It's Baaaaaack: HavenCo Trying Once Again To Bring Encrypted Computing To The Masses, But Not Hosted On Sealand
from the yeah,-good-luck-with-that dept
If you were into digital and cryptography issues a little over a decade ago, you surely remember the debacle of HavenCo, the attempt at a secure data haven hosted on the "micronation" of Sealand (better known as an abandoned platform off the coast of England that some folks "invaded" and claimed as a sovereign nation, which no government recognizes). HavenCo and Sealand was a story the press loved, and the hype level was astounding, followed by the whole project being a complete disaster. Last year, James Grimmelmann wrote a fantastic look-back/post-mortem of HavenCo and an even more detailed and comprehensive legal review paper all about Sealand and HavenCo. If you want the history of all of this, start there. Or, if you want the fictional account of the mindset that went into HavenCo, pick up a copy of Neal Stephenson's Cryptonomicon.Now, it's being reported that James Bates, grandson of Roy Bates, the "founder" of Sealand, has teamed back up with Avi Freedman, one of the initial funders of HavenCo, to relaunch the project with a focus on bringing data security to the masses. Feel free to insert whatever skepticism you have for this project right now, because you're not alone. To their credit, there are two things that are different this time around. First up, they're not trying to host the data center itself on Sealand, which was a part (just a part!) of the mess the last time around. Instead, they're just using Sealand to host air-gapped machines with encryption keys. The actual data will be encrypted, but hosted elsewhere, including in the US and EU, where they believe it will be safe because of the encryption:
Sealand still plays a role in HavenCo’s new business plan, but this time, Freedman says, HavenCo 2.0's servers are going to be based in the United States and the European Union, not stuffed into the legs of an anti-aircraft platform. (Some of the servers are even in northern Virginia, a couple dozen miles from the NSA's Maryland headquarters.) The company will use the platform to stash cold data (i.e., drives that aren't connected to the internet and don't need to be quickly accessible), including encryption keys. Without the encryption keys, the data stored on the mainland servers is all but useless, and Sealand gives HavenCo enough time to shut down their backup servers and dump the keys. "We're not advertising thermite charges or EMPs," says Freedman, but "it's a less exotic method of making the machine a cold dead box."Also, they're offering more basic tools for protecting your data, rather than trying to build out an entire utopian offshore data haven:
HavenCo 2.0 has four main components: virtual private networks (VPN), which create private networks over public ones; secure network storage; Least-Authority File System (LAFS) storage, an open-source, decentralized storage system; and web proxying, which allows users to shield their IP address by routing through other servers. The end goal is creating communications and storage that are key-encrypted from start to finish.Of course, the other big difference this time around is the NSA. Or, more specifically, the recent revelations of what the NSA has been doing. As we've been noting, there's a growing interest in greater online privacy and security, and a number of different services have been popping up lately to help provide that. Of course, that also means a lot more competition for HavenCo, and given the brand's dubious background, they may have significant difficulty getting people to bother signing up.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: avi freedman, data haven, encryption, james bates, roy bates, sealand, security
Companies: havenco
Reader Comments
Subscribe: RSS
View by: Time | Thread
Don't get me wrong, I'm all for a real data haven Cryptonomicon style, but Sealand isn't remotely close. (No UN recognition of soveriegnty, long track record of unstable "government", no independence in energy, finances, or even food supply makes that a no-go.)
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Encryption Keys
This is another case of compromised security for convenience.
[ link to this | view in thread ]
Seriously? First paragraph and the article is already almost unsalvagable.
There's a missing ) in there somewhere. Also, Sealand is not on an abandoned oil platform. It is actually on something called a Maunsell Fort, a military offshore structure from the times of the WWII, primarily designed to house anti-aircraft defenses.
I'll save you the trouble of doing some basic research, "journalist", and provide some useful links.
http://en.wikipedia.org/wiki/Principality_of_Sealand
http://en.wikipedia.org/wiki/Maunsel l_Forts
[ link to this | view in thread ]
[ link to this | view in thread ]
Haven CO- Sealand
[ link to this | view in thread ]
Re: Encryption Keys
[ link to this | view in thread ]
Re: metadata
With the S3-compatible offering, metadata is not encrypted as well. When users enable AES-256 on clients such as Cyberduck or SME, the contents and name of the files/objects are encrypted, but we do have the ciphertext (encrypted data) grouped by file.
[ link to this | view in thread ]
Re: encryption keys on Sealand
Somewhat like the keys or boot disks you get with drive encryption software.
This becomes particularly important (or, has been an asked for augment to the offering) with LAFS, since the file *name* ("capability") in LAFS has the decryption key as part of it. So for users not already running drive encryption, they need to store those names on an encrypted partition or in an encrypted file.
Could be done by users on S3, a google doc, email to gmail or elsewhere, but people have asked for it as part of a service.
[ link to this | view in thread ]
Re: Encryption Keys
If you encrypt your private key using your public key and then store it off site, that's perfectly safe. If you don't trust that nobody can get your key that way, then you don't trust your encryption anyway and shouldn't be using it for anything important. Right?
[ link to this | view in thread ]