How did a routine request from the FBI turn into a decade-long legal battle that helped reshape modern privacy law and ultimately inspire a new kind of mobile network?
In this episode, I sit down with Nicholas Merrill, founder of Phreeli and one of the most influential yet often under-recognized figures in the fight for digital rights. Long before privacy became a mainstream talking point, Nick was running an internet service provider that powered major global brands. That journey took a dramatic turn in 2004 when he became the first person to challenge the constitutionality of a National Security Letter under the Patriot Act, living under a gag order for years while the case unfolded. What followed was a deeply personal and professional transformation that led him to question whether litigation and legislation alone could ever keep pace with the scale of modern surveillance.
We explore how that experience pushed him toward a third path, building privacy directly into technology itself. From launching the Calyx Institute and developing privacy-focused Android software to raising a multi-million-dollar endowment for digital rights, Nick has spent decades turning principles into practical tools. Now, with Phreeli, he is taking that philosophy into one of the most data-hungry industries of all, mobile telecoms, reimagining what a carrier looks like when it is designed to know as little about its customers as possible.
Our conversation also tackles the shifting balance of power between governments and corporations in the data economy, and why the distinction between the two is becoming increasingly blurred. Nick explains the trade-offs involved in building a privacy-first operator in a heavily regulated market, the cryptographic thinking behind Phreeli's double-blind architecture, and why he believes consent and personal agency should sit at the center of the digital experience.
This is a story about resistance, resilience, and the belief that technology can be used to restore choice rather than quietly remove it. It is also a timely reminder that privacy is not an abstract concept for activists and engineers, but something as familiar as closing the curtains in your own home.
So after three decades on the front lines of this debate, what does Nick think most of us still misunderstand about our digital rights, and what single shift in mindset could change how we all approach privacy in the connected world?
Useful Links
[00:00:04] Is privacy something that we've all quietly traded away without realising it? Or is it something we can still take back? Well in this episode of Tech Talks Daily, we're going to be talking with Nicholas Merrill. He's a figure with a personal story that is directly woven into the modern debate around surveillance, free speech and digital rights.
[00:00:28] Long before privacy became mainstream, Nick was already challenging the systems that quietly recorded everything about where we go, who we speak to and what we do online. And my guest journey spans three decades from founding an early internet service provider trusted by global brands to becoming the first person to legally challenge national security letters issued under the Patriot Act.
[00:00:55] And it was this challenge that placed him under a government gag order for years, a period that forced deep reflection on how power, accountability and what privacy actually means when the state controls what you are allowed to say. So few people can speak about surveillance from both a legal and live perspective. And that experience shapes everything that he builds today.
[00:01:20] So I want to learn about how this path led to the creation of Freely, a privacy by design mobile carrier built on the idea that your phone should not double as a tracking device. Something that I think we're all becoming slightly aware of.
[00:01:35] So Nick will explain why telecom has become such a blind spot in the privacy debate and how corporate data collection and state surveillance are increasingly intertwined and why technology and cryptography might just offer more certainty than policy alone.
[00:01:55] So as phones become more powerful and networks more intrusive, what does it really take to rebuild trust in something that we use every day and that device that carries almost every aspect of our life on? Well, let's get my guest on that and find out more. So a massive warm welcome to the show. Can you tell everyone listening, Nick, a little about who you are and what you do?
[00:02:22] I am the CEO of a phone company called Freely. And Freely is trying to be more private than the big phone companies in the United States. It's such a timely topic right now. And I know that you've been pushing back against things like surveillance since the mid-90s. Maybe people were unaware.
[00:02:46] I think when you look at the privacy debate today, I've got to ask what feels generally different from when you very first started and what patterns feel depressingly familiar? Because you've been on quite a journey. You've probably been shouting about this stuff for years. But I think people are coming around to that now. Yeah. Yeah. I mean, I'm a middle-aged guy. I grew up, I guess, in a different world where you could go up to a payphone and drop a dime in the payphone and call someone.
