anon

Yes!

I am one of those security conscious that will gladly give up speed for peace of mind.
Wilsdom
join:2009-08-06

1 recommendation

Wilsdom

Member

Assisted by a "former" NSA technical director?

Inspires the opposite of trust
axus
join:2001-06-18
Washington, DC

axus

Member

Re: Assisted by a "former" NSA technical director?

Hey, they're not all bad. I read an article a few years back about some of their internal struggles.

Looking up that Brian Snow guy on the internet, here's something he helped draft:

»www.schneier.com/blog/ar ··· ode.html

battleop
join:2005-09-28
00000

1 recommendation

battleop

Member

Good luck with that...

So the government will just go to his upstream to sniff traffic and then when he refuses to comply with safe harbor guidelines they will just go after him.

I hope he has some reallllllllllllly deep pockets.
ISurfTooMuch
join:2007-04-23
Tuscaloosa, AL

ISurfTooMuch

Member

Re: Good luck with that...

I don't think he's saying he won't comply with court orders. He's just saying he won't voluntarily hand over any data.

And the government could indeed go to his upstream, but knowing that a particular IP requested a particular page from a Web site is only useful if you know who's using that IP. He's saying he isn't going to give up that info without a court order.

battleop
join:2005-09-28
00000

battleop

Member

Re: Good luck with that...

"He's just saying he won't voluntarily hand over any data."

So he thinks that he is the only one that's doing that? Big deal. We don't hand over data without going through the proper legal channels either. I bet you find other like Sonic.net that have similar policies.
ISurfTooMuch
join:2007-04-23
Tuscaloosa, AL

1 recommendation

ISurfTooMuch

Member

Re: Good luck with that...

Oh, I'm sure there are others. And having a story like this come out is a perfect time for those providers to step forward and talk openly about their policies. Maybe the EFF and/or EPIC could develop a set of best practices that ISP's that want their "seal of approval" could adopt.

The way I see it, providers that respect people's privacy is a Good Thing. Some folks like to say, "If you haven't got anything to hide, than you have nothing to fear." My response is, "If you don't have a reasonable suspicion that I've done anything illegal, then you have no right to invade my privacy."
Madtown
Premium Member
join:2008-04-26
93637-2905

Madtown

Premium Member

Re: Good luck with that...

said by ISurfTooMuch:

Oh, I'm sure there are others. And having a story like this come out is a perfect time for those providers to step forward and talk openly about their policies. Maybe the EFF and/or EPIC could develop a set of best practices that ISP's that want their "seal of approval" could adopt.

The way I see it, providers that respect people's privacy is a Good Thing. Some folks like to say, "If you haven't got anything to hide, than you have nothing to fear." My response is, "If you don't have a reasonable suspicion that I've done anything illegal, then you have no right to invade my privacy."

I just ask them if I can have a look at their personal documents and they give me that look and then I tell them, well see, so why is it okay for my own privacy to be invaded but not for me to invade your privacy?

knewman
join:2010-10-21
King Of Prussia, PA

knewman to battleop

Member

to battleop
according to his site, his goal is to create an infrastructure that would make it impossible for his organization to comply with surveillance requests. not sure how that changes the legal situation, but its different from saying "i don't want to."
gorehound
join:2009-06-19
Portland, ME

1 recommendation

gorehound to battleop

Member

to battleop
US Gov will still get their dirty little paws on the Logs his Company will keep and they will take the ISP to Court.
It was a good idea but it won't work with those pesky logs.You got to make a Campfire and burn them away.
DrData
Premium Member
join:2004-12-31
Longwood, FL

DrData

Premium Member

just get a VPN account instead.

Buy an unlimited VPN account for $9/mo from one of the many providers. Use it with any ISP and most any device and call it a day.

No small as-yet-unnamed ISP needed!
ISurfTooMuch
join:2007-04-23
Tuscaloosa, AL

ISurfTooMuch

Member

Re: just get a VPN account instead.

That's what I was thinking. The only catch is that you need to be able to trust the VPN operator. Otherwise, you're no better off than you were before.
Cobra11M
join:2010-12-23
Mineral Wells, TX

Cobra11M

Member

Re: just get a VPN account instead.

said by ISurfTooMuch:

That's what I was thinking. The only catch is that you need to be able to trust the VPN operator. Otherwise, you're no better off than you were before.

yah VPN best option, heck get a ddwrt router and connect it to vpn, bam all your devices are on it 24/7

XANAVirus
Premium Member
join:2012-03-03
Lavalette, WV

XANAVirus to ISurfTooMuch

Premium Member

to ISurfTooMuch
Of course, if you run everything yourself, it's pretty trustworthy.

