clock menu more-arrow no yes

Filed under:

Utah ISP owner describes the NSA 'black box' that spied on his customers

New, 50 comments

There's been more pushback on privacy from the private sector ever since leaked documents revealed the existence of massive NSA spying programs that tap into consumer services. But the owner of XMission, a small ISP in Utah, has been especially adversarial towards the secret FISA court orders which force companies to give data to the government. After publishing a detailed list of government orders the company has received, CEO Pete Ashdown has offered some clues as to what happens when an internet service provider is forced to comply with a FISA surveillance order.

Speaking to Buzzfeed, Ashdown says that an order he received in 2010 — the only one he says his company was unable to turn down — required him to install equipment allowing the FBI and NSA to directly monitor one of his customers. The hardware took the form of "a little box in our systems room that was capturing all the traffic to this customer. Everything they were sending and receiving," he explains. "There was discussion [amongst employees] asking, 'What is that box?' I said, 'It is something I am dealing with,' and usually that was where it ended."

"If they want to come back and haunt me, fine."

The company's physical location has special significance given the massive NSA data center that's nearing completion in Bluffdale, Utah, which was the focus of a special report published in Wired last year. The facility, which has a projected cost of $1.5 billion, will store troves of foreign and domestic communications gathered by NSA surveillance programs, and will likely devote much of its immense computing power to unraveling the complex mathematical ciphers which encrypt data.

Other small ISPs have fought back against government orders, such as FBI-issued National Security Letters. The Electronic Frontier Foundation lists the California-based as the only provider to receive a perfect score in their annual "Who Has Your Back?" report, which rates companies based on how they stand up for user privacy. But most of this opposition happens in the dark, since ISP owners receiving such orders are usually restrained by gag orders preventing them from publicly acknowledging the demands. In 2010, Nicholas Merrill, the owner of a small ISP called Calyx, had a gag order partially removed after years of litigation, making him one of the only people to have successfully done so. XMission's Ashdown says he is similarly restrained: "I would love to tell you all the details, but I did get the gag order," he said. "I have probably told people too much. That was two years ago. If they want to come back and haunt me, fine."

Read More: Everything you need to know about PRISM