

This Internet provider pledges to put your privacy first. Always. - dclaysmith
http://news.cnet.com/8301-31921_3-57412225-281/this-internet-provider-pledges-to-put-your-privacy-first-always/

======
rdl
I like the idea, and I especially like the idea of a 501c3 (which subsidizes
the added costs over commercial baseline) coupled with a commercial company
(which charges normal rates for service.

You can go a reasonably long way with just best practice privacy policy
(requiring court orders, keeping minimal records, locking down configs,
obfuscating IPs, not intentionally compromising privacy), but there are a
couple issues. One, a lot of big ISPs (from what I've read) are only
profitable due to selling clickstreams or other privacy-invading things. So a
privacy-protecting ISP will cost more for the same service (or, will offer
crappier bandwidth).

Second, once you move beyond this level of security, you're trying to defeat
traffic analysis, and then targeted attacks. Targeted attacks are probably out
of scope (and really expensive to defend against), but defending against
traffic analysis usually requires burning a lot of bandwidth, or scheduling or
routing communications in strange ways (which adds latency in various ways).
This makes things REALLY expensive, and especially for wireless systems, uses
up the finite spectrum capacity.

Ultimately the best way to really protect privacy is to structure applications
to be message based, tolerant of latency on the order of hours, and basically
non-interactive. This is the opposite of how ~everything is done on the web --
email is probably the only widely deployed application which works like this,
and that's why email has the best anti-traffic-analysis systems out there
(mixmaster/mixminion remailers).

Plus, there's a big problem with declaring yourself " _the_ ISP for people who
want to be anonymous" -- it self-selects, especially if it's a small pool of
users due to higher cost, into a great target. Either the organization itself
is evil and secretly monitoring, or just becomes a hacker/government target
(which could involve monitoring on the perimeter/upstream). The best model is
some combination of making privacy protection a default feature of protocols,
having a bunch of different vendors (which may advertise better privacy) to
choose from, and having technical systems which can provably protect your
secrets against various kinds of threats.

It's a bunch of medium and hard problems. The biggest problem is that 99.99%
of users totally don't care, though.

------
coverband
I don't think too much about whether this endeavor would be successful. It's
more important to me that _someone makes a stand_ and is able to convince
other like-minded people to join him for a principle.

I'm just glad to see that he decided to be more courageous than most of us and
believed that he should be doing the right thing instead of the easy thing by
refusing to hand over his client's information.

~~~
Shank
Though the odds are stacked against him, I hope it at least sets a precedent
for other companies to follow. I'd pay for an ISP that promised this with
reasonable speeds - though I doubt his project will be able to gain traction
outside of the launching market.

------
megamark16
I would love to see this as a Kickstarter project. This is the kind of
movement that I feel could really benefit from having a community behind it,
and I for one would love to be a part of that community. Shoot, I'd even offer
to donate my services to help see it become a reality.

~~~
there
The fellow in the article said on Reddit that Kickstarter won't allow his
project, but he's started one on an alternative site.

[http://www.reddit.com/r/technology/comments/s479x/this_inter...](http://www.reddit.com/r/technology/comments/s479x/this_internet_provider_pledges_to_put_your/c4b00yj)

<http://www.indiegogo.com/calyx>

~~~
walexander
I would love to see this guy succeed, but can anyone enlighten me as to why
Kickstarter won't allow his project to be funded?

His pseudo-kickstart page is unlikely to generate anywhere near the amount of
funding it would on the KS site. I'm wondering why they wouldn't allow it to
be funded there.

Is there something dubious about this project that the typical tech blog
cheerleaders are ignoring, or is there some reason this kind of project is not
allowed on Kickstarter in general?

~~~
dangrossman
> This project’s goal is to raise funds for my nonprofit organization, Calyx
> Institute, which will launch a privacy-focused Internet Service Provider and
> mobile phone service using end-to-end encryption technology.