I don't know anyone who really does that, but I imagine that you would be able to not have to keep logs and that it would be significantly harder to do anything if it's an international connection in some far off country (UKUSA is too easy to get international permission, so going for some other place would be go).

Of course, this is all theoretical since I don't do this myself (I purchase VPN services instead).

vpoko
Premium Member
join:2003-07-03
Boston, MA

vpoko to DrData

Premium Member

to DrData
VPN doesn't help you avoid someone knowing who you're communicating with, it avoids them getting the content of the message. Your ISP not agreeing to match a name to an IP address without a court order prevents someone from knowing who you're communicating with.
Wilsdom
join:2009-08-06

Wilsdom

Member

Re: just get a VPN account instead.

The only IP you connect with is the VPN provider's

vpoko
Premium Member
join:2003-07-03
Boston, MA

vpoko

Premium Member

Re: just get a VPN account instead.

Ahh, I wasn't aware of those services. That would protect your IP address, unlike using your own point-to-point encryption (which is what I was thinking of).

Noah Vail
Oh God please no.
Premium Member
join:2004-12-10
SouthAmerica

Noah Vail

Premium Member

Because Uncle Sam is now our Big Brother

I know someone who's going to appear on a no-fly-list.
ISurfTooMuch
join:2007-04-23
Tuscaloosa, AL

ISurfTooMuch

Member

Re: Because Uncle Sam is now our Big Brother

Perhaps, but he's the kind of guy who would immediately sue to challenge it, which would place the government in the very awkward position of having to explain why he was put there. It'll be obvious that it was retaliation, and the political fallout would be huge.

If they were going to do that to him, they should have done it before this went public.
Expand your moderator at work
AndyDufresne
Premium Member
join:2010-10-30
Chanhassen, MN

AndyDufresne

Premium Member

Stay private or no go

Unless he is planning on staying private 20.00 bucks is pretty unrealistic.

moddestmike
join:2009-01-26
Houston, TX

moddestmike

Member

Re: Stay private or no go

It was stated that prices would be "as low as $20/month". Although I do partially agree that the bulk of his subscriptions would have to be more than 20/month....

ABC86234
@comcast.net

ABC86234

Anon

Corporate VS Government

Corporate loose!!!!!!!!!!!!!!!!!!!!!!!!!!!!
25139889 (banned)
join:2011-10-25
Toledo, OH

25139889 (banned)

Member

Sprint

Wasn't Sprint one of those companies handing over information as well? But they wouldn't comment on it? And after all; who controls Clear and their nice cash flow. It surely won't be this guy.

He also better hope that they don't use ATT for any of the backhaul from the tower. otherwise they will go to T and skip him.

vpoko
Premium Member
join:2003-07-03
Boston, MA

vpoko

Premium Member

Re: Sprint

Upstream providers can't match a subscriber name to an IP address, they only know that a particular block of IP addresses is being assigned to a particular reseller.
25139889 (banned)
join:2011-10-25
Toledo, OH

25139889 (banned)

Member

Re: Sprint

okay. But wasn't Sprint still one of those that turns over information? If they did it before they'd do it again. And i have a MVNO phone on the Sprint Network. If i go into my phone's setting I can see its IP and everything else that shows who my phone belongs to. I'm sure Sprint-Clear could do this and give away the information.

vpoko
Premium Member
join:2003-07-03
Boston, MA

vpoko

Premium Member

Re: Sprint

I don't understand how that's relevant to this particular ISP, who's not Sprint, not turning over subscriber info based on requests absent a court order. Though I guess that's a reason to use them over Sprint.

TamaraB
Question The Current Paradigm
Premium Member
join:2000-11-08
Da Bronx
·Verizon FiOS
Ubiquiti NSM5
Synology RT2600ac
Apple AirPort Extreme (2013)

TamaraB

Premium Member

Clearwire is a problem

I used them for about 6 months. They are USUALLY great, with speeds greater than 10Mb/s. Unfortunately, they are not reliable. Constant tower outages, on the average of one per month lasting from between one to three days makes that last mile connection unusable for someone who uses the Internet all the time. Heavy rain? Connection fails!

