This post is also available in: German

For Civil Rights activists Nicholas Merrill is a hero. The American has achieved, where Apple, Facebook, Google, Yahoo and Microsoft have failed: He (successfully) fought a Security Letter by the FBI.  

The conversation took place on March 8 in Austin, Texas

Why did you decide to fight the government?

That’s a very tough question. At first, I questioned whether I was right or wrong, and I questioned, “Am I doing something really wrong here by impeding law enforcement? Is there something really bad that’s going to happen?” You have to understand, this was in two thousand four, and September eleventh was not that distant in our memories as it is now, but as time went on, it became much more apparent that I was right, and I began to feel quite relieved, actually, because I knew that I hadn’t done something terribly wrong.

I started to wonder, “What is this going to mean down the road?”

I began to understand that the government had no legal basis to request this information, and if they had a legal basis, they would have and could have gone through the court system and asked the judge to approve getting this information. So, essentially, I did this out of concern for the basis of what America is supposedly supposed to be. Like, the way you’re taught about in school when they teach you to be the idealistic version of… Well, we have this, the three parts of government, and there’s a delicate balance between them. I saw that flying out the window, and it was very concerning to me on a long-term, and the very long term. I started to wonder, “What is this going to mean down the road?” And today, I’m very glad that I made the decision that I did.

How were you able to succeed where big companies have lost?

I come from the world of telecommunications company. So, when I say that, I mean telephone companies, and internet providers, and I spent a lot of my time wondering why they didn’t do something. It was only later that it started to become apparent that some of the other huge problems were these web based businesses, the ones that are behind big data, the Facebooks, the Googles. The conclusion that I came to was that it’s not profitable for them to fight the government, and that’s not why these corporations were set up.

I think that if you expect large corporations to be the cavalry that comes on the white horse to save us, I think you might be misunderstanding what corporations are at their heart, and that’s why I think if you stop and take a look back, and think, like, who are the organizations that have really made a large effort to fight against these types of unconstitutional orders for information, you’ll see that a company like mine where it was essentially just me that made the call, and I have no fiduciary duties to anyone, and no board, and no shareholders.


The other example that comes to mind is Lavabit Ladar Levison, same exact situation as me, no one to answer to, no shareholders, no legal department. It seems like the small companies have really been sort of the vanguard of this resistance movement. The big companies such as Google and Facebook, and Twitter in particular have now been kind of following the lead of the same guys, and they’re doing it, though, not because they are civil libertarians, but because they see a business interest in doing so.

You have to create a business case that makes privacy profitable

That’s something that I’ve been really interested in trying to create is a business case for the incumbent companies, the incumbent telecom providers, and the incumbent large businesses to see that there is a compelling business reason for them to want to defend people’s rights. Because I don’t think that you can entice them with stories of glory, or like in my case, ten years being dragged through the court system, and almost winning, but never quite winning. That’s not a very… Like, say, “Come on, follow me and we can almost win together, and not quite win.” That’s not exciting, but you have to sort of create a business case for them that makes it profitable, and makes it presentable to their investors. nsa-google Another reason why companies don’t resist is because they do business with the government in one way or another, whether it’s selling them data, or whether it’s actually having a providing service to the government. You know, the big telecom providers, lets say AT&T, and Verizon, and Sprint, they sell fibre optic lines to the government, and from what I’ve noticed, the government pays a lot more than the general public pays. So, they’re very lucrative clients that they want to keep.

They’re not evil, it’s something much more complex than that, it’s shades of grey

On top of that, these companies are sometimes pulled into Washington, they’re called to testify before congress based on their business activities, and they don’t want to be thought of as that bad egg, the one that doesn’t play along, the one that doesn’t do… The government sometimes calls us good corporate citizenship. They try to portray it as, if you’re a good corporate citizen, you do everything that we tell you to do. I don’t personally subscribe to that belief, I think that that’s a duplicities kind of thing to say, but I’ve tried to understand why these companies did not resist, and I’ve tried to think of it from their point of view, and understand why because I don’t think the answer’s as simple as they’re evil, it’s something much more complex than that, and it’s shades of grey.

How come that no company was held accountable violating their users rights?

There was an interesting thing which happened here a few years ago, which is that when it turned out that a lot of the telcos were complying with illegal government orders for information, the government, and the telcos recognized that they had broken the law, and the US congress actually granted them retroactive immunity for all the laws that they had broken. This was like a really upsetting thing for people that I know that work in this field of internet freedom. It’s a tassel acknowledgement that they all broke the law, and that they conspired to break the law together, but they were given immunity by passing a new law which said that whatever you did in the past that was illegal, you can’t get in trouble for, and there’s sort of like a handshake, smoky back room thing going on, I think.

