Answers From Sealand: CTO Ryan Lackey Responds

A few weeks ago, you asked questions of Ryan Lackey, CTO for HavenCo, a company dedicated to providing secure off-shore data hosting from Sealand, a principality off the coast of England. Ryan has lately survived dental emergencies, the loss of a laptop (it dropped into the North Sea -- how many people can say that?) and other stresses, but he's followed through with some interesting answers. He even has some ideas for how you can make a lot of money, and lists the tools you need to start your own data haven. Kudos to Ryan for taking the time to answer so thoroughly.

Why do you need physical security at all?
by Jamie Zawinski (jwz@jwz.org) /

Lots of people are asking questions about physical security, and how you're going to repel missiles and commandos, but I've got the opposite question: why do you need physical security and a physical location at all? Would not the best way to protect your customers' data be to wrap it in hard crypto and distribute it far and wide across the whole of the net, ensuring that there is not a single point of failure or a single physical installation that can be isolated?

As we've seen again and again recently, the best protection against censorship and other legal attacks is massive redundancy and decentralization.

Ryan Lackey: This actually brings up several issues, which I will address in turn.

1. Physical location vs. distributed presence

   You seem to be suggesting a distributed data store, a la Eternity, by Ross Anderson. Basically, a federation of servers on the net, possibly hidden servers interfaced to the outside world through remailers (such as Blacknet) or ZKS Freedom. These servers would move data around among themselves, opaque to the outside world, and users would be able to store their data, manually or automatically, on as many servers as possible. There would presumably be some kind of payment system so users could anonymously pay for documents to be stored (as if you run the system for free, it will end up collapsing due to a flood of useless content; if you use a MRU/LRU scheme for your caches, script kiddies will just run scripts to keep their favorite documents in the cache, dropping real content out).

   While this approach is interesting from a theoretical standpoint, there are no production-quality systems ready yet. Additionally, there are fundamental limits to distributed computation -- latency, as you add nodes, or threat of compromise, if you have very few nodes.

   We're going to be incorporating some distributed cache technology which should provide our datacenters with some of the benefits of freenet/eternity type systems. Our system will, however, have a small number of very secure nodes, such as our facilities on Sealand, in which customers can conduct trusted transactions -- the intermediate results are guaranteed confidentiality and integrity in processing.

   The distributed data serving systems are also not practical for any transaction oriented site, especially low-latency transaction oriented sites, at least without a small number of trusted nodes to do the processing. Due to security constraints, this means tamper-resistant hardware, and since this hardware is expensive, it needs to be purchased in limited quantity, and protected from theft/attack, meaning you want to put it in a small number of high security physical environments. Since it becomes a critical link in all of your transactions, you also need high quality bandwidth.

   These distributed hosting systems are certainly interesting, but don't really meet all the neets of our customers. If we borrow 10% of the technology in building a secure distributed cache system, we'll be able to offer 95% of the benefits, as well.

2. Secret physical location vs. single well-defended point

   If you're going to have a physical location, there's no easy way to distribute to a very large number of physical locations; you have a base cost per site, and your security is incredibly low until you spend a substantial multiple of that. There are definite economies of scale in running larger datacenters.

   Keeping physical locations secret is difficult. Keeping active physical sites, with actual servers connected to the net, secret, while still having decent pingtimes and large pipes, is almost impossible. You would need to go with hidden fiber cables laid through some kind of territory in which you could destroy anyone or anything looking for them, and your physical site would need to have the same density as the surrounding area, as well as no magnetic anomaly, or unusual power consumption, or whatever. Or, you could communicate by non-DFable HF SS radio, but that would severely limit your bitrates. I'd say this is basically hopeless.

3. How much of our security is HavenCo, vs. Sealand

   A fair bit of the security on Sealand is related to protecting the Principality of Sealand from the kind of takeover which was attempted in 1978, rather than strictly necessary for HavenCo itself. HavenCo's security is primarily due to tamper-resistant hardware and cryptography, not the site security of Sealand.

What will you do WHEN you get shut down?
by joshamania (jgramlich@eatyourspam.hotmail.spam.com)

I haven't seen this question yet, so now I ask. In order to do the proper due dililgence on this matter, I would like to know what you will do when you get shut down? I don't think it likely at all that the UK will not take a serious look at what you are doing and disagree with it. They are not going to allow you to operate within their territorial claim and not be subject to their laws. Period.

Ryan: We are not within the UK's territorial claim. In the event the UK were to illegaly move against us, we would respond as appropriate; lawsuits would be the most likely course of action. It is highly unlikely the UK would intervene with military force, as they are a primarily law-abiding country with a strong tradition of respecting the law, due process, etc.

I've read that you have plans for other locations, but the information was very vague (as is this question ;). What do you plan to do when, either the UK invades, the U.S. invades (highly likely from where I sit, there are entirely too many people in this country that think that my business is their business), or some non-governmental organization invades? Why wouldn't some unscrupulous individual bent on corporate espionage and blackmail just hire some mercenaries and come steal your servers?

We intend to have multiple physical locations, with ideally the same level of physical security we have on Sealand, and as much bandwidth as possible, at the earliest possible opportunity. We have identified a set of sites around the world in various stages of development, and can set up more sites relatively rapidly. Certainly major moves by the UK or others against Sealand would accelerate this process dramatically.

It's almost impossible for anyone to steal a functional server, and I'd say it would be much more difficult than that (almost impossible, but nothing is really impossible) to extract useful data from that server. Certainly a well-funded terrorist could shut us down, at least temporarily, but a well-funded terrorist could cripple almost all Europe to U.S. connectivity by cutting a couple of cables, blowing up 4 cable landing stations, or taking out Telehouse in downtown London. Or doing the same kind of DDoS tricks done during the NANOG meeting earlier in 2000.

If one of our sites is taken down temporarily, we'll have sufficient spare capacity in others to allow customers who have wisely stored backups and hot-spares elsewhere to be online almost instantly. Some users will be particularly smart and purchase operational servers in multiple sites, using distributed technology to keep servers in sync, and may notice no outage at all even if multiple HavenCo sites are rendered nonfunctional.

I love the idea, but this is just ridiculous. Unless you've got unlimited capital coming out of your ears, this is not going to happen. Even if the governments leave the physical location alone, they are bound to shut off your land lines. Satellite bandwidth is beyond prohibitively expensive right now and will remain so for many years. Do you plan to launch your own satellite and man your own ground station in some secret location in order to maintain connenctivity?

There are various legal obstacles to shutting off landlines running through a country.

You have apparently not priced satellite bandwidth recently, or have a high-bandwidth, low-value application in mind when you say "beyond prohibitively expensive." For many applications, satellite bandwidth is cheap enough to not matter; for a high-value financial transaction conducted in under 10 KB, it is insignificant how much it costs to move a megabyte of data? Even for relatively bulk data (not illegal mp3 archives, or pr0n, or warez, but original-content Web sites, etc.), satellite bandwidth is affordable today. Additionally, we will have distributed cache technology to avoid sending the same static data over satellite links. And we will obviously try hard to maintain landline connectivity.

Even that wouldn't be enough. Governments would find that and shut it down too...

HavenCo's justification
by The Dodger (dodger@2600.com)

What exactly is HavenCo offering? On the one hand, you refer to yourselves as "the world's most secure managed colocation facility" (setting aside for the moment the fact that HavenCo is not a co-location facility) and on the other, your Web site makes vague references to the fact that Sealand is a sovereign territory.

Ryan: We offer the ability for anyone in the world to come to us, pay for service, and have a host suitable for running ultra-high security e-business, ready in near-realtime, with the highest levels of reliability and performance, in a variety of jurisdictions/locations/replicated sites. We're picking locations based on proximity to users, proximity to major pieces of net infrastructure, and unique advantages of the location (regulatory, image, security, cost, etc.) We provide these hosts with support systems designed for how secure e-businesses need to operate; 24x7, anywhere in the world, and with the highest levels of security and professionalism.

Five years ago, when I first heard of Sealand and its alleged sovereignty, I looked into it as a potential site for a hosting facility. However, I concluded that Sealand's claim to sovereignty wasn't anywhere near strong enough to ensure that it could avoid being subjected to British law (in particular financial law). Given the fact that it exists, in my opinion, because its owners are viewed as relatively harmless eccentrics by the British authorities, and that it is not recognised as a bona fide principality by any other nation (notwithstanding the visit by a German diplomat), I concluded that if a hosting facility were to be established on Sealand from which, subsequently, actions were carried out or services provided, which sufficiently antagonised a bona fide government, steps would be taken to ensure that such actions or services ceased.

In short, whilst the idea of Sealand existing as the world's smallest independent nation is a good read in the newspapers, and makes for terrific brochure blurb for a company like HavenCo, I don't believe it to be a truly tenable position.

We feel the Sealand location is viable as a secure colocation facility regardless of the actions of the British government. In its current sovereign state, it is highly useful, but even if it were at some point in the future considered fully part of the UK, it would continue to be an ultra-high security colocation facility with very high speed links to the core of Europe's Internet (London and Amsterdam).

The strength of Sealand's claims to sovereignty has been repeatedly confirmed by academics and those in the legal profession; the only ones who downplay it are those who feel they have something to lose by Sealand's sovereignty.

Additionally, HavenCo has no intention at all of engaging in any business which would "sufficient[ly] antagonize a bona fide government" (including Sealand). Our AUP prohibits infrastructure-threatening content (spam, network terrorism), and Sealand's laws prohibit child pornography. HavenCo itself serves no objectionable data, and engages in no business which would be illegal in any major country of the world; we simply sell server colocation to users.

Security was something else I looked at. I looked at four methods of connectivity - fibre, microwave, satellite and packet radio. Any means of connectivity (except, perhaps, for packet radio), exposes a "Seahouse" to the prospect of its connectivity being shut off at the mainland (whether it be in the UK or the Continent). From a pure security point of view, fibre is obviously the best option. Microwave, satellite and radio can be snooped both from Earth and space. Satellite and radio links have their own problems with regard to latency.

I do not understand why you care about snooping on public IP links; this is data, encrypted and unencrypted, which is entering or leaving the facility via the public Internet, and could be just as easily monitoring anywhere else. There is no problem for us in broadcasting this information. If you want your data in transit on the Internet to be private, everyone knows to encrypt it.

Satellite does not need to terminate in UK/Europe to reach Sealand.

There are specific laws in many countries regarding cutting communications to third-countries or isolated communities, so we are not as worried about cutting service on microwave/fiber links as you are.

The provision of traditional utilities to a "Seahouse" present further problems - unless a cable could be install ed to bring power from the mainland (which, again, leaves the facility open to being shut down by mainland authorities), such a facility must generate its own power. I dismissed wind and wave as too unreliable, leaving diesel-based generation. This would be expensive and the possiblity of being unable to resupply because bad weather arises (note that, at one point, Sealand was abandoned because of bad weather). Any interruption to power would result in disruption of environment control (AC, fire suppression systems).

We run entirely on locally-generated power, currently with reciprocating Diesel engines, and substantial onsite fuel storage. We are confident in our ability to ride out any storm, as far as fuel resupply. Generating power from Diesels is a well-tried technology on offshore platforms.

I've never actually heard the "Sealand abandoned due to bad weather" story, and the Royal Family of Sealand, who are involved in management, deny that such an event ever occured. (I think another tower or radio ship from the pirate radio days may have been abandoned due to weather, but not Sealand.)

The actual environment itself was also a concern - I'm not sure how suitable a sea-tower is, as a facility for hosting sensitive computer equipment.

We have suitable environmental control systems to provide a superior environment for hosting machines, with high levels of redundancy in our engineering plant.

Finally the security of Sealand itelf was a concern. I conducted an analysis aimed at examining what sort of operation would be required to attack, conquer or destroy Sealand. With the help of an individual with experience of this type of military operation, I determined that carrying out a professional operation designed to invade and seize temporary control of the tower, would cost somewhere in the region of 200,000 (around $320,000). This would involve sourcing weapons and experienced personnel, as well as arranging for a suitable method of accessing the target.

Security is not my job, but two points to consider:

1. Security has been upgraded, and continues to be upgraded. Presumably your estimate was based on the condition 5 years ago. Certainly at one point (1978), a semi-trusted group were able to conquer the fortress for less than $320,000 in today's money. I would definitely put my money on the defense if the same situation came up today.