They also hand out fixed IPs. Not the best situation for someone looking for privacy. I always use a VPN (with VZDSL, then with Clear, and now with Optimum), not so much to thwart government snooping, but to thwart corporate snooping; which in my opinion is much more intrusive.

One last thought, Clearwire is becoming loaded with smartphones. I noticed their speeds falling off significantly the last month (March) I used them.

Bob
rradina
join:2000-08-08
Chesterfield, MO

rradina

Member

Still no good...

Someone needs to provide a service that DOES NOT KEEP RECORDS and therefore has nothing to divulge.

While we cannot stop various security cameras from catching you walking down the street, we should be able to use the Internet without the possibility of the government discovering what we've been doing. I don't care if folks are doing something illegal. If the government suspects illegal activity and they convince a judge, they can do all the electronic wiretaps and monitoring they want. Until they do, there's no reason an ISP, Google or anyone else should be tracking your activities without your knowledge and authorization.

I understand the need for an ISP to track DHCP IP addresses associations but that doesn't mean they should be tracking where you go and what you do without proper legal authority to do so. If they want to gather usage data on subscriber habits, as long as it's anonymous, it's fine by me.
Wilsdom
join:2009-08-06

Wilsdom

Member

Re: Still no good...

If they did the government would just pass a law requiring it. Really at this point you can be confident that NSA maintains total internet surveillance. That information is not going to make into court, but it points law enforcement in the right direction, and in any case court isn't really necessary to neutralize the target, says President and Professor of Law Obama.

KrK
Heavy Artillery For The Little Guy
Premium Member
join:2000-01-17
Tulsa, OK
Netgear WNDR3700v2
Zoom 5341J

KrK

Premium Member

Re: Still no good...

They already have or are working on it.

They want data to be logged and an 18 month history kept of everything every user did online.... by the ISP.

»www.computerworld.com/s/ ··· 8_months
MyDogHsFleas
Premium Member
join:2007-08-15
Austin, TX

MyDogHsFleas

Premium Member

I boldly predict...

this will sink quietly beneath the waves within 9-12 months.

Very small market for this. Most people don't care.

And those that are interested won't be the kind of no-fuss customer that generates revenue without a lot of support needed. This will be either shady types who really ARE doing bad things and want to hide, or the technorati who imagine that the government cares about them. Neither of which will be easy to support.

Furthermore, as some others pointed out, for the technorati, VPNs are already pretty easy to obtain or set up for yourself, without having to buy that service from a small ISP with limited offerings.
MyDogHsFleas

MyDogHsFleas

Premium Member

Re: I boldly predict...

Checked back in on this. VERY little buzz. They are soliciting donations. Nothing about how that's going. No service offering. Website not updated.

Probably going down faster than I thought.

KrK
Heavy Artillery For The Little Guy
Premium Member
join:2000-01-17
Tulsa, OK

KrK

Premium Member

I doubt they'll be in business long....

They'll be sued, they'll be charged with contributory __________, they'll be charged with every violation they can dream up.

They'll shut this down quick.

••••
jarthur31
join:2006-04-14
Carlsbad, NM

jarthur31

Member

I don't understand

why does the government persist on spying on American citizens? I'm not Muslim and over 99% of the population isn't either. WTF really?
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20

Premium Member

Read the articles and stop the misinformation guys!

You guys need to read all the articles about what he has planned. There is a lot of misinformation flying around in this thread.

I'm going to eat now rather than go dig up the links to the articles I looked for on this and read earlier this evening. You can find the links.

forgotpass
@rr.com

forgotpass

Anon

skeptical

I don't know- this seems like a great idea for an FBI/NSA honeypot. I know it reads like a spy novel but is the "former" NSA guy really all that "former?"

Bard
@shawcable.net

Bard

Anon

Bloody Noobs :)

There's a WHOLE lot of stupid being spouted in here.

No, a VPN connection is bugger all protection if the provider isn't ensuring your usage of that connection is not logged - statistical analysis will match your sessions to activity deemed 'verboten' by whatever stupid assholes think they are in control of information.

Without a customised browser you're also screwed due to plugin and built in functionality.

Without multiple exit nodes from the provider you're also screwed through statistical analysis - simple volume of traffic from 'verboten' site compared to your traffic can allow a correlation (if your ISP has in place any sort of monitoring equipment in place). It needs to be masked through multiple requesting nodes.

Read the article - and maybe read up on the various ways you can be monitored.