Surveillance Proof

Saturday, 14 July 2012

As government agencies in the United States, the United Kingdom, Canada, and Australia push for increased surveillance powers, one pioneering American is pushing back.

New York-based entrepreneur Nicholas Merrill is making progress on a project he revealed in April: an encryption-based telecommunications provider designed to be “untappable.” After crowd-funding almost $70,000 in donations, Merrill says that he has held talks with a host of interested venture capitalists and a few “really big companies” apparently interested in partnering up or helping with financial support. Now the “surveillance-proof” software is in development, and he is on track to begin operating a limited service by the end of the year.

Merrill’s ultimate aim is to create a telecommunications infrastructure that inhibits mass surveillance. First, he is building an Internet provider that will use end-to-end encryption for Web browsing and email. Then he plans to roll out a mobile phone service that will enable users to encrypt calls, making them difficult to intercept. The key to decrypt the communications would be held by each individual customer, not Merrill’s company. Because the telecom firm would be unable to access the communications, law enforcement agencies that want to read or listen to communications would be forced to serve warrants or court orders on individuals directly. “This would make it impossible to do blanket, dragnet surveillance of all the customers of a telecommunications carrier,” Merrill says.

The idea for the project is not to help bad guys evade detection, though undoubtedly that’s how some critics will see it. Rather, Merrill is particularly keen to develop the technology to help journalists and human rights organizations—groups, he says, “whose right to confidentiality is more or less accepted under the law.”

Merrill has a strong record of defending user privacy. In 2004, he became the first ISP executive to successfully challenge a secret FBI “national security letter” demanding he hand over customer information. His willingness to question the constitutionality of the secret letter at the time put him at odds with most major telecoms providers, which have a poor track record when it comes to protecting customer privacy. In 2005 and 2006, a number of companies were revealed to have handed over troves of customer data and opened up wiretaps to the National Security Agency, sometimes without a warrant.

Today, Merrill admits prospective funders of his latest project have expressed concerns that it could lead to a confrontation with powerful actors (“It’s challenging to go up against some of the forces that are trying to open up all communications to wiretapping,” he says). But he is trying to address this by showing that government and law enforcement agencies could themselves benefit from his technology. Cybersecurity and privacy are part of the same problem but framed differently, he believes. Both could be addressed at once by ubiquitous encryption of communications and data transfer—protecting user privacy while also helping prevent malicious hackers from stealing information.

Some establishment figures have already been won over by Merrill’s argument. The advisory board of his nonprofit research institute, Calyx, which is developing the technology, includes a former NSA technical director and a former federal prosecutor who is also ex-CIA. Whether he can get the backing of current members of the U.S. law enforcement community, though, is another matter altogether. Merrill’s technology could be seen as creating extra barriers for law enforcement and the authorities would likely oppose it for that reason. Existing U.S. wiretapping law, called CALEA, states that telecom providers "shall not be responsible for decrypting" communications if they don't possess "the information necessary to decrypt.” But that may change under reforms proposed by the FBI, which is actively seeking more surveillance powers.

As governments increasingly move toward expanding their power to conduct electronic surveillance, it is inevitable that innovative technologists, software developers, and cryptographers will work to help people protect the privacy of their personal communications. Earlier this week the NSA’s chief tried to quell concerns over allegations that it is building a huge domestic surveillance center in Utah, dismissing whistle-blowers’ claims as “baloney.” Given the NSA’s recent history, however, it is likely many Americans will remain skeptical about the spy agency’s reassurances—and some will turn to encryption.

Merrill aims to launch his telecommunications firm first in the United States before tackling the international market, where there are also mounting concerns about government surveillance schemes. “We’re not trying to force people to use our service,” Merrill says. “What we’re trying to do is re-envision how the telecommunications industry could work if privacy and encryption technology was built in from the beginning.”

This article first appeared at

Web of Deceit

Thursday, 5 July 2012

Some were grabbed off the streets, blindfolded and bundled into the back of a car. Others were detained at airports and taken away by force on small private jets, often to secret locations in countries known for torture. Extraordinary rendition, a kind of state-sanctioned kidnapping that breaches international law, became a popular method used by US authorities to capture terror suspects in the years following the 2001 World Trade Centre attacks. But only now are full details about the practice, and the many corporations that have profited from it, beginning to emerge.

In recent weeks human rights group Reprieve has been publicising some of the private companies that helped organise the renditions, most carried out under the authority of the George W. Bush administration between 2001 and 2008. Among the firms are military contractors such as Virginia-based DynCorp, paid to organise the logistics of rendition flights to places like Thailand, Egypt, Syria and Morocco. But there are also less conspicuous firms that played a key role, some with strong UK connections. One is Computer Sciences Corporation (CSC), an IT firm that has held contracts with the NHS and Transport for London.