2. HavenCo's security does not depend crucially on the security of Sealand. We have tamper-resistance and cryptographic technology so as long as Sealand security serves its purpose as a "speedbump" to a major attacker, it will allow machines to be placed into a secure state prior to loss of control. Even in the event of a rapid attack, or compromised insider, customer data inside tamper-resistant processing devices would not be vulnerable at any point.

(Note that the people guarding U.S. nuclear weapons depots are armed with M-16s and radios, not even frag grenades. U.S. nuclear weapons have equivalent tamper-resistant technology to what we deploy in our servers. Security only needs to defend against vandalism and make sure that any theft is detected; there is no attempt made to prevent an assault by a capital ship or sufficient well-armed company of soldiers from taking control of the weapons, assuming they can get to the facility without being detected.)

Conquering the tower would be a different matter, requiring a long-term commitment to both the security and logistics of the tower. Destroying it by UDT methods would not be easy or cheap, although severaly disrupting its habitability by something like mortar attack would be a lot cheaper.

Placing a warship with mortar in the waters near the UK's major container port would be ... highly unpopular.

Placing mortars ashore for long enough to close on target would also inspire a very unfavorable response from the UK military. Any mortar which could hit Sealand from shore could also threaten hundreds of thousands of British citizens. British gun laws, being what they are, and the British experience with mortar attacks on Heathrow being what it is, I would not want to try it.

We don't promise customers protection from denial of service, of a physical or electronic kind, but we do try our hardest to prevent/stop DoS attempts.

In the end, I decided that Sealand sovereignty/legal position, security and suitability as a hosting location were not up to scratch.

I find it interesting that HavenCo have found otherwise. I note with interest that the HavenCo Web site indicates that they intend to open hosting facilities in other countries, and I find myself wondering whether the SeaLand thing is merely a publicity stunt/gimmick, purely for the purpose of impressing the press, potential clients and investors.

I am unclear on exactly why your analysis was so different than ours; we have a well-developed security model for global secure colocation, and Sealand fits into the model perfectly (admittedly, we're unlikely to need to buy drysuits for any of our future datacenters, but that's a minor issue). We are using only a very small number of novel or cutting edge technologies, and relying on standard best industry practice for most of our operations. I think we have addressed any of the engineering concerns you have; I don't understand why you feel the power situation is so complex, or the network situation so dire.

It may be that we have different target markets; we're providing a very specific product, global high-security colocation, rather than general-purpose server hosting for the average user.

As for your security concerns, I think our security model simplifies this dramatically, and our security team are responsible for dealing with the kind of threats you mention. I have complete faith in their ability to provide us with defense against all viable threats.

The jurisdictional issue is of course an open one, but we have substantially hedged our bets by ensuring Sealand is a viable colocation location regardless of any future change of sovereignty status.

Finally, addressing that issue of the definition of co-location. A co-location facility allows companies (typically telcos, ISPs) to locate equipment within the same building, to enable interconnect/exchange of IP traffic. HavenCo says that it will not allow clients to place it's own equipment in the facility. If this is the case, then HavenCo's Sealand facility will be a hosting facility, where clients are constrained to choosing equipment which HavenCo can supply/support.

As for whether or not we provide true colocation, it depends (as for spelling, I prefer the shorter/European spelling "colocation"; some within HavenCo like "co-location", others like "collocation"). We will allow arbitrary equipment to be housed within our facility if we can be assured it will not interact poorly with other equipment, just like if you want to put your equipment in a cage at a local AT&T office. This means we need to know HVAC/power specs, inspect it to make sure it's not a bomb or monitoring device, etc. The easiest way for us to do this is say "we will not accept end-users, but will instead order to customer spec from known/reputable vendors". If you want a Juniper M160, we'll get one from Juniper for you and install it, giving you the ssh keys. If you want a Sun Ultra Enterprise 6500, same thing. If one wishes to have media shipped separately, we can x-ray/chemical sniff just the media, and pop in your drives into hardware which has been shipped separately, so you don't need to rely on us to do initial system setup and handoff. Or, you can ftp us a disk image, and we'll just write it to a standard drive and install it in the machine for you when it arrives.

We can do arbitrary cross-connects (fiber only), and can connect to telco circuits as required, in arbitrary locations. Many other true colo facilities require that all cross connects be done by facility staff (I don't actually know of any which allow customer-run crossconnects between cages). We also offer the standard complement of "remote hands" through full sysadmin service.

The one area where we prefer that our customers use standard hardware which we supply is x86 1U PCs. We'd prefer if all of our customers used our standard config 1U machine, which is sold at a very good price, as it simplifies our engineering, sparing, and logistics. We can get your server up in seconds, once our online ordering systems are up, by maintaining inventory. If we allowed people to colo arbitrary crappy $200 PCs, we'd face an endless cycle of dealing with broken power supplies, fans breaking and taking out the whole machine, etc., and I'd be happy to charge people 10x more than for our 1U servers to colo their own no-name 1U box. We can provide a free "if it breaks while it's with us, we'll fix/replace it" warranty on our standard 1U boxes, too, since we've got the spares onsite, and know they are top-notch hardware which should very rarely fail.

We'll even provide people with access to their own hardware. Compared to places which allow customers onsite, we've got very high latency for this; we need to ship the machine to either your own address, or to a neutral facility ashore, and you can screw with your machine, and then ship it back to us (at which point we'll go through the same security process to make sure nothing bad has been added to the machine).

I can't think of any service offered by other colos which we do not offer:

• Colo arbitrary equipment, provided it meets facility requirements
• User access to hardware, outside the secure hosting area
• Remote hands/config service
• Arbitrary crossconnects or telco connects.

possible questions for HavenCo
by leto (leto@earthmud.org)

1 ...The Web site displays a copyright logo. Did Sealand sign the Berne Convention, and thus does it respect copyright?

Ryan: We weren't supposed to have the copyright logo on our site; it has since been removed (the Web site was kind of rushed).

2... Explain who is the real owner, because outsiders are confused with havenco, principality-sealand.net and sealandgov.com

HavenCo, Ltd. is a company doing global secure colocation. Our first (and presently only) site is in the Principality of Sealand. We hope to expand rapidly to other locations; secure colo in five jurisdictions is worth far more than five times as much as secure colo in one jursidiction.

Principality-Sealand.net is run by criminals from Germany who formerly staged an invasion of Sealand, and were repelled through force of arms. More info about this incident is on sealandgov.com

Sealandgov.com is the official Web site of the Government of the Principality of Sealand. HavenCo is providing technical assistance. (fruitsofthesea.demon.co.uk/sealand is the former official Web site of the Government)

3...Will I be allowed to store encrypted files there that HavenCo can't possible read, condone nor condemn?

We encourage customers to encrypt data so malicious attackers on the Internet cannot hack into your machine and read your data. We provide tools by default to do this on the machines; there are some tradeoffs between security and performance and security and convenience, and the user gets to turn the dial.

We encourage customers to use SSL or other transport-security when dealing with their end-users to keep end-user data safe from attackers who would snoop on the traffic, or malicious parties who would try to spoof/modify data in transit.

4 ... Why does Havenco insist on policies that allow them to remove content based on their discretion? How many judges does Sealand have to deal with this, or will Joe random Sysadmin play judge?

It is mainly in the case of serious threat to HavenCo/Sealand. We want to always keep our promises to customers; the only promise we can reasonably make and always keep, as far as security, is that no one will be able to affect the confidentiality or integrity of your server. We have to reserve the right to shut off a given customer and anonymously refund payment, as if we didn't, and someone presented a serious threat to us (even if only just to see how we would react), we would be forced to either break a contract with a customer, or shut down all of our operations. We want to have a way to respond to such circumstances (and if you get your money refunded, it's just a minor inconvenience...truly controversial data should be backed up and replicated, and you can be back online relatively quickly after such an incident. And you can be sure we'll work to make sure we never have to exercise this ability to pull a given customer.)

5...How will havenco prevent their backbone ISP or that ISP's country from interfering with Sealand/Havenco?

Our number one way of preventing people from cutting our links is by making sure we provide a net benefit to the world; we provide a place for secure e-commerce, privacy-protected internet services (do you really want people to be able to subpoena online psychiatric records in civil cases?), and uncensorable free speech (information about repressive regimes, corporate malfeasance, corrupt politicians, racial/ethnic/etc. discrimination), etc.

Even if a company or country is against a given piece of data one of our customer hosts, the company or country will benefit more by our continued availability than they would gain by censoring the data.

Additionally, we will have redundancy across network providers and countries so that even if one of them incorrectly decides to cut off service, we will not be substantially affected. We have lots of technical means for dealing with this kind of problem.

Additionally, various contracts and laws exist so countries and companies can't arbitrarily terminate backbone services; it's possible they would then become 'editors', rather than common carriers, and many countries have laws guaranteeing communications transit for third-countries.

Is this site permitted?
by broody (clue@localhost)

After reading your TOS I have become rather curious in regards to the following clause:

"Unacceptable publications include, but are not limited to:

1.Material that is ruled unlawful in the jurisdiction of the originating server (Such as child pornography, in the case of our flagship Sealand datacenter)"

In the case of the Sealand datacenter, what are some of the limitations?

Ryan: Aside from the HavenCo AUP (no spam, no network attacks), the only laws regarding content hosting in Sealand are those against child pornography.

Please note that in the following examples I am not equating one example with any other or implying that any of the following should be censored; rather they are examples of what I would consider sticky wickets when running a "data haven" and wonder how such things will be handled.

Imagine the following:

• I am a rabid anti-choice activist in the United States. I wish to post a site with a hit list of doctors performing abortions in the United States. After each "accident" I wish to mark them with a big red X. I publish detailed information on how to find each of these doctors. Is this site permitted?

  This material being hosted on Sealand is legal. I am not a lawyer, but it is possible posting the site may be illegal if you live in the U.S. U.S. authorities will certainly investigate, and civil lawsuits may be filed if the site is linked to an identifiable U.S. person or organization.

  We won't pull the site on Sealand, even if it is illegal to post in the U.S., but it is entirely possible the poster, if living in the U.S. and proven within the U.S. by U.S. authorities to be linked to the site, may suffer legal penalties until the site is pulled. (We will pull the site if the customer himself requests we pull the site, of course.)

  (This is a case of data where even if you oppose it, censoring it leads you down the slippery slope to authoritarianism. We believe free speech will primary serve as a tool for constructive public debate, commerce, and greater understanding between adversarial groups.

  If someone set up a site such as the one above, more free speech, rather than less, would probably render it impotent -- those opposed to it could express their concern, and the groups who directly benefit from the site would probably lose more in public support/legislative power than they would gain from trying to create a culture of fear. And the same privacy/security technologies could be applied the other way -- keep the identities of doctors performing abortions in the United States confidential. Privacy can be a powerful tool for accountability as well as secrecy)

• I am a hacker who wants to play DVDs on my Linux box and I want to use free software. I want to place source code on my Web site. The United States says this violates some stupid law and some annoying people object. Is this site permitted?

  DeCSS does not violate Sealand laws in any way. DeCSS can be posted freely on Sealand. Again, caveat emptor if you are a known person in the U.S. who can be provably linked to posting it outside the U.S.

• I am a devoted Iron Chef fan and Fuji TV has just sent me a cease and desist order. I wish to move my materials to Sealand. Is this site permitted?

  It is permitted on Sealand. It may be legally risky to move data to another jurisdiction if you've already received a cease and desist order yourself, but that risk is confined to your own jurisdiction, not Sealand.

• I am a regular guy in the UK creating a Web site about my daily life. Some people don't like the way I talk about them and my site is pulled. Is this site permitted?

  I do not see how this could possibly be against our AUP on Sealand, so it would be acceptable. Your own risk in your own jurisdiction is up to you.

• Will you allow sites advocating the overthrow of rival goverments, challenged uses of intellectual property, bomb making instructions, and other information that will get other nation-states panties in a twist?

