Shostack + Friends Blog Archive

 

Calyx and the Market for Privacy

So there’s a new startup in town, The Calyx Institute, which is raising money to create a privacy-protecting ISP and phone company. I think that’s cool, and have kicked in a little cash, and I wanted to offer up some perspective on the market for privacy, having tried to do this before.

From 1999 until 2002, I was Director of Technology and Most Evil Genius at Zero-Knowledge Systems, a Montreal-based startup devoted to delivering privacy-enhanced internet services. Zero-Knowledge raised approximately $71 million dollars to deliver internet privacy, and then had to pivot its business model (before pivoting was trendy). Because management pivoted and found value in what we had built, it didn’t deliver on the privacy dream, but the company did make good money for shareholders.

It’s my hope that Calyx can deliver more privacy to more people over a longer time, and make money for shareholders as it does so. To do that, they’ll need to move from the excitement accompanying their announcements to delivering products in the market. So let me turn to:

The market for privacy
There’s a lot of excitement. Nearly a thousand people have donated cash. They’ve put together a nice advisory board. That’s because people care about privacy. A lot of folks claim that there’s no market for privacy (pointing to things like Zero-Knowledge), but I believe that they’re wrong. There is a market, and it’s hard to tap into.

One of the key reasons it’s hard to tap into the market is because privacy means different things to different people. It means so many things that there’s a good book on “Understanding Privacy.” (My review.) So, does privacy mean the same thing to consumers as it will to Calyx? Resisting demands from 193 national intelligence services is great, but what about protecting me from advertisers? The disjointed things people mean by privacy make it challenging to ensure that you line up with people’s concerns.

Another issue is that privacy is rarely a thing sold in and of itself. Privacy is an aspect of some service, either by providing a privacy-protecting version of the service, or privacy protection against the service. A privacy-protecting ISP has to offer me ISP service equivalent to what I get today, or some bundle that makes sense for me. For example, I pay extra because Speakeasy didn’t demand my SSN, and had technically competent people answering the support phones. They’re less awesome since Megapath bought them, but they’re not Comcast, and they’re not running for most infuriating company in the country. Tor is an example of privacy protection against your ISP. You have to get the whole bundle right, which is likely going to be harder than getting the bundle right without privacy. Of course, sometimes it’s easier. By billing my credit card, Speakeasy doesn’t need to collect my SSN, doesn’t need to protect it, and doesn’t need to pay for a credit check. (They do have to pay a monthly cut to the credit card company, but Comcast probably also pays that for most of their customers.)

That said, consumers do care about privacy, and do spend money on it when they can understand the threat and defense. It requires entrepreneurs and hackers willing to experiment. and eventually someone’s going to make a boatload of money doing so.

For more in-depth comments on this, see my home page, especially the end of 2002 and the start of 2003.

With that, let me turn to some questions about…

What Calyx is doing
Let me start with two quotes, which is the sum of my knowledge:

This project’s goal is to raise funds for my nonprofit organization, Calyx Institute, which will launch a privacy-focused Internet Service Provider and mobile phone service using end-to-end encryption technology.

and

Through other partnerships, we are poised to offer Internet service in 70 markets in the US using wireless spectrum which we will bundle with end-to-end encrypted Virtual Private Network (VPN) technology in order to keep the customer’s data as private as possible. The next products on the roadmap include hosted email and cloud storage/sync systems that utilize public key cryptography so that only the user possesses the key required to decrypt their email or files. This means that the provider (Calyx) will not be able to read your email or files even if it wanted to. And if Calyx can’t read it, it can’t be targeted by unconstitutional surveillance tactics. (Both quotes from “The Calyx Institute fundraising page“)

So running a privacy-preserving ISP is great. And again, I want what I have to say to be heard in the context that I’ve given them money to help them get going.

My first questions are around the ISP part of the business. Is this an ISP in the form of “I can buy a DSL line from them?” (or otherwise, get internet service directly?) If it’s a partnership, how are we protected from the partner? Encryption is all well and good, but if I don’t have cover traffic, then my use or non-use of the service gives out information. Someone at the entry node (say the partner) who choses to collaborate with someone who can watch the exit node (say the NSA, or the FSB/KGB) can figure things out over time. This issue is fundamental to all low-latency internet-based privacy systems, including the Freedom Network that Zero-Knowledge operated, Tor, etc. The fix is approximately sufficient and continuous cover traffic that exceeds the bandwidth in use.

The second comment, which derives from that is “if Calyx can’t read it, it can’t be targeted by … surveillance tactics.” That is simply untrue. An observer which can see more can apply more clever analysis. I’m willing to forgive this as an aspirational statement today, but it’s important for privacy providers to ensure that they don’t over-promise.

My next question is why New York? Because the founder is there? The NYPD has done some bad things in the civil liberties camp, including for example surveillance of mosques without cause [link to http://www.lawofficer.com/article/news/us-attorney-general-investigat no longer works], kettling and rounding up protesters and bystanders without cause during the 2004 Republican Convention. Does New York have the most favorable laws in the US for this sort of thing?

When we get to the phone company idea, I’m in favor of the idea, but operating a nation-wide mobile phone service is expensive. If you don’t do so yourself, you can operate a “Mobile Virtual Network Operator.” But if Calyx does so, then the network operator from whom it leases bandwidth can see IMEI numbers and otherwise fingerprint phones. There are some interesting challenges here, and we need to know more to understand what Calyx can deliver.

In conclusion
There is a market for privacy, and there is a market for private internet services. Calyx has an opportunity to tap into such a market, but it’s tricky and complicated to do so successfully. There are a lot of hard questions to be addressed along the way. However, it’s important to remember that privacy is an important and cherished value for excellent reasons. Calyx is unlikely to be either perfect, or as bad as the main players in today’s market. So they deserve your support, your attention, and perhaps even your money. Why not go donate?