“The role played by the prime contracting companies – DynCorp and CSC – was extremely significant,” says Crofton Black, a Reprieve investigator. “They basically ran a significant proportion of the entire project in terms of helping move people around between detention sites. The various operating companies that provided the airplanes and crews are significant too, because it’s unlikely these guys didn’t know what was happening in their planes.”

According to Reprieve, court documents show that CSC organised rendition flights on behalf of the US Central Intelligence Agency (CIA) to carry prisoners between a number of locations, including the notorious Guantánamo Bay detention camp and secret “black sites” in North Africa, South East Asia and Eastern Europe. It is alleged that the prisoners were held incommunicado and tortured during lengthy interrogations. CSC, which turned over £10.2 billion in 2011, has a string of British investors, including Barclays, Lloyds, HSBC and Prudential.

Earlier this year, Reprieve wrote and asked CSC to sign its “zero tolerance for torture” pledge promising that it would not be involved in rendition, secret detention and torture in the future. The company declined, saying that individual pledges on specific topics were “not within the framework” of its existing corporate responsibility programme. Reprieve is now writing to investors in the firm asking them to “confirm whether investing in companies implicated in torture is compatible with their ethical commitments.”

“CSC has explicitly refused to rule out taking on such missions in the future,” Black says. “It’s fine for the investors to say, with the benefit of hindsight, that ‘we didn’t know such missions were going on in 2005.’ But they can’t say that anymore. So they have to come to come to terms with the fact that they are investing in a company that has basically made a commitment not to honour international law, which is effectively what CSC refusing to sign the zero tolerance for torture pledge means.”

At the same time as details about private companies’ involvement in extraordinary rendition continue to emerge, new information about the scale of Britain’s role in the programme has also been revealed. In the wake of the civil war in Libya last year, documents were uncovered showing in 2004 MI6 had helped US authorities abduct Libyan dissident Abdelhakim Belhadj and his pregnant wife in Bangkok, where they were flown to Tripoli and abused by Muammar Gaddafi’s secret police.

Belhadj is now suing MI6 and then-foreign secretary Jack Straw, a serving Blackburn MP, for complicity in torture and misfeasance in public office. Government sources say MI6’s role in rendition was part of “ministerially authorised government policy" – but Straw has gone on record claiming that "no foreign secretary can know all the details of what its intelligence agencies are doing at any one time."

In other countries, too, the repercussions of extraordinary rendition continue to be felt. In March, Poland became the first EU country to indict one of its officials over CIA renditions, with the country’s prime minister promising an end to “under-the-table deals." It is alleged that a military garrison in the north-east of the Poland was used as a CIA black site where terror suspects were interrogated and subjected to waterboarding, a kind of torture that makes a person feel as if they are drowning.

Some details about the rendition programme, like the names of the terror suspects involved, are difficult to establish as they remain classified. But more revelations may soon emerge as part of a major new academic effort to pull together all of the information that has so far been published about extraordinary rendition. Launched by University of Kent academic Dr Ruth Blakeley in May, the Rendition Project is studying reams of court documents and flight logs, collating data about hundreds of victims of rendition and secret detention since 2001. It hopes to chronicle the 45 countries, 6500 flights and 140 aircraft allegedly connected to the CIA renditions programme.

“I don’t think the world is very well informed about the types of things that governments in the US and UK do,” Blakeley says, explaining her motivation for starting the project. “On both sides of the pond current governments don’t really want to carry out investigations [into rendition] because their own records are not that squeaky clean either.”

Prior to coming in to office in 2008, US president Barack Obama condemned many of his predecessor’s more aggressive counter-terror policies. He barred waterboarding and signed an executive order entitled "Ensuring Lawful Interrogations," designed to increase oversight. But he didn’t outlaw extraordinary renditions. Obama has also significantly heighted the use of unmanned military drones, remotely controlled aircraft that are used to bomb suspected militants in places such as Pakistan and Yemen. Some argue that, to avoid using the costly and controversial rendition method, Obama has favoured drone strikes – killing rather than capturing.

“It’s expensive to detain people in prison,” Blakeley says. “A lot of people say drone attacks are Obama’s preference because you just get rid of the people and you don’t have all the messy stuff afterwards to deal with... It avoids the public outcry around rendition.”

London-based human rights group Cage Prisoners, founded by Birmingham-born Moazzam Begg, a former Guantánamo detainee, believes rendition is still happening today but on a lesser scale. The group, which campaigns to raise awareness about individuals held extra-judicially as part of the so-called War on Terror, argues public inquiries into extraordinary rendition are the only way to redress the abuses of international law that became commonplace after 2001.

“There’s no way that we can adequately compensate those who had these things happen to them,” says Asim Qureshi, executive director at Cage Prisoners. “In the grand scheme of things, for those people inquiries mean nothing, because they’ve already had their lives ruined by renditions.

“But for the future they become important, because this is effectively the way the human rights industry can fight back – by bringing these legal cases, by having the process of accountability, and by really placing the emphasis back on due process and the rule of law.”