  If you don't violate our AUP, we don't care. We don't have time/staff to monitor what you're doing, anyway. Buy a box, keep up to date on the bills, and we will keep it up on our net; any hassles you have in your own jurisdiction are your own problem, but you don't need to fear us doing anything to you or your box, except in the extreme circumstance in which our continued survival is threatened, in which case we may decide from a pragmatic basis to discontinue service and anonymously refund the balance in your account.

International Affairs (Score:5, Interesting)
by panda

According to the Sealand Government web site, Havenco "will now take over operations of the government of Sealand." As I understand the other text on the same page, it is generally believed that the government of the UK would not interfere in any acts of piracy, terrorism, or assault on your "territory."

Since you are now within the limits of the territorial waters claimed by the UK, you probably won't have to worry about a full-out assault from a sovereign nation, but another attack like that of 1978 could happen again. Of course, there is nothing but a few court rulings to protect you from Her Majesty's Armed Forces.

Ryan: Two minor points:

1. We're not within UK territorial waters, due to the fact that Sealand was occupied and declared sovereignty prior to the action by the UK to extend territorial waters. Sealand's territory and territorial waters are not diminished by actions taken by the UK after Sealand's sovereignty was declared. If the UK decides to declare 200km territorial waters next year, it will not affect the sovereignty or territorial waters of France, Belgium, Sealand, Ireland, etc.

2. The UK would have been very reluctant to allow a fully fitted out warship from some remote power to even pass through the Channel, let alone get within 7nm of her major container port, even if it only had 3nm territorial waters, if the UK believed that warship was coming to attack near the UK. Missiles have sufficiently long range, and ease of targeting, that anything which threatens Sealand also threatens Felixstowe, and even London, so a threat warship appearing near Sealand would probably be responded to by the Royal Navy regardless.

We're in a better position to defend against a 1978-style incident than Sealand was in 1978; I'd rather not go into specific security measures (especially since I'm not responsible for designing/implementing them, except for the parts related to the servers themselves), but if you remove the threat of great power military involvement, it would be very difficult to successfully take Sealand without destroying it entirely in the process. Since our security promise to customers is that their data will not be revealed to anyone, nor will their machine process data incorrectly due to influence by anyone, and this promise does not include more than best-efforts prevention of Denial of Service, an attack which destroys Sealand does not violate our security promise to customers. It would still suck, a lot, and we try hard to prevent it, but ultimately, protecting against denial of service 100% is impossible; all we can do is try very hard, and make it as hard as possible for an attacker to deny service.

In addition [to] "a few court rulings", we have international law on our side. Several legal authorities have confirmed over the years that Sealand meets all the requirements for a sovereign state. There's also the complete PR catastrophe that would befall a major country which invaded the world's smallest country over a free-speech issue; I can't imagine any elected government taking that risk.

Given the precarious nature of the "sovereignty" of Sealand, will you be seeking international recognition and treaties to guarantee your physical security from such attacks? Will you be joining any of the international protocols for cooperation in law enforcement or other areas? I would think that joining these would go a long way to cementing your viability.

I'm not responsible for the actions of the Government of the Principality of Sealand, but from what they've done in the past, and what I've heard discussed, they have every intention of being a responsible international citizen. Sealand is likely to seek recognition or enter into treaties whenever it is in the best interest of Sealand. Particularly relevant to Sealand are international telecommunications treaties and organizations.

Compared to the average state, however, Sealand has very limited resources, both in personnel and money, so I wouldn't expect Sealand to open embassies with every country in the world, sponsor major international aid organizations, or spend huge amounts of money on nationalistic extravagance.

user-side threats
by laborit (laborit@uts.cc.utexas.edu)

Let's say that you do manage to completely secure your clients' hardware and data. Do you think you can also completely obscure the fact that said client is doing business with HavenCo?

If so, may we have more details on how?

Ryan: Yes, this is a major issue. We believe we can do this.

There are several issues:

1. Anonymize initial contact and decision to buy
   This is simple; browse our Web site from a Web cafe, or use ZKS Freedom, or just hide in the crowd (we get a lot of hits, and if every one of those hits was a server sale, I would already have my toy (C-17 fitted out as a corporate jet/cargo carrier)).

2. Anonymize initial setup communications
   We can accept a service order through an anonymous remailer system, or through ZKS Freedom to an SSL Web site. This service order should include cryptographic authentication information so we can authenticate you in the future. We'll have this ready for review in advance of commercial sales. It will also be broadcast, so if you trust us, you can just pick up a signed copy from a newsgroup or mailing list, rather than going to our Web site and downloading.

3. Anonymize initial and continuing payment
   This is perhaps the trickiest part. We can be rather flexible on this. There are some effectively-pseudonymous payment systems out there, and there is always cash. We can certainly come up with a solution in almost any case; it just adds complication. This situation will, I'm sure, improve in the future, as it's only a matter of time before someone develops and deploys truly payer/payee anonymous electronic cash, now that there is a large and credible potential market.

4. Anonymize future administrative interactions
   Again, ZKS Freedom browsed SSL pages, or remailers. You'll need to authenticate yourself to us, be it by client cert, PGP signature, magic token, one time password list, or something else.

5. Anonymize systems administration connections
   ssh through ZKS Freedom is what I would personally use, but you can probably do something tricky with a shell interfaced to email and pgp, run through remailers (high latency, though), or Web-based administration, or something novel. If your server accepts lots of SSL connections from users, you could masquerade as a regular user, and then tunnel ssh/telnet through SSL.

6. Anonymize end-user connections to the server
   This is not strictly necessary in all applications. End-users can always use something like Freedom, or crowds, or anonymizer.com. Maybe your server interacts with users through email/remailer nets, like Tim May's Blacknet.

If not, do you think that certain governments will make it a crime to simply do business with Sealand? I understand your explanation that you're not undermining the authority of other governments -- but you are undermining their power to legislate away certain activities to which they object, and I imagine they won't like that. In a world which places little value on a citizen's soveriegnty against hir government, there would be few reprucussions to (say) the U.S. making it illegal to purchase your services, but it would put a big dent in your ability to do business.

I think it is highly unlikely this will happen, but we've certainly considered it, and want to make sure we have a credible plan in case it does happen; by having such a plan, we can remove any value in making doing business with Sealand illegal, after all, so maybe it won't happen.

I think any country which starts restricting what countries its citizens can do business with is headed down a slippery slope. The U.S. certainly does this already, with the "seven evil countries", but we're not going to be supporting state-sponsored terrorism, or expropriating property from influential Florida voters, so I think we're sufficiently benign to not be at much risk. Certainly there are countries in the world where conducting commercial transactions with a non-local business, in dollars, is illegal for the average citizen; those are some of the countries to which HavenCo's service can bring the greatest benefits.

Do you need any help?
by BoLean (TLowing.nospam@hotmail.com)

Is there any way that we Internet users or the Open Source Community could help with Heavenco? Are there any specific software/software security need that you have? Have you considered working with individuals/groups from other countries to help politically support your operations from their native soil?

Ryan: Yes.

I'm working on preparing a list, but there are several areas where we could use help.

In general, I'd prefer to work with the existing authors of existing packages to incorporate new features into the mainline. We don't have a huge number of programmers, and our requirements are not terribly unique; mainly we can assist with some requirements definition and design, and would want the teams to handle deciding if it's worthwhile, design integration into their future plans, implementation, and support/maintenance.

(examples:)

• We're working with the OpenSSL people to get better support for OpenSSL using some more obscure crypto adapters. We'll probably do the same with GnuPG for OpenPGP.

• I'd like a security-audited subset release of Debian GNU/Linux, with some additional cryptographic signing of packages by auditors. I'd also like to get Debian support for some more esoteric hardware platforms we might use (without revealing too much info :). My personal favorite platforms are Debian and FreeBSD; there are lots of nice automated systems management/upgrade tools one can do with ports and debs.

• I'd like a Web-based application, using applets or tamper-resistant hardware, which can send/receive OpenPGP-compliant messages.

• Various enhancements to NOC management, network monitoring, etc. open source tools (rrd, nocol, etc.).

• A decent SMS-to-email (and reverse) gateway for the Orange cellphone network in the UK :)

• Various enhancements to networking tools, practices, etc. for increased DDoS resistance.

• Some cache and SSL enhancements, probably to be presented at IETF.

• Secure time that doesn't suck (there's a wg, but I want tools).

• People developing for tamper-resistance, using a common-across-all-tamper-resistant-devices API, such as JavaCard. I'll speak about this at Defcon this summer.

• Good open-source SQL databases; I like PostgreSQL, others like MySQL, and having good open-source SQL db alternatives is always good.

• A Web-based time management/scheduler/etc. I've looked at Xen, for Zope, and it looks promising. I don't want to use MS Project. UNIX clients would be great too.

• Web-based general ledger/accounting tools; again, I don't want to be stuck using Quickbooks/MS Excel. UNIX/Gnome clients would be great too.

Why and what?
by Julian Morrison (julian.morrison@virgin.net)

What motivates you to set up a data haven? Are you motivated primarily by libertarian principle, or do you intend it mostly as a way to make money from Sealand's sovereign status? Or both?

Ryan: Initially, we were motivated primarily by libertarian principle, but that includes a desire to make money. The business would not be possible, nor would we pursue it, if it did not hold the promise of being wildly profitable if successful.

Will you allow data that does any of the following:

• - evades taxes or excise?

  Sealand has no taxes nor customs duties, so it would be impossible to evade Sealand taxes or excise. It would be even harder to do so with an Internet server. :) We have no responsibility to assist in enforcing tax or customs regulations of arbitrary other countries, within Sealand.

• - breaks local morality and legislated morality (including where oppressive eg: Iran)?

  Again, Sealand has no local morality or legislated morality, at least as applies to Internet servers on Sealand. No content would be rejected due to this, in the Sealand datacenter. We regulate based on location of the server. If a country, such as Iran, decides content hosted in Sealand is inappropriate for Iranians, they can make it illegal within Iran, and then Iranians accessing HavenCo colo'd servers in Sealand would be violating Iranian law in Iran, and potentially subject to Iranian prosecution. Not Our Problem.

• - belongs to political dissidents?

  As far as I know, Sealand has no political dissidents; it's too small. No content would be rejected due to belonging to political dissidents in other countries (and I'm sure Sealand would happily allow content belonging to dissident Sealanders to be hosted in Sealand as well).

  We have no real way of knowing if a user setting up a server is a political dissident in another country, anyway. It's not one of the questions on our account creation form :)

• - belongs to terrorists, organised-crime, etc.?

  We certainly don't support terrorism or organized crime, but anyone can set up a server. We do not screen customers as they set up servers, nor do we conduct four week background checks prior to beginning service. Think "cash and carry."

• - is uploaded and maintained completely anonymously?

  We encourage users to upload/maintain content/servers as anonymously as possible, for security reasons -- if people don't know who the admins of a server are, they won't try rubber-hose tactics, or will they try to steal your laptop, install BO2k on your machine, etc.

• - is maintained with absolutely no access granted to anyone trying to prosecute on grounds of its content?

  Users are welcome to keep information private and restricted to any group they choose. In general, we think most users will be publishing data to be visible to as many users (at least paying users) as possible.

Do you percieve what you're doing as moral? If so why?

Yes. We provide a valuable service to customers, promising a certain level of quality, security, and privacy, and work very hard to keep those promises. We do not mislead or coerce anyone into being our customers, and do not engage in anticompetitive or illegal practices against anyone.

DoS
by dingbat_hp (dingbat@codesmiths.com)

Sealand will inevitably have thin comms links and so will be more exposed than most to a DoS attack. Recent cases have involved ISPs pulling user sites simply for being attacked in this way - they accept the target site is blameless, but pulled it "for the good of the majority of users" and the restoration of their own comms.

Ryan: Our network architecture is actually going to be relatively advanced. Basically, private peering in insane quantities at nexuses of Internet traffic around the world, quality cache/filtering at those sites, and then encrypted tunnels over private links back to our datacenters. In the short term, these pipes back to the datacenters will be a bit undersized (10-200mbps), but we're planning to have gigabits of connectivity all the way to our datacenters in the medium term.

Resistance to DoS and DDoS is sort of the age-old battle of arms vs. armor; the newest arms will always win, but slightly older arms will lose against the newest armor.

