A Haven For Net Lawbreakers?

By Theo Mullen

Worried about all the attention lawmakers are paying to the Internet these days? Have no fear: A new hosting provider may help you get around any regulation you don't like.

HavenCo, as the venture is called, has established a "data haven" on an abandoned military platform in the North Sea. Built during World War II as an antiaircraft gun battery about six miles west of England, the Þve-story manmade structure now known as the Principality of Sealand is purported to be the world's smallest sovereign territory.

The HavenCo service, in beta now and set to launch commercially in September, is "for those who want to protect their data and keep it private," said company CEO Sean Hastings. Hastings insists that the data center isn't meant to be a haven for criminal activity but adds, in the same breath, that HavenCo offers "unsurpassed physical security from the world, including government subpoenas and search and seizures of equipment and data."V There are only three rules in the HavenCo cyber-fortress: no child porn, no attacks on other sites and no spam. Most anything else is allowed. "As long as there isn't a victim, we don't care what you do," he said.

The First Of Many
Sealand is just the Þrst of many locations that HavenCo has planned. Hastings is currently negotiating with several "Internet-liberty-friendly" countries, most of them small, island nations. Hastings is headquartered in Anguilla, a Caribbean island where his consulting Þrm, IsleByte Inc., has built online bookmaking sites.

HavenCo is launching just as U.S. lawmakers consider new laws covering Internet privacy, taxation and other issues.

HavenCo is just the Þrst of many services of its kind, said Temple Law School professor David Post. "We are going to see a lot of that in the years ahead," Post said. "There have been others, but HavenCo is the Þrst one that I'm aware of that has put it on a T-shirt and said, 'Welcome to the brave new world.'"

But buyer beware. Post and others suggest that HavenCo may not be entirely out of reach of legal authorities. "It is not clear what international law means in this context," Post said. "The issues raised by HavenCo are very difÞcult and very complicated."

Indeed, HavenCo--and the companies that host sites there--may be more vulnerable than they realize, said Jonathan Zittrain, executive director of the Berkman Center for Internet and Society at Harvard Law School.

For instance, companies that contract with HavenCo are subject to the laws of the country in which they operate, Zittrain said. So while U.S. authorities may not be able to seize data on the site or shut it down, they could force a company's hand by going after its people or seizing its assets.

Even so, Zittrain agrees that the growing threat of Internet regulation will spur the development of more services like HavenCo's. "We'll see it in some form, particularly as the price of implementation drops," he said.

Tom Bell, an assistant law professor at Chapman University School of Law and a researcher at the Cato Institute, a libertarian think-tank, also pointed to ways governments can get to HavenCo clients. "If you are already a U.S. company, it is hard for me to see how HavenCo would help you," Bell said. "Take gambling, for instance. If U.S. prosecutors don't like what you are doing, they don't need to þy out to a North Sea platform to shut you down. They'll just drive up to where you are and serve you with a warrant."

But authorities would have to Þgure out who's running the rogue site. HavenCo keeps the identities of its clients conÞdential by request, and Hastings insists that no one can force him to give his clients up, because Sealand is a sovereign nation and not subject to the laws of other countries.

Hastings pointed to a 1960 case in which a U.K. court ruled that Sealand, then called Roughs Tower, was located in international waters and outside U.K. jurisdiction. Sealand was formed later when a retired British military ofÞcer, Roy Bates, occupied the platform in 1969.

But whether Sea-land is truly an independent state is debatable. Many countries say it's not, most notably England, though it hasn't formally challenged the claim.

A spokesman for the British Home OfÞce, the nation's domestic affairs agency, said the independence of Sealand isn't recognized by England. What's more, he said Sealand and HavenCo are subject to any regulation applied to the Internet in the U.K.

That prospect could chill HavenCo's future. The British Parliament is currently considering the Regulation of Investigatory Powers (RIP) bill, a broad measure that would give British authorities, including the legendary secret agency MI5, the power to monitor the activities of Internet users and even intercept e-mail.

The bill, if approved, requires installation of links between Internet service providers and MI5, which operates like the Central Intelligence Agency in the U.S. Even the conservative British Chambers of Commerce and the Institute of Directors (IOD)--a nonpolitical organization with some 68,000 members worldwide--strongly oppose the bill.

Jim Norton, head of IOD e-business policy, said the bill is worrisome to many U.K. companies, especially multinationals that operate mainly in countries that take a more hands-off approach to Internet policy, including Ireland, France, Germany and the U.S.

The RIP measure is exactly what HavenCo is designed to help companies avoid, Hastings said. "This is the kind of regulation that will drive companies where there is no regulation," he said.

However, HavenCo security, if it can withstand the test of a government challenge, doesn't come cheap. Setup fees, which require the purchase of hardware, run about $10,000 in U.S. dollars. One megabit of dedicated bandwidth costs $5,000 per month, while 64 kilobits of dedicated bandwidth runs about $500 per month, Hastings said.

HavenCo is using VA Linux hardware and offers customers a choice of operating systems, including FreeBSD 4.0, Debian, OpenBSD and Red Hat. More options will be added.

HavenCo sends and receives data over a high-speed satellite link today. A buildout of Þber optic links to the U.K. and the Netherlands is scheduled for later this year, Hastings said.

The facility sports redundant power supplies and cooling systems. All hardware is tamper-resistant, designed to protect customer transactions from all possible attackers, including HavenCo and its staff. All transactions take advantage of high-grade encryption to protect against snooping, Hastings said.

HavenCo's CTO is Ryan Lackey, a 21-year-old Massachusetts Institute of Technology dropout who previously developed cryptographic and payment software for a number of start-ups.