[00:03:16] And, you know, you didn't have to show ID in order to use the phone. And cell phones weren't a thing when I was a kid. The internet wasn't a thing. You know, I started my career running an internet service provider. And internet service providers end up having a lot of records, typically. Records about when people go online, what they do when they're online.
[00:03:45] And those records can be really revealing about someone's personal life. And I found out the hard way when the government tried to collect a bunch of data from me in the year 2004. Essentially, the internet business and the telecommunications business have a problem in terms of keeping too many records that they don't really need.
[00:04:09] I mean, back in the 90s, people naively used to say, hey, if you've got nothing to hide, you've got nothing to fear. But I think we're beginning to see through that now. And to bring that to life a little bit, I mean, your legal fight began after receiving an FBI national security letter. That must have been a defining moment in modern privacy law for you. Living under a gag order for years is incredibly hard to imagine for most of us. So tell me about that experience.
[00:04:38] How did it change you? And how did it change how you might think about governments or authorities and individual rights? It feels like a real turning point for you. Yeah, it was. That was a pivotal moment in my life, for sure. I think that I always had been raised understanding the excesses of sort of more totalitarian forms of government.
[00:05:06] You know, I grew up during the Cold War and there was a lot of talk of, you know, what was going on in the Soviet Union or East Germany and the Sazi. And, you know, I had heard all kinds of stories, even from my parents, about traveling through Spain at the end of the Franco regime and there being soldiers on every corner.
[00:05:30] And so, you know, I was raised on an idea of American exceptionalism, of believing that the country that I grew up in was different, that freedom was sort of baked into our way of government and our system.
[00:05:49] And so when I got approached by the government to hand over a bunch of information on one of my clients and it didn't go through the normal legal process of going to a court and applying for a warrant based on evidence, I was taken aback. And I thought, hey, this isn't right.
[00:06:12] This isn't how I was educated to believe the American legal system is supposed to work. And so I raised an objection. And I guess I didn't realize at that point that the process of raising this objection would drag out for, you know, 10 years. Most of that time with me being under a gag order and unable to talk to anyone about it.
[00:06:39] But, you know, I don't know what I would have done if I had known that that's how long it would take and how worried for my own safety I would be during that time. But looking back on it now, you know, I'm happy that I did it. I wouldn't change a thing. But it really opened my eyes.
[00:07:00] And, you know, sometimes I talk about the time that I was under the gag order as almost being like a very extended period of self-reflection and sort of inner reflection because I couldn't talk to anyone. I couldn't talk to my normal support network, not my friends, not my work colleagues, not my parents.
[00:07:23] And so it was sort of like when, you know, someone goes and I always have this analogy in my head of someone going and sitting on top of a mountain and meditating for like 10 years and then coming back down from the mountain and saying like, hey, I figured something out when I was up there. And the thing that I figured out when I was up there was there were sort of three ways to deal with privacy. And one of them is litigation.
[00:07:53] So that means challenging things in court. Another avenue that we always have is legislation. So, you know, Congress or Parliament can fix, you know, problems in the law. And I started to feel after those 10 years a little bit suspicious of those two processes.
[00:08:21] It didn't feel to me like the litigation road was necessarily a good or an easy one. I mean, I had pro bono representation from the American Civil Liberties Union. And thank goodness for that, because my legal costs ran into the millions. And still, it's not a level playing field when an individual challenges the government.
[00:08:47] And so I also started to feel kind of suspicious of and feeling, you know, having dubious thoughts about the legislative process. It didn't seem like the Congress in the U.S. was really taking the problems, the degradation of individual privacy seriously. They would make little changes.
[00:09:15] But you could clearly see that as a society, we were going down a slippery slope. And so I guess part of my realization was that there's a third way to deal with it. And that way is through technology and encryption and math. And those are things that I believe in, and they are static and unchanging and simply true.