We're in a better position than most w.r.t. DDoS; because we're on the side of individual liberty and privacy, it's unlikely any actual hackers/packet warriors/etc. would *want* to attack our network; if they did, they'd be suppressing free speech, exactly the thing many of them say they're for. And of course the people developing all the cutting edge stuff are the internet community, not governments and corporations; if we can resist several-month-old tools, we'll probably be able to resist most government or corporate sponsored DoS attempts.

DoS attempts are against terms of service, and the law, in most jurisdictions and networks. We'll work with companies and authorities in other countries to eliminate any sources of DoS against our networks, and will work with other service providers to eliminate the pathetic configurations which are used to effect most DoS attempts. If you look at how rabidly people go after spammers, multiply that by 100 and that's how hard people go after DoS.

How would Havenco respond to such an attack ? Taking the moral highground, or the pragmatic approach of letting individual users be picked off?

I don't think we'd shut off a customer simply for being the target of a DoS attempt, provided the customer was not violating our AUP. We may as needed take pragmatic steps to ensure maximal connectivity and fulfillment of our SLAs for the maximum number of customers, such as partitioning our network during heavy DoS attempts, etc.

Disconnected Living in a Connected Business
by Amoeba Protozoa (amoebapr@remotepoint.com)

Setting up a company on a remote island, even one that doesn't require a lot of on-site workers, was undoubtably difficult.

Ryan: Yes. We actually delayed a lot of the onsite work, which we could have started as early as November, until March/April, due to inclement winter North Sea weather and negotiations with the Royal Family.

What were the major challenges of setting up on the island? How many people, and what sort of equipment did it take? Is there more left to do?

The single biggest challenge in setting this up has been scheduling; certain items have really long lead times, and there are long critical paths. For instance, you need power to operate tools/computers/etc. during buildout, but installing a major power system requires quite a bit of engineering already be completed onsite. We were lucky that a lot of facilities were already in place, including a small generator, housing, kitchen, and a winch.

We have learned a LOT about how to do this in the future; we should be able to create a new datacenter on a green-field site in a matter of a few weeks! Hint: use technologies and procedures with more in common with military logistics than traditional datacenter buildout. (anyone with a nice site in a country with favorable laws and/or government partnership? Email me, ryan@havenco.com!)

We had to do a bunch of interim steps in order to install larger equipment; for a while, I was using a laptop and portable phone for IP connectivity, then geosync satellite transponder, and finally a combination of multiple technologies.

Our power system is still under construction; we've got small UPSes and generator power, but the production system, with a set of large UPSes, 3-phase PDUs, etc., is still in progress.

We've used a variety of transportation technologies; various helicopters, boats and ships, containerized transport, etc. (I must say I prefer the helicopter to the boats, even if it's less exciting)

I'd say that in total, there have been up to 40 people involved so far, within HavenCo, the Sealand Government, and key vendors.

Some of the most useful tools are exactly the same ones you'd use in setting up any kind of techie venture anywhere in the world:

• relocatable power taps (i.e. power strips)
• Gerber Multitools/leatherman, pocket knives
• De Walt power drill/screwdrivers
• Duct tape
• Cat 5 UTP for temporary 100baseTX runs
• Free OSes, on CD and off the net
• Quality generic PC clone hardware
• netcat
• Linux, *BSD
• VMware (yes!)
• ssh (quite possibly the single most useful piece of network software ever invented)
• thttpd (otherwise, we'd have a hard time standing up to slashdot effect, combined with media effect, on random webservers)
• laptops running UNIX, to make temporary servers, do NAT, etc.
• email-to-fax, fax-to-email services
• cellphones (yes, we can get cell coverage on Sealand, at least on deck; this has saved us quite a bit of hassle)

and some which are specific to our site:

• drysuits (like in my photo in Wired...if you don't wear one, and you're going along at 30 kts in a small boat, you will freeze)
• Rigid Inflatable Boat (the 22' thing in a lot of the pictures)
• canned goods (although eating some variant on corned beef hash, or rice pudding, gets kind of old after a few days)
• winches and list motors, angle grinders, oxy-acetylene torches
• 1 ton plastic pallet tanks, for water, diesel, etc.
• Our best friend, a 25 gallon/hour reverse-osmosis watermaker, without which one would be unable to shower (a very recent addition to the Sealand family ...)

And now we've got some Pelican 1650 equipment cases for transporting all our equipment, and I'm getting a 26U portable waterproof rack for transporting core routers/etc. (previously, I was using drybags, and somehow my laptop/rio/nikon990/cellphone/palmvx/etc. got dropped during a transfer from the boat at night, after being removed from the drybag :( Thankfully I had backups...and we'll see if "it just stopped working suddenly" is a viable warranty strategy, since it's strictly true. (Donations to the "Ryan Lackey small consumer electronics collection" are always accepted, of course, particularly nice pre-release toys.)

What are some of your day-to-day facilities like (food, shelter, perhaps even recreation)?

We have a small kitchen, and make two meals a day (breakfast is generic cereal and stuff). For housing, people have from 50 to 150 square feet of space each; it's not great, but is totally passable. We have one room dedicated to recreation, the lounge, with a TV and a bunch of books. You can also go out on deck and admire the view. My favorite room for recreation is the NOC, though, since I'd probably spend my spare time hacking on new tools or webpages, reading online books or Web sites, or playing computer games.

We have a professional cook/housekeeper onsite (a recent addition), which greatly improves quality of life -- I have better food when I'm on Sealand than I ever did when I cooked for myself (that it's free is nice too).

(FYI, last night I slept on my desk in the NOC because I was too lazy to walk 300' to my bedroom...it was surprisingly comfortable. Antistatic foam makes a good pillow, too.)

We're planning to improve the food/shelter/recreation situation, but it's sufficiently good now that it's not a priority. People have discussed getting a DVD library, video projectors, satellite TV system, better books, putting computers throughout the recreation spaces so we can play networked video games against each other (and others on the net), a hot tub, nice commercial kitchen, professional chef, etc.

The most impressive thing is that the Sealand Royal Guards (mainly ex-British soldiers who provide security, physical maintenance, and logistics support), many of whom had never used a computer before, have started using the PC we left in the lounge, and now want me to get them laptops. Sadly, it's a win98 box, so the GNOME/KDE people should hurry up and produce a viable alternative so I can give them Linux laptops...) IRC, the Web (ok, mostly porn), etc. seem like the best way to introduce people to the net -- in less than a week, they've become pretty self-sufficient on the Internet.

What is your daily cash burn rate? Are there ways to cut it? I don't know what the daily cash burn rate is; we don't have the kind of absurd burn rate common in Silicon Valley, though, even though we have substantial physical construction involvement.

We could almost certainly cut burn rate if we needed to, but we'd rather focus on increasing revenue, which is potentially infinite, than decreasing costs, which becomes exponentially harder as you get closer to $0, and is finite.

Are you making a profit now? If not, when do you plan to be able to?

This I don't know; I do techie stuff. I don't think the financial people would share this information at this point, either.

Do you have a plan in case of a hostile takeover?

Our stock is closely held, so a stock-based hostile takeover is unlikely.

If you mean a military takeover, yes, we have comprehensive security plans, but this is handled by our onsite security people, and I have little involvement. My personal plan is "don't get shot", and "stay away from where people might potentially be shooting." While people may focus on the extreme possibilities where we get raided by some corporate mercenary team or religious fundamentalists or something, in reality, our security concerns are much more likely to be "someone falls down a ladder and breaks a leg; how to we deal with this" or "minor electrical fire in the kitchen"; that kind of thing is handled quite well.

Where can I send my resume? :)

jobs@havenco.com. Include a description of what kind of job you would *want*, along with a resume. Please please please only use .txt or URLs, not .doc! (guess which resumes I don't even bother reading...)

Interesting concept...I wish you luck!

Web Email (was: Re:Disconnected Living)
by xyzzy

Ooo! The more interesting question to ask is: Can I get (either for free, or since this is a business, for pay) an e-mail address at havenco.com, or some other domain hosted at Sealand?

Ryan: You can definitely not have a havenco.com e-mail address, unless you work for us.

If anyone with a server at HavenCo/Sealand sets up a mail server on Sealand, you are welcome to contract with that person to buy an account. I imagine Web-based and non-Web based outsourced e-mail provided from Sealand will be a major market, for the reasons you mention.

You could set this up yourself, too. $1500/month for the box, you should be able to get a few thousand accounts, and if people paid $10/month each for non-subpoenable e-mail, you'd be profitable quickly. Dedicated machines per major user would also work; if a company wanted to oursource their Intranet/Extranet and e-mail servers, you probably would want to just resell one or more machines per customer.

In reality, the most important data any person or organization has is their e-mail! It can be read, spied on, subpoenaed, etc. I'd pay MONEY for this service.

I agree. You'd definitely want Web-based via SSL or applet security for viewing, or PGP in/out relaying, though; it would be silly to just put the mail server on Sealand and not protect the messages in transit.

Will Sealand be getting a top-level country code? If so, you could also sell domains, but let me say that I think the hottest idea is selling Web-based e-mail accounts.

You're welcome to point .com/.net/.org domains at HavenCo IP addresses. Same goes for country codes.

We'd really like our own country code, but getting one is a really long and involved process, so don't hold your breath. .com is still the most respected commercial domain, so I think it will be a really long time before any serious commercial business relies on non-.com domains.

Dibs on "billg@havenco.com" :-)

Points of Contact to the Internet
by gregor_b_dramkin (gregor_b_dramkin@my-Deja.com)

What will you do when pressure is exerted on your landlubber ISP to shutdown your connection? Move to another ISP? What happens when no one else will give you bandwidth? A renegade server farm doesn't do any good if no router will accept its traffic.

Don't say it can't/won't happen. Unfortunately, it can and probably will.

Ryan: We don't buy transit from ISPs. We only buy transit from tier 1 and 2 network providers, and arrange peering with as many as possible.

We are relying on having a very high quality, very well run network, with a large amount of desired content, as well as a top-notch well-known network administration team, to encourage as many networks as possible to privately peer with us at our major points of presence.

I certainly agree that if no one will carry our traffic, we're in bad shape, but luckily this is the Internet, and most of the people making those decisions are still fundamentally pro-freedom and individual liberty, with a techical background. We're going to be a very good internet citizen, participating in a variety of infrastructure development programs with pro-internet organizations, and peering with us is good for everyone.

Many countries have third-country communications laws which would make it unlawful for the government to exert pressure on ISPs to drop routes for given customers in other countries. Additionally, the value of the Internet will fall dramatically if major governments get involved in censoring traffic at that level; we've already seen examples of countries which try to block all potentially offensive or subversive traffic at their borders; not a lot of net startups moving there, eh?

Weakest Link...

[slashkitty]

In any security system, there is always a weak link. In this case, I would guess that the weakest link is the client's machine. Ryan said that clients could access their account from a cyber cafe. I don't see how they can hope for a secure system with such lapses in security. It is very reasonable to expect that that machine could be bugged and tracking the clients every movement. How could a clients data be secure on HavenCo's servers if the client doesn't have a secure machine?

Sealand Abandoned?

[whysean]

Ryan wrote:

I've never actually heard the "Sealand abandoned due to bad weather" story, and the Royal Family of Sealand, who are involved in management, deny that such an event ever occured. (I think another tower or radio ship from the pirate radio days may have been abandoned due to weather, but not Sealand.)

- - -

It certainly does not make sense that Sealand would be abandoned in bad weather because:

1.) The towers are built up from the sea floor. It is not a boat to be tossed about in the waves.

2.) The water around it is 20 - 30 feet deep, and the deck is nearly twice that distance above the surface of the water. Therefore if you imagine waves with peaks and troughs, the highest they could ever get before exposing sea bottom would not be high enough to put them over the top of the structure.

3.) I am fully convinced that despite any possible danger, Prince Roy would stay and see it through to the end.

4.) Even though the Sealand island/fortress has stood strong for 60 years, let us imagine a storm so terrible that the people of Sealand feared for their saftey. In such weather conditions, no helicopter could possibly land and no boat would be safe. How could they possibly leave?

I think that this rumer is almost certainly bleed over from the story of one of the pirate radio ships, as Ryan suggests.

--Sean

Re:HAH!

