Online privacy has been in heaps of trouble this past year. SOPA and PIPA were the highest profile attacks, but they weren’t the first and certainly weren’t the last.
Mere days after SOPA failed, anti-piracy advocates in America switched support to the Cyber Intelligence Sharing and Protection Act, intended to cut down on electronic threats to copyright and the government. Just as SOPA, though, it was worded so that anything that is considered a “cyber threat” is also grounds for the government, tech firms and other security companies to share customer information. What’s more, these companies wouldn’t even have to let you know this is happening. While the intentions are good, the phrasing is ambiguous and well suited to abuse.
On top of that, the Recording Industry Association of America is rolling out a partnership with various internet providers this summer to track peer-to-peer networks and cripple the internet connections of pirates (with no legal process involved). What this all seems to point toward is that companies are making their play to control the internet as much as they can. While the intent is to protect copyright, we have a court system to prosecute lawbreakers, and it doesn’t seem like companies need to take matters into their own hands.
Despite all the support the SOPA protests received, it seems that our own providers are more than willing to comply with unreasonable laws and store our private information for years. They would restrict our use of the internet to what they (or their partners) deem appropriate. This is not what we signed up for. They are service providers, not service deciders. Their job is to provide internet access, nothing more or less. Storage of our personal data goes beyond what providers are required — or even obligated — to do.
With Verizon handing data over to the FBI without warrant, and AT&T illegally opening their network to the NSA (which was retroactively made legal), there isn’t any particularly moral precedent for ISPs to base their information policy on. Because these are government agencies, companies seem to automatically comply with whatever they want, despite these actions undermining consumer trust.
However, it seems there’s still one company on our side.
In 2004, Nicholas Merrill, founder of Calyx Internet Access, was asked by the FBI to give up private information on customers. Merrill took initiative and fought the order, fighting in a case that he wasn’t able to publicly talk about until 2010. Merrill currently plans to start a brand new ISP — one that would be technologically incapable of accessing its users’ information through encryption. This is a loophole in the laws that have been set up to get user information from service providers. Currently, a company is not required to have backdoors into their own system. If the company is incapable of accessing client data, outside agencies have no methods of access either. Merrill’s current plan is to reinvent Calyx and provide the service within the year.
From what I’ve seen, this is the first time an ISP has acknowledged that data is private. As previously stated, companies prefer compliance to defense of their customers, and that shows no real signs of stopping. ISPs are naturally monopolistic, as running redundant lines to the same location is extremely cost prohibitive. Unlike with SOPA, it is difficult to protest what is often our only option of accessing the internet. For new and consumer-concerned companies like Calyx, a lot of capital is required to compete with the already entrenched internet provider. In these situations, our only real option is to provide what support we can to the companies that keep our privacy their first priority. Merrill has looked into crowd-sourced funding for Calyx to prove that people want to see this project succeed, and invites supporters to donate to Calyx’s contribution page on http://IndieGoGo.com. Now it’s time for us to put our money where our mouths are and show that we’re ready for an internet that respects our privacy.