Mar 11, 2014
Privacy by Design
Posted on Jul 24, 2012
NEW YORK—Nicholas Merrill wants to change the world. So he tells me over rice and beans at Lupe’s East LA Kitchen in Soho, roughly a dozen blocks from where the World Trade Center once stood. He is perfectly serious. At 39 years old, with thick blond hair, a goatee the color of shaved carrots and the zeal of an idealist half his age, he describes his plan to rework the Internet landscape to protect the privacy and speech rights of individuals and organizations.
Merrill achieved national fame in August 2010 when he was partially released from a gag order forbidding him to discuss with anyone the details of a secret demand for information sent to him by the FBI six years earlier. When he got the order, Merrill was running a small telecommunications company in New York City, providing Internet access to political organizations such as the progressive radio show “Democracy Now!” and the New York Civil Liberties Union, as well as a number of corporate clients. The letter, hand delivered to Merrill’s office by an FBI agent, demanded that he give up private records detailing some of his clients’ online activities and speak of the order to no one, including presumably his lawyer.
The FBI has issued nearly 300,000 “national security letters” to banks, telecommunication companies and other organizations since the Patriot Act expanded their use in 2001. The agency maintains that each request pertains to potential threats to the United States, though it appears that no single letter has yet prevented a terrorist attack. Official challenges to the practice seem to number in the single digits, but as they have been filed mostly in secret, their exact number is impossible to know. We do know, however, that Merrill’s case is among them.
Merrill challenged the constitutionality of the national security letter’s prohibition on talking, and during a years-long court battle, Congress amended the law to allow recipients such as Merrill to discuss the letters with their lawyers. In 2007 Merrill penned an anonymous letter about his experience for The Washington Post. When his gag order was lifted, he was allowed to discuss the issue with the public openly. But for Merrill, these victories were not enough.
Out of his experience with the FBI, Merrill conceived of The Calyx Institute—a nonprofit “research, education and legal support group” with two objectives. First, to inform the public and shape policy conversations about privacy and freedom of expression on the Internet; and second, to provide the basis for an affordable, state of the art Internet service provider, a for-profit subsidiary that would use the institute’s own security software to protect users’ digital privacy from the prying eyes of identity thieves, data-mining businesses and governments.
This is a potentially revolutionary idea for the telecommunications industry. In 2005, The New York Times reported that major Internet and telephone companies—later revealed to include AT&T, Verizon and Sprint—helped the Bush administration spy on Americans in the years after 9/11 by simply handing over customer records. This would be impossible under Merrill’s model. Law enforcement agencies would have to go to individuals directly or spend vast amounts of time and resources trying to unscramble the encryptions.
1 2 NEXT PAGE >>>
Previous item: How the Magna Carta Became a Minor Carta
Next item: The Danger of Meddling in Syria’s Turmoil
New and Improved Comments