[_Nemmeran_]

Wow. You seem to be a moron. The Principality of Sealand is a piece of "land" that is unattached to any other country, and has been declared sovereign on many occasions. Has your front room been declared sovereign? Hmm... I want my house to be sovereign.

Oil & gas infrastructure

[mimon2]

I work for a company that designs offshore oil & gas platforms. There is an increasing number of floating, semi-mobile platforms out there, and some of them are reaching end of field life in the next 5 years or so.

Maybe someone with some (fairly serious!) capital could use something like an old platform, FPSO, etc. Power generation (large amounts of), accomodation, and so on are already there, as well as communications hardware. I know for a fact that an FPSO in the Timor sea that we built has guys sitting out there surfing the net right now!

Just a thought .... actually, maybe someone could use the same technology we use for FPSO's (sorry, floating production, storage & offtake) and convert an old tanker? No point in solving the same problems twice.

Re:Anarchy?

[timothy]

Badger wrote:

"I'm a little unclear as to why it's a good thing to have an unanswerable entity running around this planet. We have governments, and inter-governmental institutions for a reason! Would we condone this place if they housed thieves or killers? What if SeaLand was a refuge for terrorists instead of data? Anarchy is anarchy..."

The problem is that some animals are more equal than others. Do you believe that all governments / govt'al institutions hold their power legitimately?

I don't. There's a whole spectrum of government on earth, from No Pretense of Freedom (N. Korea) to The Occasional Pretense of Freedom (PRC) to Certain Rigidly Defined Freedoms (Singapore) to Freedom to Pay Taxes, Plus Drive Volvos (Sweden) to A Bit More Freedom But Always Shrinking (The U.S.).

There is no country where the government doesn't intrude or want more power -- that's the nature of government, IMO. You can't be angry at a pig for enjoying its slop. Is government a necessary evil? I'm willing to say Yes at least for the moment, but with an emphasis on the "evil." But every step away from the tools to overthrow particular governments is one they'll happily dance right along with.

Remember, a lot of people killed this century (and probably every other since the start of history) were killed through the malice or inattention of their own governments. Offshore datahavens so far are doing better;)

The neutrality of a true data haven (there probably are many such that we've just never heard about) may appeal to Bad People, but I can think of a lot of Nice Guys who might like it for the same reasons. No fair to ban milk because it may be enjoyed by a vicious, terrible murderer, or dental floss because it could be used as a garrotte. Or more to the point, a hammer because it could be used to bludgeon infants as they sleep.

thoughts,

timothy

Re:Anarchy?

[kashifq]

yes, this *is* a step towards a kind of anarchy. i, for one, think this may not be such a bad thing. let's face it, government (especially democratic government) has more or less failed in many of it's roles. in rich countries, the govt belongs to whoever has the dough. in poor countries (like mine) the govt belongs to whoever has the guns. the masses aren't *really* (IMHO) represented anywhere. if nothing else, heavenco and the like will serve to underline how a lot of people feel about the abuse of authority, and smart govts will start to behave themselves. maybe.

take odds on the CIA being a client?

[brokeninside]

With HavenCo's preference for anonymous business relationships, I'd be willing to wager that the CIAs, NSAs, Mossads, etc. of the world will be among the first customers....

Not true

[Dacta]

For instance, both the USSR and Czechoslovakia (neither of which exist any more) still have su and cs, and yet Serbia (which is recognized by the UN) doesn't have one.

The "USA Minor Outlying Islands" is um, yet no one would even claim that is a country. Same with the British Indian Ocean Territory (io). Greenland (a territory of Denmark) has gl

As you can see, having a Country Code means nothing in terms of being a country or not.

Re:Hmmm - I reckon we want a server

[titus-g]

or...

How about slashdot getting some space there, and sticking an SSL gateway to the news/forums so that the Anonymous Coward non login was more than token security?

err although actually there would be no need to have that on a havenco site. ho hum

Anyway /. falls under US Jurisdiction, therefore they can be got for what they post, no matter where they post it.

The main protection is anonyimity (purchase/posting etc.).

Ryan Lackey's answer to my question

[joshamania]

Perhaps to be considered offtopic by some, but Mr. Lackey did respond to my question and I feel obliged to thank him for his detailed and well thought out response.

Sealand Sovereignty has been tested in court

[burris]

Also, I'd be interested to see what happens if SeaLand's sovereignty ever is contested in a courtroom, or what will happen if a government does order their communications links cut off.

Read the Sealand website again. A ship from the British tax collection agency (Exise) tried to go to Sealand and was fired upon. Prince Roy was eventually hauled into court on tax and gun charges and the court ruled that England had no jurisdiction in Sealand, giving them de-facto recognition of sovereignty.

Burris

Re:take odds on the CIA being a client?

[Zan Thrax]

Hey! Don't forget CSIS! Where do you think the Mossad gets their nice supply of (highly respected) Canadian passports, eh?

Timothy, send me your laptop...

[Richy_T]

And I'll drive up and dunk it in the North Sea for you. Then you can say it's happened to you too.

Rich

Hmmm - I reckon we want a server

[shockwaverider]

OK - How about Slashdot buying some space here.

Stuff we all agree should be freely available [DeCSS etc] gets posted.

At the very least it would give us an answer to "Who whould win in a fight, HavenCo or MPAA"

Easily replicated?

[RyanP]

I wonder how many other companies will start offering similar services now that HavenCo has taken the first step. There are large amounts of oil rigs floating around, and while not all of them are in international waters, just having the security the isolation provides might be enough. Didn't Disney or some booze company buy an island in the Pacific too? That might be a viable option as well...owning actual land gives you a very solid claim on sovereignty!

Security is laughable

[Rand Race]

While this whole thing is cool and all, it's really only in existance at the whim of states like Britain and France. Believe me, if Havenco does something to really annoy Britain then one night Havenco will simply disapear. SAS and SBS commandos (GIGN or the 2nd REP if it's France) will do away with what they don't like and nobody will be the wiser. No need to shell it, no need to blockade it, no need to face international court. Unless Sealand has some seriously heavy duty millitary and security equipment they will not stand a chance against a good commando team, and the British SAS are commonly held to be the best in the world.

Letting the kids play

[cah1]

All this principality, sovereign nations talk sounds fun, but don't you think that all this is merely being tolerated because it's not actually threatening?

The moment HavenCo does something to actively antagonise the UK or mainland Europe, the connection gets cut. Simple.

Lackey claims they're not worried about this, but frankly it's pie in the sky. HavenCo will be tolerated for as long as they're not actively annoying any governments - their days are numbered unless they're just being a colo with a cool twist. For as long as they're just that, they'll be left alone.

That the UK hasn't stomped on them is all down to whimsy - the comms, the utilities, their provisions, their healthcare, their very existence is all hanging by a thread. They'll not last long in a siege!

Re:US v. HavenCo

[Zan Thrax]

"The pen is mightier than the sword"
Said killthekillers.com site would be encouraging people, other than the people involved in previous killing to take out someone else on the list. The idea is to get many "anti-choice zealots" around the nation to each consider taking out one of the targets. This isn't like a serial killer who's crime spree stops after he's gunned down...

Re:Letting the kids play

[cah1]

I'd be *really* surprised if the UK did act against them. Why are Havenco's activities more dangerous to the UK than say, the Channel Islands or the Faroe islands?"

That's the point, they're not - indeed, like the Channel Islands, that the business could be very lucrative could be actively working in their future favour.

The diplomatic PoV is moot - I doubt HMG are giving them much real consideration at the moment, tolerating them because it's a kids game. The moment it becomes important, just watch the rules change.

Cutting the lines would be the last resort, but the UK could make life very "interesting" for them. Whole countries can survive boycotts and sanctions, tiny islands with little or no means of self-support might find the going a little tougher - no matter what their support from the world's liberal intelligensia!

me too (offtopic)

[brokeninside]

Something to carry around and write stories on is precisely why I just bought a used NEC v/50 on ebay. It cost me $215 w/ shipping. 20 MB RAM and 2.1 GB hard disk. Emacs takes freaking forever to load up, but vi (vim actually) is all I really need as I do most of my writing in an xterm anyway.

The only pissers are:

1. All the X apps (like Netscape Communicator, xevil, etc.) that were never intended to be seen on a 640 x 480 display and don't have scroll bars where they need them if the windows are resized to fit such a small screen).
2. XFree86 only supports 256 colors on the Western Digital SVGA chipset

The battery lasts about 100 minutes which for me is 2 round trips to work on the bus. The funniest part is all the people staring at me like I'm rich cause I have a laptop.

Countries, Schmountries.

[DarthSmeg]

It's time we stop this country crap.
One world, one state, one law.

Besides, we'll need that kinda thing when the aliens come ;)
--
Tarald - The Lord of Smeg

Re: Child porn

[loki7]

I wonder what child porn is, in Sealand?

Here in Canada we have some pretty oppressive child porn laws. Writing a story, or painting pictures depicting sex with people who may be minors is considered child pornography.

What's Sealand's definition?

/peter

Re:HAH!

[Fishy]

LOL!

You idiot, its not land, its a platform, fully built and paid for by the UK government.

Not that it really matters, a steel platform in the sea for 50 years ......

F

Thanks Ryan

[Money__]

This fantastic resonse amounts to the begining of a "Data haven howto". woo hoo!
___

Re:Security is laughable

[mduell]

What was Rainbow Warrior? I've seen a few posts mentioning it, but no details :(

Mark Duell

Re:Oil rigs are not far off shore

[gkAndy]

Not around the UK :)

There are many, many oilrigs off the shores of the UK, some nearing the end of their operational life (anyone remember the Brent Spar PR disaster?). Most already have data comms links to them (there is a room about 10' away from me filled with the equipment that is doing that as I type :), although they tend to be quite low bandwidth.

IIRC, the North Sea is actually quite shallow as there is no continental shelf between here and Norway, so it's not as expensive as you might think.

Still costs a lot though :)


--

Waterhouse is cooler!

[grammar nazi]

All Waterhouse could think about when starting his own data haven was whether or not he could fsck America Shaftoe! Now that's my kind of guy!

Re:Pirate Radio - the link

[ch-chuck]

is here [simplenet.com] - but then they mention being "3 1/2 miles south of Long Beach, Long Island" - hmmmm.

Less of the Stupid.

[SimonK]

You can't (obviously) take legal action in Sealand, and for the sake of argument we can assume their security is good enough that you can't take any kind of technical action, however my *point*, which seems to have missed you, was that (as the interviewee says) clients of HavenCo are still liable for their actions in their place of residence of country of citizenship.

In addition HavenCo itself of necessity has (or will have) legal and technical presences outside sealand, which will, depending on jurisdiction, be liable for legal and action, and to have information supeonaed from them. While they're bound to try to prevent this, its not at all obvious to me that they'll succeed.

WHY TROLL?

[grkvlt]

why is this post marked 'troll' - seems to make an interesting point...

Re:Server Room Security

[mduell]

Simple... get a small styrofoam (sp?) cup of LN2 from your neighborhood chemical shop and place it in the bottom of you case.

Mark Duell

Re:Show me the money.

[grkvlt]

see the quote below - seems simple enough to me. maybe even set up cypherpunk style remailer access and sell that too, payment via anonymous credit card only...

If anyone with a server at HavenCo/Sealand sets up a mail server on Sealand, you are welcome to contract with that person to buy an account. I imagine Web-based and non-Web based outsourced e-mail provided from Sealand will be a major market, for the reasons you mention. You could set this up yourself, too. $1500/month for the box, you should be able to get a few thousand accounts, and if people paid $10/month each for non-subpoenable e-mail, you'd be profitable quickly. Dedicated machines per major user would also work; if a company wanted to oursource their Intranet/Extranet and e-mail servers, you probably would want to just resell one or more machines per customer.

Re:Personal privacy?

[Ether]

What about the society that allows easy and unfettered access to this information? Face it, we live in an information society. Thought experiment: Say the local news says "convicted arsonist felon living near local school". You've never burnt anything more than a pile of charcoal, but someone with your name has- does that change the fact that you now have people outside your door protesting? If you're lucky, you get a retraction at the end of the news and a small settlement. Look at Richard Jewell, who spent three months in hell as the suspect of the Atlanta Olympic bombing-- only to be cleared with a 'oh, he's not the guy. sorry for screwing your life over'. Prefacing bomber with 'accused' doesn't take the impact out of it.