Another factor to consider is that when you have a giant company, like lets say AT&T where even the huge banks, there’s a lot of crossover between the people who run the security departments at those kind of corporations, and former law enforcement. So, you’ll often have, like the former head of the New York police department which is now the head of security at JP Morgan Chase bank, you get retired FBI agents going to be the head of security at AT&T. And so, when someone comes in the door, it’s like, “Oh, Jim. Oh, Bob, how you doing? Oh, could you give me this information?” And they’re kind of like, “Yeah,” ‘cause they’re all on the same page together. Now, don’t mistake what I’m saying, they have legitimate goals, they do want to keep the country safe. I’m not one of those people that’s gonna tell you that they’re just bad, and that’s why they do it. No, they actually have a legitimate goal, but they somehow grow into this mentality of the ends justify the means, and ignoring the long term effects that breaking down the system of controls, and of balance between the three sections of government is going to have on the country down the road.

Who is the greater threat: large corporations or the government?

In my estimation, it sort of becomes very blurry. Our constitution didn’t sort of envision that there’d be a huge privacy problem from companies, and the most basic privacy law, which is the fourth amendment of the US constitution is about being protected from the government seizing your data, but it doesn’t protect from private organizations having your data.

Outsourcing the data to ovate companies is like a shell game

So, if the government outsources this part of their activity to private companies, and private corporations, then no one’s done anything wrong, and then that’s considered legitimate. It’s like a shell game, you know, they’re like, “Oh, it’s not here, it’s there,” and then they play games, and they’re, “Oh, it’s not me, it’s them,” but essentially I felt like they were deputizing me, they were saying, “Now you are an agent of the government, now you have to do this collection for us, and you have to give us whatever information that you have collected,” and it was not a willing, co-operative arrangement, it was they were trying to compel this type of thing, and I felt very uncomfortable with that, of sort of being forced to be an informer.

What do you think about the reform that Obama has announced?

The problem is far from fixed. There are a lot of arrangements right now where the government of the United States has admitted wrongdoing, and then they say, “Now we promise voluntarily to change our ways,” but they’re not actually prevented by doing the type of abuse that they’ve done by law, and there’s no oversight mechanism to actually prevent this from happening again. And so, when you have these sort of voluntary arrangements, it makes me very uncomfortable because the next presidential administration may not respect these agreements, and they’re under no obligation to do so.

Are we safer today, better protected against terrorism?

I think that one could make a very compelling argument that governments are being inundated with so much data, so much raw data, so much information that they’re capturing through surveillance that there’s no conceivable way that they can make any sense of this data. As time goes on, and as they gain access to more and more information, it’s gonna actually make us less safe because they won’t be able to find the needle in the hay stack, they won’t be able to make us safer because instead of going after individuals based on some kind of suspicion, they’re going after everyone and everything.

I think that you can prove through evidence the efficacy of dragnet surveillance is lower than the efficacy of going after people based on individualised suspicion. My deep fear is that we’re undercutting democracy, we’re undercutting civil society in the hope of becoming more safe, and that in the end we’re not actually more safe. It’s all security theatre, but we’ve undermined what we love about being in a free and open society. And so, that’s really my deepest, darkest fear, that what if that happens? What if we’ve thrown everything out the window that we thought was great about democracy, and we’re not more safe either?

Is privacy over?

With my non-profit, I’ve been working a lot on trying to form coalitions, and trying to find certain points of unity that we can all agree on. I started to meet people from the government who told me that they actually agreed strongly with a lot that I had said. I think it’s wrong to view the government as a monolith, and I think it’s also a mistake to even view a single government agency, like take the NSA, as being a monolithic entity, because it’s a collection of individuals, and not only that but even within that agency, they tend to describe themselves as being in one of two camps. One of them is called the Code Makers, and they encrypt everything, and the other is the Code Breakers, and they try and crack everything. And I don’t really have that much of a problem with the Code Makers, I think that that’s a valid mission.

If I argued in court like the NSA, I would be in jail

I don’t necessarily have a problem with the Code Breakers either, but there are supposed to be some restrictions on the NSA that they’re not allowed to spy on Americans, and this is a bedrock restriction that was placed on the NSA from the very beginning, and anyone that knew anything about it knew that they were not allowed to spy on Americans, but like the classic slippery slope thing, this has been getting chipped away at slowly and slowly, and slowly, and now they give these sort of disingenuous answers like, “No, we don’t spy on Americans intentionally,” and so, they know that they are, but they’re claiming that that wasn’t their intent. I think that if I argued that in court, I would be in jail.

What’s your greatest concern?

People from the government are not being held to account for lying to congress, and saying things that are obviously not true under sworn and testimony, which is a huge crime, that’s a felony, you’re supposed to go to prison for that, and I’m seeing that it’s not happening, and that’s part of what’s making me really wonder about this selective enforcement of the laws, giving companies retroactive immunity for crimes they’ve committed, allowing people to lie before congress, and not having them held to account. These are things that happen in corrupt, failing countries, and I’m worried that this country can become if it isn’t already.


Hat Ihnen der Beitrag gefallen?
Bitte unterstützen Sie mein Blog mit einer Spende.

Leave a comment

Your email address will not be published, mandatory fields are marked with an *.

  1. […] customers’ data; some even went bankrupt over it. The most spectacular cases were Lavabit and Calyx Web Services. Last year I commented on both of them in this […]