[00:09:41] So that's the path that I decided to take is trying to figure out how to get people more privacy using math and interesting cryptography and techniques like that. The technical path, I guess, is the third way. And when I was doing a little research on you, I was really in the middle of that legal battle. You wrote one of the only anonymous op-eds ever published by The Washington Post.
[00:10:09] What did that level of anonymity teach you about free speech when the state controls what you are and what you're not allowed to say? What did you take away from that period? Yeah, it was really mind-bending, let's say. When you learn about the American legal system, and I had taken constitutional law classes in university,
[00:10:37] you understand that the Supreme Court of the United States has very clearly said that there cannot be prior restraints on free speech. And I understand there are cases, like let's say someone is a spy that works for the government.
[00:10:59] Then you sign a confidentiality agreement, and that's different because that is a thing where someone agrees that that's consensual. But what was done to me was this gag order was put on me in a non-consensual way by the FBI and without proving to a judge that a crime had occurred or was likely to occur,
[00:11:26] which is sort of the basis for getting a warrant under our system. And from there, you later founded Calix Institute to build tools that resist surveillance rather than just talk about it, get frustrated or get angry about it. You actually did something about it. So why do you think that building alternatives is more effective than, I don't know, policy augments alone? What did you take away from that? And what inspired you to go out and do this?
[00:11:56] Well, to be honest, I'm not completely against people that work on policy angles. I haven't completely given up on them. You know, I still sign petitions and I write my representatives when there's interesting things going on in the Congress. But there are a lot of organizations out there that already are working on those angles.
[00:12:23] And so it seemed to me that my strength was in my ability to build privacy tools. And so it seemed like I should do, you know, I should use my strengths to my advantage in terms of trying to address this problem. So, yeah, at the Calix Institute, we built our own version of Android.
[00:12:50] The Android operating system is at least partially open source. And therefore, you can build your own derivative work based on it. And we made a version that makes privacy much more automatic. So the phone dialer app, for instance, would encourage people to use Signal to make encrypted phone calls.
[00:13:14] And we shipped private browsers like the Tor browser, for instance, or DuckDuckGo browser at different times. And we included free VPN services built into the phone. So we were doing all kinds of work like that. And I stayed there for 15 years.
[00:13:37] And then this past summer, I left and I started freely the phone company that I'm running now. And with this latest venture, you're taking privacy into the mobile carrier world, which most people listening might assume is beyond their control. But the tagline of the company is the privacy by design mobile carrier that you can trust. So tell me more about that.
[00:14:02] And are there any tradeoffs that you had to make to put privacy first in an industry that ultimately is built on data extraction? That's an interesting question, Neil. Yeah, there are some tradeoffs. For one thing, everything is harder when you try to do it with privacy by design,
[00:14:22] especially in an industry in which, as you correctly noted, typically it's built on saving all the data and using all the data. So we've essentially had to build everything from the ground up because we couldn't use the existing tools that are out there because it would just be an endless series of band-aids and modifications to try to make everything more private.
[00:14:51] So what we did was we started over and we built everything ourselves. And another challenge is that there are all kinds of regulations. The telecom industry is an incredibly tightly regulated industry. So there's all kinds of reporting that we have to do to the government in terms of just things like volumes of telephone calls.
[00:15:18] Like we had 100,000 minutes of phone calls this past quarter, something like that, like just aggregated, nonspecific data. So we had to examine all the obligations of phone companies in the United States in terms of reporting and then figure out what's the least amount of data we could keep and still comply with all the regulations.
[00:15:46] One of the formulas that we came down to is that, you know, we have to pay taxes. A phone company has to pay taxes in the United States to the federal government, also to the state governments in the 50 states, but also down at the county level as well. So all these different localities apply their own taxes to telephone service, and we are obligated to pay those.
[00:16:13] But it turns out that we don't actually have to know the identity of our customers. But we do have to know who we're paying taxes to, so where they're using the phone service. And so the information that we absolutely have to get from our customers is their zip code, their postal mailing zip code. And that allows us to know to whom we're paying the taxes.