The web puts people at equal footing- if Joe Anonymous posts libel to the web, I can just as easily refute it. His sealand site has as much as a voice as does my ispland site. Contrast this with the power that you have against "Investigative News."

We face a paradox: The ease of the exchange of information is inverse to privacy (Which is nothing more than the control of information about you). I would wager that some of the people that scream the loudest that "Information Must Be Free" also scream that "Privacy is a Right!" Where will you draw the line?

Re:Lawsuit defense - haha

[gwalla]

IANANL (I Am Not A Naval Lawyer), but I'm pretty sure that ships in international waters are subject to the laws of their port of origin.

---
Zardoz has spoken!

Since they're not WIPO fodder...

[Ex Machina]

Wouldn't it be nice if HavenCo/Sealand would set up a mirror for DeCSS, ASF2MPEG (did you know that MS has a patent on the ASF format?) and other "illegal"/banned (peh) pieces of free software like this (and perhaps some standard crypto stuff OpenSSH, GnuPG, etc.).

Perhaps they could set up some sort of anonymous remailer (using strong crypto, no large attachments/spam, cobranded with HavenCo to make them some .com $).

I'll forget about technical / bandwith / biz concerns for HavenCo..... wouldn't it be nice...

Re:Waterhouse is cooler!

[Ex Machina]

Indeed!

Re:Security is laughable

[knight_23]

July 10th 1985 - The Rainbow Warrior prepares to lead a peace flotilla of ships from New Zealand to Moruroa to peacefully protest against French nuclear testing. Three days after arrival in Auckland, French agents bomb and sink the Rainbow Warrior in the harbour, killing Greenpeace photographer Fernando Pereira.

http://www.greenpeace.org/~comms/rw/pkhist.html

Personal privacy?

[EndlessDespair]

The laudable libertarian stance on freedom of information notwithstanding, there's a question I've got for readers: What will you do if you see your credit card number posted on a HavenCo-hosted site? Or some other spicy bit of personal information that you'd really rather fell under privacy laws?

Server Room Security

[Anonymous Coward]

I thought I had read at some point that HavenCo flooded their server rooms with nitrogen so you had to wear a suba tank and mask to work on the boxes. Besides preventing human access to the machines, it was supposed to prevent rust. Did anyone else pick up on this fact? If so, where can I get my nitrogen flooded server room cheaply?

Lawsuit defense - haha

[ch-chuck]

I know of one group that wanted to run their own unlicensed radio station, bought an old Japanese fishing trawler, outfitted it with transmitters and sailed out into international waters and started broadcasting and very soon the US coast guard shows up, arrests them and hauls the whole shebang away. The charge - broadcasting into US terriroty (of course they don't dare raid radio Moscow for doing the exact same thing). The point? In international waters it's whoever has the biggest guns and navy, if the UK or whoever wanted bad enough to shut it down they will, and need only the flimsiest legal justification for sending in the stormtroopers.

Re:I dunno...

[J. Chrysostom]

I think the author was well aware that basically anyone who wants to attack their data haven can do so. $320,000 is a drop in the bucket for any international organization.

The CIA could drop Sealand in a second, but they probably wouldn't attempt to do so. If anyone is running a business on Sealand that displeases the US, they'll get the British to solve "their problem." The British will most likely try to negotiate with HavenCo, but if HavenCo fails to respond, the British will have no choice but to waltz in and arrest them all. If the "defense forces of Sealand" open fire, the platform gets trashed beyond repair, and all the personelle go to jail for a very long time.

But lets say that HavenCo & Sealand surrender, and sue the British instead. The lawsuit would take place in a British Court (the ICJ can't take suits from non-state entities like Sealand). The British court would most likely rule in favor of the government, and the pseudo-sovereignty of Sealand is destroyed forever.

This means, as the HavenCo rep is pointing out, that they will try not to piss people off. So long as they avoid making enemies, they'll have a very profitable time.

"The UK is a law-abiding country"

[whuppy]

It is highly unlikely the UK would intervene with military force, as they are a primarily law-abiding country with a strong tradition of respecting the law, due process, etc.

HA!
Try that line in Northern Ireland.
--

Question for HavenCo employees

[stu]

Was there any need whatsoever for the faux-cyberpunk costumes you guys wore when Sealand made the BBC's 'Newsnight' the other week?

*Mirrorshades*? Good grief, its the year 2000! They haven't been 'futuristic' since Billy Idol co-opted them for his ludicrous comeback effort.

*Long Leather Coats*? Jeeezus. Why not just wear T-Shirts with 'Yes, we have seen the Matrix' on them?

Having the XMatrix screensaver running in the background of every shot - was that your idea or the BBC's?

Be warned - it may not be the efforts of world governments which will scupper Sealand. If you carry on like this it will just be the shame of people shouting 'Ha ha ha! This lot look like C-Net's Desmond Crisis, circa 1996!'

Other than that, great effort - keep up the good work.

Re:defenseless

[Money__]

I got that impression too. You bring up an interesting point. On the one hand he's saying that they are an independant country and on the other hand he points to the UK navy as a form of protection for the nation in the event of a naval invasion.

What's to stop the UK government from negotiating a backdoor diplomatic agreement from another country to drive a boat up to sealand and blow it up while the UK navy and defence system sit idle. The UK gov would have plausable deniability saying "We do not interfear with other independant nations" while sealand is sunk.

Ya know this sounds a little paranoid even as I type it. From a secutity point of view, if this is the least of their worries, they don't have any.

I do admire Ryans experience and knowhow in his job and I have to respect the risk he's willing to take to see his beliefs come to fruition.

King of sealand: dude, wanna run my colo?
Ryan: sounds kewl, what's the catch?
King of sealand: Our army is smaller than that box of little green army men and we're as defenseless as a windows box at a hacker con.
Ryan:sign me up!

Lackey got nads
___

US wouldn't hesitate to attack

[dingbat_hp]

who actually thinks that the UK is gonna invade a country and take it down.

Maybe not the UK, but the US wouldn't hesitate to do it. In recent years the USA has embargoed one country (Cuba), mined the harbours of another (Nicaragua), toppled the democratically elected government of Chile (and sizable chunks of Africa), invaded a few others (Grenada and Panama) and supported internal terrorism in far too many to name (including the far-right in Italy). Where UK connivance is needed (airfields to support the bombing of Libya), they roll right over.

Post-USSR, the USA is now the world's largest sponsor of state terrorism. And just like Khruschev's claims of supporting peace, whilst building nukes like crazy, the USA has the audacity to describe states like Yemen as being a harbour for terrorism, when they're the worst criminal of all.

Uncle Sam certainly likes his role as the world's policeman. Unfortunately he's less Dixon of Dock Green and more an overweight Southern-States redneck cop turning over yet more poor-coloured-trash folks because he wants to steal their donuts.

SAS has already been used to murder civilian

[^BR]

If you really think that the SAS will never be used to assassinate civilians you should read that

• Operation Flavius [specialoperations.com]
• MURDER ON THE ROCK [easynet.co.uk]
• http://www.irishnews.com/k_a rchive/040398/nnews15.html [irishnews.com]

Where the SAS shot unarmed supposed IRA operatives in Spain, but for that matter unarmed civilian, without even trying to arrest them. (And got away with it...)

Re:Why would the CIA bother?

[PhilHibbs]

This is why child porn is prohibited in Sealand; they don't want to get the US or UK authorities riled up.

No, I think that's more likely a PR decision, and maybe also a personal morality decision of the HavenCo personnel. It's be nice to think that some corporate bigwigs somewhere had morals.

Re:Security is laughable

[Romen]

The Rainbow Warrior was a fairly large Greenpeace ship, that was protesting French nuclear testing in the south Pacific. Some French commandos blew a large hole in the side, causing it to sink, and killing a photographer. The French have never admitted this or apologized, but they were orderd to pay 1.9 million in damages by an arbitraitor.
Sam TH

Re:US citizens

[anticypher]

This is not so hypothetical as it sounds. The US is well known for extending its laws over the entire world. It regularly makes deals with other countries for "expedited extradition" in picking up suspected criminals. After the bombings of some US embassies in africa a few years ago, every suspect arrested in african countries was taken by local police to the airport and placed on waiting US military planes, and they awoke in a jail in the US. No local hearings, due process, or even the ability to contact a lawyer locally.

I wish I had had the time to pose some well thought out questions when this topic first appeared. I don't doubt their physical security, but I am worried about what happens if the US or Britian decide to issue arrest warrants. If Britian decides that havenco is storing some data on IRA paramilitaries who don't agree with the peace process, the ex-militaries guarding the tower are not going to stand in the way of a Special Branch/SAS team dropping onto their flight deck.

What happens to Ryan and his american friends if a US judge rules them in contempt of court for refusing to pull a dangerous web site? Do they spend the rest of their days on a tiny platform in the north sea, knowing the moment they set foot in the UK or Holland they will be arrested and extradited? Do they have legal counsel in both the US and the UK standing by to defend them in their home countries, where they are still bound to obey the law, despite havenco's vague declaration of sovereignity?

Once they break some american laws and get a judge upset at them, it will get nasty. When their assests get frozen, then its all over for all their clients. But it should be fun while it lasts.

Those were some of the questions I would have like seen answered, but mostly I want to know about their peering arrangements and their cool routing infrastructure.

the AC

HavenCo is bolloxed already

[Holgate]

I quote:

----- Forwarded

I urgently need to transport _______ ___, _______ ___, and a bunch of luggage to Sealand. Britain has started turning away known HavenCo employees at the airport, so I have arranged transport by boat tonight from a port town in _______. I need a brave hearted individual with a large car or van (or the ability to rent one) to drive [the lot] to the rendezvous point this evening. HavenCo will pay all your expenses, plus some reasonable additional fee for your time. If you can help, please give me a call ASAP at +__ ___ ___ ____.

----- Backwarded

That WIRED cover story may have been a little bit presumptuous...

Post a US political figures info instead

[jhines]

and sit back and watch the fireworks on someone elses dime.

If someone were to crack their personal info and post it, it would make for a high profile test case.

UK ignores jurisdiction already

[Brian Stretch]

Example: the holding of Pinochet by request of a Spanish judge, with neither the UK nor Spanish governments having any jurisdiction over the alledged crimes of the General. And Pinochet was Britain's *friend* in the previous two administrations. Basically, he was arrested because it made a bunch of geezer European leftists happy.

You really think they'll leave Sealand alone if it starts cutting into the taxes the socialist European governments rape their citizens with? (Not that the US is doing too well in this regard...)

Still, I'll give Havenco better than even-money odds of success, just because they aren't dependent on any given site. But I wouldn't be surprised if some of their principals were arrested as soon as they set foot in whatever offended country on whatever trumped-up charge, and get kept in confinement for a year or two while the lawyers fight it out. Hopefully I'm being overly cynical.

Re:Personal privacy?

[EndlessDespair]

If I had your tax returns, I would have enough information to take out loans in your name (and run off with the cash, of course).

If I were an insurance company, any of those things would be a good excuse to hike your rates.

If I were someone who knew you, I could put the arrest record and the questionable pictures and so on up around your place of work or residence. This reminds me in a way of Snowcrash -- I could pay a data haven for any information it might happen to have on you, and then use it at whim.

And I'm not even very creative. I'm sure someone else would have a better idea.

Re:Personal privacy?

[anatoli]

OTOH, what will you do if you see your credit card number posted on a site hosted in, uh, say, Kazakhstan?
--

Re:Timothy, send me your laptop... (offtopic)

[timothy]

You'll need to send me your address first, and promise to take lots of pictures of the dunking. And it would be a lot cooler if you could throw it from the sealand platform, which may be trickier.

My laptop (barely worthy of the name) I got in trade from my old housemate Dan Jones for an PCMCIA Ethernet card, and Dan may have gotten the better end of the deal. (Just the same, totally voluntary!)

Macintosh Duo (230, I think, but it's not in front of me) ... it's got an 80 MB hard drive, a (failing) greyscale screen (4 bit? 8 bit?), a flakey external floppy ... it was a neat machine when it came out, but this example no longer even serves as an adequate typing station, b/c humidity and dust have scotched the keyboard.