<http://www.indiegogo.com/calyx>

\--

> A project is not open-ended. Starting a business, for example, does not
> qualify as a project. No charity or cause funding.

<http://www.kickstarter.com/help/guidelines>

~~~
BHSPitMonkey
I don't really see it that way. The startup cost for a new business is a one-
time, finite "project" (in my mind) that would adhere to the concept of
Kickstarter well.

The problem Kickstarter has with this project (and, similarly, when I tried to
do the same thing) is that it's not an "artistic" endeavor. That is to say,
they don't allow small business projects, unless you plan on producing a short
story or documentary about the process as you do it. (Here's an entrepreneur
who used this exact loophole: <http://kck.st/rtglLo>)

------
rlpb
The authorities will simply obtain details from credit card companies and
other financial institutions to get lists of all of Calyx's customers. All of
their customers will be treated with suspicion. Being a customer of Calyx may
even become probable cause.

I don't like this, but this is what I think will happen.

~~~
gnosis
_"The authorities will simply obtain details from credit card companies and
other financial institutions to get lists of all of Calyx's customers."_

Not if they accept bitcoin, or some other anonymous currency.

~~~
rlpb
Bitcoin is not anonymous. It's the opposite. Every transaction is public. And
how do you propose to obtain the bitcoin in the first place?

------
amalag
Isn't a large problem with ISP's the last mile, fiber or cable, which is very
expensive? This is purely wireless? I have a 15Mb cable connection for $50
month (after taxes). FIOS is $30 more. Will he partner with these physical
carriers or purely go wireless?

~~~
ibejoeb
Yes, it seems he plans to be entirely wireless. It was compared in the article
to Clear's 4G WiMAX service augmented with ubiquitous encryption.

~~~
uxp
He could also piggyback over existing copper/fiber owned by the large telcos.
It's allowed by law even.

[http://en.wikipedia.org/wiki/Competitive_local_exchange_carr...](http://en.wikipedia.org/wiki/Competitive_local_exchange_carrier)

------
DrDeke
You need licensed spectrum to run a facilities-based cell phone service. Any
good ideas on how this guy is gonna acquire some?

~~~
CrazedGeek
He doesn't necessarily need to -- Calyx could operate as an MVNO of one of the
major mobile networks.

------
SkyMarshal
> "Merrill has formed an advisory board with members including Sascha Meinrath
> from the New America Foundation; _former NSA technical director Brian Snow_
> ; and Jacob Appelbaum from the Tor Project."

I find that interesting. Indication of dissension in the ranks of the NSA over
how far to take domestic surveillance?

~~~
kijin
_former_ NSA technical director. AFAIK he's been "former" for quite a few
years now.

------
bostonvaulter2
Is there any way we can contribute to or sign up for notifications on this?

~~~
mdaniel
The fundraising site allows one to contribute any amount, so you could
contribute $1 and would then be "a contributor" and presumably would receive
status updates.

------
bostonvaulter2
Wow, only 6 days and this link is already broken.

------
excuse-me
So? They still have your credit card details to pay for the service, your cell
phone location, the recipient of each email and the web pages you visited.

The actual contents of the emails is pretty much irrelevant- I'm pretty sure
that international terrorists probably use code.