[00:16:39] So essentially, yeah, the challenges involved in building such a service are that we literally had to go with a fine-tooth comb through the entire life cycle of a phone company and examine every part of it and then figure out what was the most private way to do all the steps involved. And you've worked with major brands while also challenging the U.S. government in court.
[00:17:08] I'm curious, from your perspective, which do you think poses the bigger risk to the average listener here, their personal privacy? Is it state surveillance or corporate data collection? Which would it be and why? And I appreciate it is a massive, massive question that's almost a podcast episode on its own. But what would you say to that person listening that's trying to weigh these two up? Yeah, no, it is a very interesting question. And we could go on for hours about it.
[00:17:37] I guess I could tell you what I think in a short way. I used to think that the government was a bigger threat to privacy. But, you know, big tech has changed a lot and has changed my thinking a lot. And essentially, there is a blurring of the distinction between public and private when it comes to data collection.
[00:18:02] So in some ways, it's all a continuum. You know, when government is banned from collecting data on people, sometimes nowadays they simply buy the data from private data brokers. So I remember back in the sort of olden days,
[00:18:27] noticing that there was a bit of a divergence between what people in the U.S. seem to think and what people in Europe seem to think. And the people in the U.S. seem to think that the government was the bigger threat for privacy. And people in Europe thought corporations were the bigger threat. But, you know, when you have, I mean, not to shame companies, but like you have Google, you have Microsoft, you have all the big phone companies,
[00:18:57] you have Facebook and big tech and all the different social medias collecting location data. And then millions of applications that you download from the app store for your phone. They're all collecting location data. And all this data is being fed into these private data brokers. It's really not simple to say, which is the bigger threat? Because ultimately, you know, even if that information was collected for a theoretically,
[00:19:28] you know, not evil reason, like just to sell you stuff, let's say, it ends up sometimes being used in unintended ways. So that's why I try to speak out in favor of this whole concept called privacy by design. And I wish that more people building startups and building applications would think about that when they're first getting started rather than as an afterthought.
[00:19:57] And you mentioned privacy by design there for the techies and people from Telco listening, thinking, well, how does all this work? Tell me a little bit more about the double blind armadillo architecture, the foundations of what you've built here. The double blind armadillo is called, it's a funny name. It's called that because our corporate mascot is an armadillo. Yeah.
[00:20:24] And the sort of concept behind the armadillo is that he's happy, right? You see our logo and he's a happy armadillo. And why is he happy? Because he has the agency to decide whether he's going to roll up in a ball and be armored or he has the agency to decide whether to unroll and expose his belly and trust whoever's there.
[00:20:50] So that represents basically you when you use freely as your phone company, feeling this newly revived power of agency. Double blind armadillo is a system that we developed with some partners of ours that are cryptographers. And it uses something called zero knowledge proofs.
[00:21:16] And zero knowledge proofs are a cryptographic technique that was developed a couple of decades ago, several decades ago in a science institute. And they essentially allow someone who is the prover to prove to a witness that they have some information, but without showing the information.
[00:21:40] So we developed an interesting technique that uses these zero knowledge proofs going in two different directions so that we can say to our phone service, this customer has paid their bill so they can continue using the phone for another month. And essentially, but without connecting the phone number and the person's identity, essentially it creates something called unlinkability.
[00:22:09] And it's a totally novel approach to a phone company. It sort of harkens back to the analogy I was using earlier when I said you, when I was a kid, you could go up to a payphone and drop a dime into the payphone and make a phone call. It's sort of just reducing phones from being essentially like a tracking device in your pocket to being something more like a payphone. That's more or less anonymous.
[00:22:38] So that's sort of a bit of an overview of double blind armadillo. If there are people in your audience that are more technical, we actually published a white paper on the Freely website under the blog section that goes into a lot more detail on exactly how it works. You know, I think it's maybe not for like all audiences, but if you're interested in that sort of thing, I welcome you to take a look at that. Awesome.