I'd like a better laptop but the purchaser's dilemma is overwhelming. The ones I'd like are too expensive or not out yet.

I want:
(non negotiables)
- Linux friendly, and preferably also *BSD
- 13.1 or bigger XGA active matrix**
- trackpoint* not touchpad (well, not touchpad *only* ... Dell Insp. 3800 has both ...
- keyboard-input provision
- long battery life

(negotiable)
- video mirroring
- integrated 10/100 ethernet
- large hard drive (I'd settle for 4GB)
- reasonable price (upper teens?)
- plenty of memory - I guess 64MB is OK for a laptop ...

Standard (PC Compatible) probably, but if Powerbook G3 / 400s could be had for under $2000 I think I would be tempted.

timothy

Re:I dunno...

[flossie]

If the dispute is over sovereignty, how could the ICJ refuse it on the basis that one of the participants is not a sovereign nation? National courts are not the usual venues for sovereignty disputes.

Re:More Interviews please!

[timothy]

Both Lars and Ryan here took longer than expected, for various reasons. It's frustrating on our end too -- In Lars' case, we almost dropped the whole thing.

I like interviews, too! You can email me suggestions for ones you'd like to see, and we'll try to get some of them.

timothy

more Sealand info

[Tiro]

For backround and photos visit The official Web site of the Principality of Sealand [principality-sealand.net] or this other page about Sealand [demon.co.uk].

As shown in the photographs at these sites, Sealand is just a tiny platform high over the open sea. Smallest damn principality I've ever seen...

If it's worth doing, it's worth doing at a profit!

[Ungrounded Lightning]

Wouldn't it be nice if HavenCo/Sealand would set up a mirror for DeCSS, ASF2MPEG (did you know that MS has a patent on the ASF format?) and other "illegal"/banned (peh) pieces of free software like this (and perhaps some standard crypto stuff OpenSSH, GnuPG, etc.).

What I'm saying is that It would be an interesting gimmick (marketing) for them...

Why should they become a lightning rod for free? They'd be ahead to leave this "marketing gimmic" to their clients, rather than co-opting it for themselves.

Then they get paid for the servers that host it, rather than spending their own resources on them. And they still get the marketing benefits.

(It might be in their interest to post the tools that are handy for doing business with them anonymously. But I bet even that could be handled, more cheaply, by linking to others who already host them.)

Ask Slashdot: What interviews do you want to see?

[Raindeer]

Give us some suggestions, we'll try to get them.

That is fair enough. Sounds like a great one for Ask Slashdot. Which people would you like to see interviewed? Ofcourse there would be some very generic ones, but I bet there will be some very interesting suggestions, some suggestions that you might want to pursue.

Re:Personal privacy?

[Far McKon]

In Responce To: >We face a paradox: The ease of the exchange of information is inverse to privacy (Which is nothing more than the control of information about you). I would wager that some of the people that scream the loudest that "Information Must Be Free" also scream that "Privacy is a Right!" Where will you draw the line? > To start with saying "informaiton should be free" is like saying "i'm pro choice" Pro choice has almost nothing to do with choice, but by using the word, brings more connotations than simply abortion with it. Likewise when people "Information should be free" they are misusing the words information (? what do they include under information?) and free (free no money free, or free free software free). Privacy is a right, and when only you have the information, you have every right not give it out, however when you pass information on, the information becomes someone elses, and they can do what they want with it. (again, "privacy is a right" is too broad mean anything) The key is to establish who can be trusted with informaiton on you, and who cannot be. Like knowing what friends to tell embarassing stories to, and which one not to tell the stories to. The idea of information, privacy, and free and right are all being redefined, and we need to redefine our solutions and how we define our problems as that happens.

Re:Just embargo

[KahunaBurger]

If the UK would impose an embargo Sealand, they could get their supplies from the European mainland (which contains *a lot* of sovereign countries). It's only a few hours by boat.

ehem. The post said "embargo or blockade". Unless the UK has ever aknowledged Sealands "territorial waters" it would be trivial for them to simply enforce their controll over their own (internationally recognized) waters and prevent any other country's commercial vessels from approaching.

Does any government actually respect the "territorial waters" of Sealand? or are international waters accepted as begining X miles out from the UK?

-Kahuna Burger

From their old web site

[flossie]

located at fruitsofthesea.demon.co .uk [demon.co.uk]
"The Law of Sealand is based on British Common Law and British Law of Contract." I would suspect that there would be no significant difference between the British and Seal(andish?/ish?) laws in this area.

Anonymous E-cash Now

[blanu]

You can walk into any 7-11 right now and get (for free) an Internet Shopping Card. You give the cashier cash and it is put on your card. You can use the card anywhere online that accepts American Express. Neither 7-11 or American express has your name or address. All they have is a bunch of card numbers mapped onto dollar amounts. Combined with SSL and a web anonymizer, totally anonymous e-cash without any complicated patented cryptographic techniques. And you can do it right now.

Re:Cracking?

[heff]

lets test this theory, everyone ping havenco.com 65000!!

Re:Yeah, then Roblimo could tell M$ to kiss off

[Roblimo]

I have no intention of spending my life on a cold steel derrick in the North Sea, thank you. Some guys I know are setting up a data haven in a free trade zone in Panama. If I go anywhere, it'll be there. Warm weather (year-round sailing!), low rent, no taxes on offshore corporate income, rum and cigarettes at 1/5 U.S. prices (or less), good nightlife and beaches, quality medical care (I have diabetes, so this is important), lots of international fiber to hook into *plus* sat link as backup.

Now, given a choice between setting up your servers someplace cold and nasty or coming to a nice warm place (especially in winter) to set them up in person (at company expense - or tax-deductible if you're self-employed), which is more attractive?

I'm in the process of getting my passport renewed and a work visa for Panama set up. I'm not saying I'll suddenly start telecommuting from Central America, but I'm not saying I won't, either. *G*

- Robin

You're such a naif!

[The Dodger]

Read the Sealand website again. A ship from the British tax collection agency (Exise) tried to go to Sealand and was fired upon. Prince Roy was eventually hauled into court on tax and gun charges and the court ruled that England had no jurisdiction in Sealand, giving them de-facto recognition of sovereignty

I can't believe you really think that a judgement by a magistrate can really be relied upon as proof of a SeaLand's sovereignty. The only reason that Sealand has been tolerated until now is because, until now, Roy was viewed as a mere eccentric.

Anyone who believes that the status quo will continue if HavenCo starts pissing off the British Government is a complete naif. For God's sake, UK Immigration stated only weeks ago that they regard "SeaLand" as British territory. That was why they refused a HavenCo employee flying in from America entry to the UK.

Look, I'm a libertarian. I'm against the RIP Bill. I'd love to see a real datahaven. I'd probably be one of the first to sign up! But I also live in the real world, and I long ago came to the conclusion that a real datahaven which thumbs it's nose at powerful governments will not last very long, and that the use of strong crypto is a better way of ensuring data security.

The only way that HavenCo is going to be able to operate without intervention by the UK authorities is if it treads very carefully indeed and avoids doing anything which pisses off the UK Government.

As anyone who's interested in issues such as extraterritoriality will be aware, even the hallowed tax havens of Jersey and Anguilla have recently found themselves targeted by the OECD [bbc.co.uk].

All this posturing is a front. Anyone who believes that the UK Government isn't afraid of a bit of bad PR doesn't know much about Britain. These guys play hardball and they don't take any shit, as everyone from the IRA to the Israelis have found out.

D.

Re:Hmmm - I reckon we want a server

[warGod3]

Not to instigate anything, but how do we decide on what gets posted? I agree about the DeCSS. But what about people looking for someone to just download copies of "warez"? So, when is /. signing up?

Re:Personal privacy?

[Dyolf Knip]

Cancel the card, get a new one.

Dyolf Knip

--

The container port is not part of Sealand.

[flossie]

The container port that he is referring to is Felixstowe. This is the largest container port in England. I think his arguments run along the (perfectly correct) lines that the UK government is not going to take lightly any potential threat to Felixstowe.

Sealand Homepage

[Ex Machina]

Sealand has a homepage [sealandgov.com]!

Just embargo

[KahunaBurger]

I mentioned this is the questions thread, but it was too late. :(

All this posturing about repeling assaults ignores the more likely question of an embargo or blockade.

Its an artificial island, right? IE, no source of fresh water. He mentioned the recent aquisition of a water purifiyer which allowed them to take showers, the need for pallets of water, and relience on canned goods. Do we need a picture drawn here? If they piss the US and/or UK off badly enough, they may be invaded, or if there is actually any international respect for their supposed soverngty, they'll just be starved out.

However, if they don't piss off any major powers, they shouldn't have a problem, and in spite of the posturing for this crowd, I doubt they will piss anyone off. I don't think they're really "Republic of Texas" delusional.

-Kahuna Burger

Re:Letting the kids play

[Chalst]

I think the point that came across in the interview is that the UK
*could* cut their service, but it would be a very bad thing for the UK
to do from a diplomatic point of view: something they would likely do
only if Sealand represents some kind of military/terrorist threat to
them. Not impossible, but not just a matter of `whimsy'...

I'd be *really* surprised if the UK did act against them. Why are
Havenco's activities more dangerous to the UK than say, the Channel
Islands or the Faroe islands?

Re:Sealand Homepage

[Ex Machina]

Their old page [demon.co.uk] has cool pictures [demon.co.uk] and fun facts [demon.co.uk].

Cracking?

[Hugh Kir]

I noticed that no one asked what would happen if the servers run by HavenCo were cracked. Since
they are on a territory which is not recognized by any of the world's nations, would any legal action
against the cracker be possible, even if said cracker were caught? I think that eletronic
assault against HavenCo is a much more realistic possibility than military action. I wonder
what, if anything, they would be able to do about it, beyond attempting to close whatever
security flaw the cracker had exploited.

Re:Personal privacy?

[EndlessDespair]

I think my point -- which was the larger privacy issue -- is being missed. Let's try some examples besides credit card number. What would you do if you saw posted

• your tax returns
• your medical history
• your arrest record
• a scan of the the default notice the bank sent you once (but no mention of the fact that it was their screwup and totally bogus)
• those other honeymoon photos, long thought lost
• a report tracking your movements
• libel

And so on and so on and so on. My question was really: what would you do if you saw something up there that you felt violated your privacy? I guess that's a subquestion too -- what would violate your privacy -- but that's probably been dealt with elsewhere. What I'm curious about is what people would try to do, given the present situation.

Too easy, try this...

[Reality Master 101]

That one's too easy... you just change your credit card.

Try this: Someone gets a picture of your wife. They Photoshop her face onto various sex poses (lets say a quality job that you couldn't tell was fake), and accompanies them with various rape fantasy stories. All with a name and address.

I think Sealand needs to get a little more of an ethical standard rather than just "child pornography". If they're going to recognize kiddie porn, then they should recognize other forms of abuse as well.

--

Re:Security is laughable

[Bob Uhl]

It was a highly amusing incident in which a Greenpeace fleet was going to `protest' (read: interfere with) nuclear tests. The French sank it. Legally, an act of self-defence against an attacker. Very funny IMHO; that sort of group (left- or right-wing) is just too used to a lack of resistance. People ought to exercise their right to fight back more often.

Can HavenCo Data be Subpoenaed?

[kevin805]

I'd appreciate it if anyone more familiar with the relevant law could comment. It seems to me that if you are asked to produce, for example, your stored email for the past year, "it's in a foreign country and you can't have it" isn't going to go over very well with the judge. Moreover, even refusing to acknowledge that it existed could get you in trouble, if you have the data later on.

If someone tried to run an anonymous remailer from Sealand, couldn't the operator still be subpoenaed? I don't think HavenCo's extranational status really matters, since everyone involved will be present in some country where you can get ahold of them.

--Kevin

ISO code

[Roelof]

The thing I missed in this story is its ISO
code. It all hinges on its sovereignty. Which
in turn depends on more then just one positive
verdict in an English court.

Like, what's Sealand's ISO code? Can we surf
to http://havenco.sd/ or something? If not
then international recognition is still a
way off.

