NEW YORK—Nicholas Merrill wants to change the world. So he tells me over rice and beans at Lupe’s East LA Kitchen in Soho, roughly a dozen blocks from where the World Trade Center once stood. He is perfectly serious. At 39 years old, with thick blond hair, a goatee the color of shaved carrots and the zeal of an idealist half his age, he describes his plan to rework the Internet landscape to protect the privacy and speech rights of individuals and organizations.
Merrill achieved national fame in August 2010 when he was partially released from a gag order forbidding him to discuss with anyone the details of a secret demand for information sent to him by the FBI six years earlier. When he got the order, Merrill was running a small telecommunications company in New York City, providing Internet access to political organizations such as the progressive radio show “Democracy Now!” and the New York Civil Liberties Union, as well as a number of corporate clients. The letter, hand delivered to Merrill’s office by an FBI agent, demanded that he give up private records detailing some of his clients’ online activities and speak of the order to no one, including presumably his lawyer.
The FBI has issued nearly 300,000 “national security letters” to banks, telecommunication companies and other organizations since the Patriot Act expanded their use in 2001. The agency maintains that each request pertains to potential threats to the United States, though it appears that no single letter has yet prevented a terrorist attack. Official challenges to the practice seem to number in the single digits, but as they have been filed mostly in secret, their exact number is impossible to know. We do know, however, that Merrill’s case is among them.
Merrill challenged the constitutionality of the national security letter’s prohibition on talking, and during a years-long court battle, Congress amended the law to allow recipients such as Merrill to discuss the letters with their lawyers. In 2007 Merrill penned ananonymous letter about his experience for The Washington Post. When his gag order was lifted, he was allowed to discuss the issue with the public openly. But for Merrill, these victories were not enough.
Subscribe or “Follow” us. riseuptimes.wordpress.com.For the TC EVENTS calendar and the ACTIONS AND ACTION ALERTS click on the tab at the top of the page and click on the item of interest to view. WAMMToday is also on Facebook! Check the WAMMTodaypage for posts from this blog and more! “Like” our page today.
Out of his experience with the FBI, Merrill conceived of The Calyx Institute—a nonprofit “research, education and legal support group” with two objectives. First, to inform the public and shape policy conversations about privacy and freedom of expression on the Internet; and second, to provide the basis for an affordable, state of the art Internet service provider, a for-profit subsidiary that would use the institute’s own security software to protect users’ digital privacy from the prying eyes of identity thieves, data-mining businesses and governments.
In addition to agitating for privacy rights through Calyx, Merrill says his ISP would protect every piece of information a user’s computer or telephone sends out—browsing activity, emails, instant messages, phone calls, text messages, etc.—by scrambling the data in a process known as encryption, which makes the information unreadable to whoever might capture it. (The current practice of most telecommunication companies is not to encrypt data at all.) And here’s where Merrill’s innovation comes in: His ISP would not possess the “keys” that are needed to unscramble the data. Only his customers would.
This is a potentially revolutionary idea for the telecommunications industry. In 2005, The New York Times reported that major Internet and telephone companies—later revealed to include AT&T, Verizon and Sprint—helped the Bush administration spy on Americans in the years after 9/11 by simply handing over customer records. This would be impossible under Merrill’s model. Law enforcement agencies would have to go to individuals directly or spend vast amounts of time and resources trying to unscramble the encryptions.