[00:23:06] Well, I'll add a link to that white paper for anybody listening that does want to check that out. And who would you say Freely's for? Who are our customers? Is it a certain niche of customers or is it for everyone? Our aspiration is that it's for everyone. Yeah. You know, we are trying to make it as easy as possible for regular people to get privacy.
[00:23:32] You know, I have lived in a funny privacy bubble for the past couple of decades. And so I know people that jump through all kinds of hoops to get better privacy. You know, there's people I know that refuse to even have a SIM card in their phone, and they only use their phone on random public Wi-Fi networks and stuff like that. And, you know, those types of things have always been available,
[00:24:01] but they take a lot of work. And a person has to have a pretty deep understanding of the different ways that people get tracked online. So essentially, the idea of Freely is like we can package this into something that's really simple for a person to switch to. Just port your phone number over to this carrier and stop paying the big phone company that you've been,
[00:24:30] you know, giving your business to for the past however many years. That is essentially the concept is like if you could just do one thing to improve your privacy stance today, I would say switch your phone company to a private phone company like Freely. And I'm curious, after three decades now of activism, court battles and product building,
[00:24:56] what do you think most people listening misunderstand most about privacy? And what is that one mindset shift that would change how society treats their digital rights? Anything that you'd recommend here or anything that you think people misunderstand most about privacy? You know, I think an analogy that often comes up when I talk about this is having blinds or curtains in your windows in your home.
[00:25:25] You know, most of us have them. I'm sure there's some people out there that don't have them and they don't care if people look in their windows, but most people seem to like to have the option to open or close the blinds in their windows at their pleasure. So to me, privacy is normal.
[00:25:50] Privacy is something that, you know, everyone wants when they're talking to their partner on the phone, when they're talking to their friends. You know, I'm a parent. I have a teenage kid. I don't want companies or governments tracking my kid. To me, that's like a normal protective instinct. And, you know, it occurred to me that if I feel that way, then lots of other people might feel that way as well.
[00:26:20] And so, you know, if people, you know, if people want to, you know, give away their data, that's totally cool with me too. Like, I'm not an absolutist about that. I just think that we should have the option to decide. I think information collection should be a consensual thing, not a non-consensual thing that just happens to you and you can't do anything about. And I think that's a powerful moment to end on.
[00:26:48] But for people listening that would like to explore this in more detail, I will link to the white paper that you mentioned. But anywhere else that people should be looking at or how they can keep up to speed with everything that you're doing and new announcements, etc.? Where would you like to point everyone? On all social media platforms. Instagram, X, Facebook. We're freely on all of them. P-H-R-E-E-L-I.
[00:27:16] So you can follow us on even Mastodon or Blue Sky or any of the social media platforms. We post all of our announcements and news there typically. Awesome. Well, I'll add links to absolutely everything. An amazing journey that you've been on and certainly shined a light on things that a lot of people listening will be completely unaware of. I do think things are changing and privacy is being pushed to the front of the conversation. So I would ask anyone listening to check that out. Read the white paper. Look at some of the technical aspects of it as well.
[00:27:46] But more than anything, just thank you for coming on and sharing your story today. Really appreciate your time. Thank you, Neil. It was really nice to be with you today. I appreciate your time. As we wrap up today, it's got me thinking. If privacy is as ordinary as closing the blinds in your home, why have we accepted systems that never let us choose whether they are open or closed?
[00:28:07] And I think Nick's story challenges the idea that privacy is an extreme or niche and reframes it as a matter of personal agency. So whether you are deeply technical or simply uneasy about how much your phone knows about you, I think today's conversation leaves you with a very simple question. How much control over your digital life feels reasonable to you? And where should that line be drawn?
[00:28:37] As always, techtalksnetwork.com. Love to hear your thoughts on this. Good, bad, indifferent? This is not a monologue. It is a dialogue. I encourage people from all sides to feedback. Let me know. Other than that, I'll be back again tomorrow with another guest on a completely different topic. So thank you for listening as always. And I'll speak with you tomorrow. Bye for now.