Roelof

Re:Lawsuit defense - haha

[mindstrm]

Sealand is not in 'international waters' anymore. It is in the UK terretorial waters, yet retains it's own independant status.

And as they said, they will not do things to intentionally agitate a foreign government. THey will not host porn, they will not do shit to piss of the UK.

Re:Personal privacy?

[SimonK]

Get a new credit card, I guess, but probably also try to find the person who owns the site. That might be doable throught whois, but more likely would require legal investigation. While HavenCo is probably registered in Anguilla, their peering agreements in the US might make some technical/legal action possible.

Re:Lawsuit defense - haha

[SimonK]

They're not in international waters. Sealand is entirely surrounded by UK territorial waters no these extend to the 12 mile international limit. Sealand is either UK territory, in which case the inhabitants have the right to due process under UK law, or it a sovereign nation, in which case they can do their own thing.

Personally I think their claim to sovereignty is pretty solid, but I can think of plenty of situations where the UK or someone with tacit cooperation from the UK government (to get access to Sealand through UK territorial waters) would choose to brazen it out. From what Ryan says, it looks like they're going to try and avoid provoking anyone too much (for instance, he stresses legal liabiltiy in people's own jurisdictions), and this makes me feel happier about the whole venture than I did before.

Re:defenseless

[ptomblin]

I think the other point to make in this regard is that the British government doesn't so much recognize their soveriegnty as they can't be bothered to kick off a bunch of harmless eccentrics. The minute somebody dies attacking or defending this place, you can bet the Special Boat Squadron or Royal Marine Commandos will be landing in force.

--
A "freaking free-loading Canadian" stealing jobs from good honest hard working Americans since 1997.

Well it doesn't bode well...

[matthew.thompson]

...if he can't even keep his laptop safe and dry what's going to happen when they start using big servers and drop those into the sea ;o)

Re:Personal privacy?

[ottffssent]

Purely in theory, the insurance company cannot hike your rates for unsubstantiated stuff they find on a website. Purely in theory, I don't care what's posted--it's not necessarily true, and any thinking person wouldn't believe it anyway.

Practically, I'd be royally pissed. Credit cards can be cancelled. Other stuff isn't quite so nice to have hanging around, even if you can deny it.

On a more widespread basis though, this might actually be a good thing. Suppose someone were to find somewhere the credit card numbers of all the members of the US House of Representatives and Congress? When they cancel 'em, repeat the post. Ditto for credit, purchases made, etc. In short, suppose someone pissed someone off, not you or I, but someone with real power.

At this point, everyone's going to sue, and HavenCo will have problems (legal or not--strictly speaking, CA courts don't have jurisdiction over DeCSS hosted in other states/countries, yet people keep getting cease and desist orders / lawsuits / etc.). This, I think, would be a poor response. If Havenco gets bankrupted with legal bills (worst case scenario, right?), then someone will step in and take their place. Sealand will likely be shot as a principality (since HavenCo can't be touched without that, right?), but there will always be information-friendly countries around, or those who don't care to enforce 'bad' legislation, for whatever reason.

Ideally, what will happen is that when the legal mud settles back to the ground, HavenCo will still exist, still be raking in the money (huzzah!), and those hundreds of angry powerful people will have to fix their problems in other ways. Since we dealt with the worst cases in the previous scenario, let's go with best cases here. I can see lots of privacy legislation being passed very quickly if a significant portion of the government's powerful people have a lot to gain by it. I'm not talking about 'you can't collect info' laws here: the kind of legislation I'm talking about is something that will touch the core of the issue: that people can get at your sensitive personal information. Hopefully, some fundamental laws: laws mandating good encryption of things like credit reports, financial transactions, medical histories, etc. By good encryption, I mean something like PGP with a long (2K+) key, that would get tougher and tougher as time progresses. There would have to be required authentication of whoever gets this information, as well, since it's not useful to have it encrypted to protect theft if I can easily con a bank teller, for example, into thinking I'm someone I'm not and getting their info.

Hopefully, the first scenario will quickly illustrate that attempting to control information that has become public is futile. For proof of this, just take a look at DeCSS. If the MPAA never talked about it, only those people who need it would have it, and it'd quickly become a lovely piece of software, but few would care, nobody would use it to pirate (duh--better methods exist), and everyone would be happy, except the lawyers. Now, it's splattered across the world, and nobody has a chance in hell of getting it back--so much for damage control. The only other way of keeping private information private is by keeping it private--don't let it get loose in the first place. To do this will require lots of money, lots of smart people, and lots of political muscle, which is why it will only happen if someone in power gets burned by the poor security infrastructure of this (and every other) country.

Wouldn't it be nice if HavenCo did let people post credit card numbers and such? As long as they're not mine, I don't care. We need some way to prod the people in control into action, and this sort of thing ought to do it.

Re:I dunno...

[Ex Machina]

Sweet! I'm not sure all the servers will be below the water line though. all it would take is a stealthy ROV snuggling up to one of the pilings during the night.
Now that I think about it, the conrete most likely has some rebar in it which should shield them some.

Long-term viability.

[The Dodger]

Okay, I have to admit that I'm about a quarter-convinced of HavenCo's SeaLand facility's long-term viability.

However, I still find it "interesting" that they're steadfastly declaring their sovereignty from the UK, and relying upon the UK Government's desire to avoid bad PR to prevent them from interfering with SeaLand, on the one hand, whilst relying upon the Royal Navy to protect them from attack, on the other. Given that a HavenCo employee flying into Heathrow on his way to SeaLand from America was turned back at UK immigration a few weeks back, because he didn't have a UK work permit, I'll be interested in seeing how this actually pans out.

Also, I'd be interested to see what happens if SeaLand's sovereignty ever is contested in a courtroom, or what will happen if a government does order their communications links cut off.

But, if they do succeed in setting up a real, viable datahaven, which can actually host information and services with impunity, then the best of luck to them. I'll probably be one of their customers.

D.

Re:F*** That!!! Somebody start a w4r3z server d00d

[Ex Machina]

I don't think Sealand could withstand the MSDN surgical strike team of crack MSCEs.

Why would the CIA bother?

[daviddennis]

This is why child porn is prohibited in Sealand; they don't want to get the US or UK authorities riled up. I don't know of anything other than that with the potential of making US/UK authorities so riled up as to cause SeaLand to be attacked.

HavenCo is right in saying that it would be a horrorific PR disaster to all concerned. Even if HavenCo put national secrets on the web, the most likely result of trying to censor HavenCo would be to give those secrets even greater spread. Look what happened to the Church of Scientology's "Sacred Secrets" when they went after the ISPs that hosted them.

In practice, HavenCo would most likely cooperate with the US and UK security folks, but not those in Iraq or other oppressive nations, simply because the UK would defend Sealand in defense of its own territorial integrity.

D

----

How nice!

[Ex Machina]

http://www.havenco.com/about_havenco/ ngo.html [havenco.com]

HavenCo is donating free colocation space to Non-Governmental Organizations of our choosing. In general, the types of organizations that we will want to provide hosting for are those that promote free speech promote human rights give a voice to minority and oppressed groups that otherwise may not be heard

Pirate Radio

[nstrug]

During the seventies, there were lots of similar pirate radio stations broadcasting into the UK - however as they were broadcasting from international waters the UK couldn't touch them - they usually waited for them to stray into UK territorial waters to arrest them.

Now the difference here of course, is that in this case the UK chose to observe international law, whereas in the example that you gave the US ignored it.

UK courts have a long history of slapping down the government and the UK would be very wary of failure in court should they launch an action against Sealand.

Nick

Show me the money.

[AtariDatacenter]

He even has some ideas for how you can make a lot of money.

I seemed to have missed this. Where does he discuss this?

More Interviews please!

[Raindeer]

Is it my imagination, or don't we have as many interviews as we did a while ago. I remember that every monday there was an interview and Fridays the answer. That schedule is gone now. I would like to urge the Slashdot guys to go out and get some more interviews.

I dunno...

[Jon Erikson]

Firstly I'd like to say that it's nice that /. has had someone for an interview that is way more intelligent than the average /.er, and has actually thought about how you go about doing some of the things that /.ers go on about in the real world.

Whilst I can't fault his arguments, I wonder if he's ever considered the possibility of more covert assaults? The CIA is well known for attacks on small, relatively defenceless targets that happen to piss them off, and Sealand sounds like a prime example, especially with its "host anything" policy. And the UK isn't going to stop them thanks to the relationship between the two countries.

I think it's quite possible that the US will decide that Sealand is an annoyance that can be easily dealth with, and act again to suppress a foreign group in the name of "national interest".

---
Jon E. Erikson

This is the realm of international politics

[Ian Bicking]

There are specific laws in many countries regarding cutting communications to third-countries or isolated communities, so we are not as worried about cutting service on microwave/fiber links as you are.

Isn't this exactly what was done to Yugoslavia? (initial slashdot article, [slashdot.org]followup [slashdot.org]) The whole situation in Yugoslavia seemed to show how meaningless international law really is if the international powers-that-be want to do something.

Really, international law can't mean much of anything. Law without enforcement isn't really law. And the enforcement of law means an overriding authority with the ability to apply force. This does not exist -- and if it did exist, we'd have merely achieved a world-spanning nation-state. The only international force at the moment is political, not legal, and the UN is only a forum for this political interaction. The UN doesn't hold any real power itself. And at the base of international politics is always war (though it may be under different names).

I hate to seem pessimistic -- I really hope HavenCo makes it -- but if the UK (by itself, or as a proxy for the US) really cares to stop something in Sealand, it will do so. Probably under a pretext, but with the pathetic state of the media even a dumb pretext seems to be enough. Sure, you and I will know that it's bull, but I already know how much lying crap the US government lays out and the government don't seem too worried about me. Aid to Colombia is to fight drugs? Ha. Kosovo was to save Kosovars? Sure. Contras were freedom fighters? Right. Terrorism is a big threat in the US? I'm so scared.

I hope Ryan has read The Prince [bb.com] to get practical advice on the international politics that HavenCo desires to enter. Best of luck.
--

Artificial structure = land?

[hpa]

There seems to me to be one fundamental hole in Sealand's claim of sovereignty: their claim of Sealand as a territory (land). International law principles such as they claim (midline principle, for example) only apply to populated land. However, Sealand, being an artificial structure, could just as easily be qualified as a vessel (ship), in which case it is merely an abandoned, now salvaged, vessel anchored in what was once international waters, and now is British territorial waters. Since Sealand isn't likely to move, it's stuck there.

Ships in international waters are subject to the laws of their country of registry; ships in territorial waters, however, are also subject to the laws of the country in whose territorial waters they are operating.

Felixstowe

[Andy Dodd]

A number of people (including Ryan himself) have mentioned the importance of Felixstowe. Britain isn't going to let ANY armed ship from an even slightly untrusted country near that port. The only non-British armed ship that MIGHT be able to get near Felixstowe would be one belonging to the US Navy. (Since the US and UK trust each other a grat deal.) But the US would most likely not conduct military action against Sealand, it would be a PR nightmare.

Relying on the UK for protection

[tmu]

Fascinating answers. I really appreciated getting the detailed (if somewhat repititious) view of the whole thing.

For me, the most interesting aspect is how much Havenco and Sealand are relying on the UK to protect it's (now) territorial waters and container port for them. This makes complete sense, but it's not something i'd thought of before. It will be very interesting to see how this develops.

Final kvetch: child pornography. This one is just too vague to be enforceable, even within jurisdictions that have a larger body of law to clarify this. If Havenco works out, I think that this clause will cause trouble eventually.

Re:I dunno...

[Ex Machina]

Please. The CIA would fund {Islamic Terrorists, Irish Terrorists, Russian Mafia Goons} to do it for them in exchange for {guns, drugs, money}.

Seriously. I think the most successful attack against a place like this would be EMF type stuff. Are their boxes in Faraday cages (as seen in Enemy of the State).

That also makes me wonder if they plan to shield against Tempest / Van Eck attacks. Although it would seem that anyone listening "Van Eck"-style would be obvious to the isolated Sealanders. Let's not forget that probably don't have equipment for detecting underwater stuff like subs and ROV's. And Tempest would be easy in the North Sea because the Sealanders are the only RF source around. (wow that wandered!)