I'm also pretty sure that having one of these accounts and a series of logs
showing your access to online gambling or movie sharing sites or banks in the
Caymans is going to trip the same alarm bells.

~~~
sounds
I want Calyx to succeed. I really do.

But you said it: there's still too much identifying information left on the
table.

There's another angle that threatens Calyx, too: they're just one rider on a
"must-pass" bill away from being shut down and tied up in court. Or worse,
made to _silently_ monitor your traffic after all their publicity about their
privacy.

National Security Letters make it clear: the gag orders mean even if Nick
Merrill wanted to tell you his company had been compromised, he wouldn't be
able to.

There does seem to be a technical workaround, known as a "canary," where Nick
Merrill posts a daily message far and wide signed from an air-gapped
physically-secure private key that basically says, "Today is 11/Apr/2012.
Under penalty of perjury, I have not been served with any legal threats."

Thus, the day the "canary" stops appearing, it becomes obvious what has
happened; it seems that our current legal climate probably cannot compel him
to _commit_ perjury, and his _inaction_ in posting his "canary" does not
constitute a violation of any gag order; ironically, he conforms to it and by
so doing alerts his customers to the problem.

Problems with this approach include:

• All the sites he has been using for the canary could get shut down
simultaneously a la Megaupload

• Compromise of his private key

• Dwindling interest by his customers in checking multiple sits every day,
even if the process can be mostly automated

~~~
anigbrowl
_"Today is 11/Apr/2012. Under penalty of perjury, I have not been served with
any legal threats."_

Under penalty of perjury is a meaningless phrase unless a court or other
authorized body is requiring that statement of you. Look: under penalty of
perjury, I am Chief Justice John Roberts of the United States Supreme Court.

Well, I'm not Chief Justice John Roberts. I lied about that. Am I in danger of
going to jail for contempt of court? No, because nobody with judicial or
administrative power required me to make a truthful declaration. Rather I made
a statement I wanted you to believe and attached a common legal incantation to
it - little different from a religious expression, such as 'God strike me dead
if I lie.' In earlier times when people had little understanding of science,
the sheer randomness of the world was attributed to mysterious divine
provenance, and of course every so often these beliefs are validated in such
dramatic fashion that the story is repeated
(<http://members.tm.net/lapointe/Lawyers3.htm> for example, from 1988).

An awful lot of hackers I've met seem to think that law is strictly a matter
of form, that if you say certain words in a certain order legal validity (and
thus, truth-value of some sort) automatically attaches to them. This is not
how law works, this is how magic works - and it's a good example of Arthur C.
Clarke's comment that 'any sufficiently advanced form of technology is
indistinguishable from magic.' Legal conventions are a form of social
technology, and can not be taken at face value this way, any more than
nontechnologists can foretell the future from blinkenlights.

~~~
Wilduck
It's the same notion that compels people to write "I don't own this song"
under the youtube uploads of albums, as if mentioning copyright issues
absolves you from them.

That being said, there are magic words that you can say that have very strong
legal weight. For example, attaching a GPL licence to a piece of code you
wrote has significant legal ramifications.

It's clear that "Under penalty of perjury" doesn't accomplish the intention of
giving a canary message greater legal weight. I am, however, curious if there
are some other "magic words" that could exist in a canary message which would
help to signify its validity. For example, making it illegal for someone to
fake the canary message.

~~~
anigbrowl
I actually don't know if the government could require you to falsely affirm
the nonexistence of a legal investigation as part of a gag order - in other
words, if you simply stopped publishing your canary message, whether you could
be required to do so. Perhaps the failure to comply with such a request would
qualify as an obstruction of justice if therre were a colorable risk of it
impeding a lawful investigation by tipping off the subject of the
investigation; law enforcement officers with an appropriate warrant or
authority could require an explanation of how the canary mechanism worked, in
the same way that they could require you hand over keys to one's safe, say.
There's no right to silence for non-defendants such as material witnesses.

~~~
sounds
First, thanks for adding good insights into what would (and would not) stand
in court.

Would a 5th Amendment right (not witnessing against herself / self-
incrimination) protect the owner of the ISP against a charge of obstruction of
justice?

i.e. Owner of ISP refuses to post the canary after a gag order. She is not
named as a defendant in the investigation. But she can defend herself against
obstruction of justice charges: plead the 5th, and thus she is not compelled
to falsely affirm the canary.

It's not clear this would work, either, but there might be some pretty solid
precedents that could be used in this way.

------
cnbeuiwx
Good idea but you cant trust anyone but yourself. The United States is a
prison from now on.

