It's Baaaaaack: HavenCo Trying Once Again To Bring Encrypted Computing To The Masses, But Not Hosted On Sealand

from the yeah,-good-luck-with-that dept

If you were into digital and cryptography issues a little over a decade ago, you surely remember the debacle of HavenCo, the attempt at a secure data haven hosted on the "micronation" of Sealand (better known as an abandoned platform off the coast of England that some folks "invaded" and claimed as a sovereign nation, which no government recognizes). HavenCo and Sealand was a story the press loved, and the hype level was astounding, followed by the whole project being a complete disaster. Last year, James Grimmelmann wrote a fantastic look-back/post-mortem of HavenCo and an even more detailed and comprehensive legal review paper all about Sealand and HavenCo. If you want the history of all of this, start there. Or, if you want the fictional account of the mindset that went into HavenCo, pick up a copy of Neal Stephenson's Cryptonomicon.

Now, it's being reported that James Bates, grandson of Roy Bates, the "founder" of Sealand, has teamed back up with Avi Freedman, one of the initial funders of HavenCo, to relaunch the project with a focus on bringing data security to the masses. Feel free to insert whatever skepticism you have for this project right now, because you're not alone. To their credit, there are two things that are different this time around. First up, they're not trying to host the data center itself on Sealand, which was a part (just a part!) of the mess the last time around. Instead, they're just using Sealand to host air-gapped machines with encryption keys. The actual data will be encrypted, but hosted elsewhere, including in the US and EU, where they believe it will be safe because of the encryption:

Sealand still plays a role in HavenCo’s new business plan, but this time, Freedman says, HavenCo 2.0's servers are going to be based in the United States and the European Union, not stuffed into the legs of an anti-aircraft platform. (Some of the servers are even in northern Virginia, a couple dozen miles from the NSA's Maryland headquarters.) The company will use the platform to stash cold data (i.e., drives that aren't connected to the internet and don't need to be quickly accessible), including encryption keys. Without the encryption keys, the data stored on the mainland servers is all but useless, and Sealand gives HavenCo enough time to shut down their backup servers and dump the keys. "We're not advertising thermite charges or EMPs," says Freedman, but "it's a less exotic method of making the machine a cold dead box."

Also, they're offering more basic tools for protecting your data, rather than trying to build out an entire utopian offshore data haven:

HavenCo 2.0 has four main components: virtual private networks (VPN), which create private networks over public ones; secure network storage; Least-Authority File System (LAFS) storage, an open-source, decentralized storage system; and web proxying, which allows users to shield their IP address by routing through other servers. The end goal is creating communications and storage that are key-encrypted from start to finish.

Of course, the other big difference this time around is the NSA. Or, more specifically, the recent revelations of what the NSA has been doing. As we've been noting, there's a growing interest in greater online privacy and security, and a number of different services have been popping up lately to help provide that. Of course, that also means a lot more competition for HavenCo, and given the brand's dubious background, they may have significant difficulty getting people to bother signing up.

Filed Under: avi freedman, data haven, encryption, james bates, roy bates, sealand, security
Companies: havenco

The History Of Sealand, HavenCo And Why Protecting Your Data Needs More Than Being In International Waters

from the fascinating-read dept

If you were around tech/cypherpunk circles a dozen years ago, you surely remember Sealand and HavenCo (some people incorrectly assume that the two were one and the same, rather than just connected). There was, of course, the famous Wired cover story by Simson Garfinkel, which is still a fun read. The whole thing collapsed pretty spectacularly (or, depending on your perspective, with a whimper) a few years later. There were many reasons why, and law professor James Grimmelmann has put together an amazing, detailed and fun-to-read history of Sealand and HavenCo (pdf) in the form of an 80-page paper for the Illinois Law Review. However, if reading 80-pages seems like a bit much, he's also put together a shorter version for Ars Technica that is worth the read (though it may lead you to just reading the full version anyway).

It's a fun story, though I'm sure some critics will use it to suggest that any attempt to create any kind of "offshore" data haven is doomed to fail. I think that what it does show is that setting up such a solution is extremely difficult, involves a number of difficult to control variables, and needs a lot more than just "hey, we're sorta (but not really) in international waters!" The end result shows that there were problems with Sealand itself, separate from HavenCo, which had its own problems. Combine them all and it's a complete recipe for disaster. This doesn't mean that an offshore data haven couldn't work, but as Grimmelman correctly notes, the appeal of such a thing is actually pretty limited. In a world where the internet really is everywhere (even if some governments try to limit it), the way to route around censorship tends to have more to do with hiding digitally (hello encryption) than physically. Either way, I figured many folks here would get a kick out of the story. Here's the intro to get you interested:

In 2000, a group of American entrepreneurs moved to a former World War II antiaircraft platform in the North Sea, seven miles off the British coast. There, they launched HavenCo, one of the strangest start-ups in Internet history. A former pirate radio broadcaster, Roy Bates, had occupied the platform in the 1960s, moved his family aboard, and declared it to be the sovereign Principality of Sealand. HavenCo’s founders were opposed to governmental censorship and control of the Internet; by putting computer servers on Sealand, they planned to create a “data haven” for unpopular speech, safely beyond the reach of any other country. This Article tells the full story of Sealand and HavenCo—and examines what they have to tell us about the nature of the rule of law in the age of the Internet.

The story itself is fascinating enough: it includes pirate radio, shotguns, rampant copyright infringement, a Red Bull skateboarding special, perpetual motion machines, and the Montevideo Convention on the Rights and Duties of State. But its implications for the rule of law are even more remarkable. Previous scholars have seen HavenCo as a straightforward challenge to the rule of law: by threatening to undermine national authority, HavenCo was opposed to all law. As the fuller history shows, this story is too simplistic. HavenCo also depended on international law to recognize and protect Sealand, and on Sealand law to protect it from Sealand itself. Where others have seen HavenCo’s failure as the triumph of traditional regulatory authorities over HavenCo, this Article argues that in a very real sense, HavenCo failed not from too much law but from too little. The “law” that was supposed to keep HavenCo safe was law only in a thin, formalistic sense, disconnected from the human institutions that make and enforce law. But without those institutions, law does not work, as HavenCo discovered.

Filed Under: datahaven, history, james grimmelman, sealand
Companies: havenco