It's Baaaaaack: HavenCo Trying Once Again To Bring Encrypted Computing To The Masses, But Not Hosted On Sealand

Privacy

from the yeah,-good-luck-with-that dept

Tue, Aug 27th 2013 11:49am — Mike Masnick

If you were into digital and cryptography issues a little over a decade ago, you surely remember the debacle of HavenCo, the attempt at a secure data haven hosted on the "micronation" of Sealand (better known as an abandoned platform off the coast of England that some folks "invaded" and claimed as a sovereign nation, which no government recognizes). HavenCo and Sealand was a story the press loved, and the hype level was astounding, followed by the whole project being a complete disaster. Last year, James Grimmelmann wrote a fantastic look-back/post-mortem of HavenCo and an even more detailed and comprehensive legal review paper all about Sealand and HavenCo. If you want the history of all of this, start there. Or, if you want the fictional account of the mindset that went into HavenCo, pick up a copy of Neal Stephenson's Cryptonomicon.

Now, it's being reported that James Bates, grandson of Roy Bates, the "founder" of Sealand, has teamed back up with Avi Freedman, one of the initial funders of HavenCo, to relaunch the project with a focus on bringing data security to the masses. Feel free to insert whatever skepticism you have for this project right now, because you're not alone. To their credit, there are two things that are different this time around. First up, they're not trying to host the data center itself on Sealand, which was a part (just a part!) of the mess the last time around. Instead, they're just using Sealand to host air-gapped machines with encryption keys. The actual data will be encrypted, but hosted elsewhere, including in the US and EU, where they believe it will be safe because of the encryption:

Sealand still plays a role in HavenCo’s new business plan, but this time, Freedman says, HavenCo 2.0's servers are going to be based in the United States and the European Union, not stuffed into the legs of an anti-aircraft platform. (Some of the servers are even in northern Virginia, a couple dozen miles from the NSA's Maryland headquarters.) The company will use the platform to stash cold data (i.e., drives that aren't connected to the internet and don't need to be quickly accessible), including encryption keys. Without the encryption keys, the data stored on the mainland servers is all but useless, and Sealand gives HavenCo enough time to shut down their backup servers and dump the keys. "We're not advertising thermite charges or EMPs," says Freedman, but "it's a less exotic method of making the machine a cold dead box."

Also, they're offering more basic tools for protecting your data, rather than trying to build out an entire utopian offshore data haven:

HavenCo 2.0 has four main components: virtual private networks (VPN), which create private networks over public ones; secure network storage; Least-Authority File System (LAFS) storage, an open-source, decentralized storage system; and web proxying, which allows users to shield their IP address by routing through other servers. The end goal is creating communications and storage that are key-encrypted from start to finish.

Of course, the other big difference this time around is the NSA. Or, more specifically, the recent revelations of what the NSA has been doing. As we've been noting, there's a growing interest in greater online privacy and security, and a number of different services have been popping up lately to help provide that. Of course, that also means a lot more competition for HavenCo, and given the brand's dubious background, they may have significant difficulty getting people to bother signing up.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: avi freedman, data haven, encryption, james bates, roy bates, sealand, security
Companies: havenco

10 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Josh in CharlotteNC (profile), 27 Aug 2013 @ 11:50am

Trust my encryption keys sitting on a server in Sealand? I think I'll pass.

Don't get me wrong, I'm all for a real data haven Cryptonomicon style, but Sealand isn't remotely close. (No UN recognition of soveriegnty, long track record of unstable "government", no independence in energy, finances, or even food supply makes that a no-go.)
[ link to this | view in chronology ]
- Loki, 27 Aug 2013 @ 12:20pm
  
  Re:
  If the NSA is just going to scoop this stuff up anyways, they might as well just go all the way and ask the NSA to host the material at the Utah data center to save on cost and all (after all if the data is that secure, what's to fear, right?).
  [ link to this | view in chronology ]
- Avi Freedman (profile), 27 Aug 2013 @ 10:04pm
  
  Re: encryption keys on Sealand
  Actually, the idea about key storage specifically is to be able to store encrypted copies of your keys (that HavenCo doesn't have the ability to decrypt) in case you lose them.
  
  Somewhat like the keys or boot disks you get with drive encryption software.
  
  This becomes particularly important (or, has been an asked for augment to the offering) with LAFS, since the file *name* ("capability") in LAFS has the decryption key as part of it. So for users not already running drive encryption, they need to store those names on an encrypted partition or in an encrypted file.
  
  Could be done by users on S3, a google doc, email to gmail or elsewhere, but people have asked for it as part of a service.
  [ link to this | view in chronology ]
Anonymous Coward, 27 Aug 2013 @ 12:43pm

Encryption Keys
If you do not manage your own keys then you do not know when they are compromised. With your own keys, any cloud storage is as good as any other for off site backup.
This is another case of compromised security for convenience.
[ link to this | view in chronology ]
- DannyB (profile), 27 Aug 2013 @ 2:54pm
  
  Re: Encryption Keys
  It is past 10:00 PM. Do you know where your cryptographic keys are?
  [ link to this | view in chronology ]
- nasch (profile), 28 Aug 2013 @ 8:59am
  
  Re: Encryption Keys
  If you do not manage your own keys then you do not know when they are compromised.
  
  If you encrypt your private key using your public key and then store it off site, that's perfectly safe. If you don't trust that nobody can get your key that way, then you don't trust your encryption anyway and shouldn't be using it for anything important. Right?
  [ link to this | view in chronology ]
Anonymous Coward, 27 Aug 2013 @ 1:16pm

"If you were into digital and cryptography issues a little over a decade ago, you surely remember the debacle of HavenCo, the attempt at a secure data haven hosted on the "micronation" of Sealand (better known as an abandoned oil platform off the coast of England that some folks "invaded" and claimed as a sovereign nation (which no government recognizes)."

Seriously? First paragraph and the article is already almost unsalvagable.

There's a missing ) in there somewhere. Also, Sealand is not on an abandoned oil platform. It is actually on something called a Maunsell Fort, a military offshore structure from the times of the WWII, primarily designed to house anti-aircraft defenses.

I'll save you the trouble of doing some basic research, "journalist", and provide some useful links.

http://en.wikipedia.org/wiki/Principality_of_Sealand
http://en.wikipedia.org/wiki/Maunsel l_Forts
[ link to this | view in chronology ]
hans, 27 Aug 2013 @ 1:23pm

Is the metadata encrypted as well? Thank you in advance!
[ link to this | view in chronology ]
- Avi Freedman (profile), 27 Aug 2013 @ 10:00pm
  
  Re: metadata
  Using LAFS for file storage, the metadata is encrypted as well - so HavenCo or any other LAFS-based operator wouldn't know exactly what chunks of data go with what files. There are downsides to that - file consistency can't be checked since we don't know what chunks go with what files, and what files or directories go with what parent directories.
  
  With the S3-compatible offering, metadata is not encrypted as well. When users enable AES-256 on clients such as Cyberduck or SME, the contents and name of the files/objects are encrypted, but we do have the ciphertext (encrypted data) grouped by file.
  [ link to this | view in chronology ]
Jim K, 27 Aug 2013 @ 1:42pm

Haven CO- Sealand
Any chance the NSA or a British Intelligence agency is behind it. This way you have a stream of data people want to keep secret, so a higher percentage of it might be of interest to Intelligence agencies.
[ link to this | view in chronology ]