It's Baaaaaack: HavenCo Trying Once Again To Bring Encrypted Computing To The Masses, But Not Hosted On Sealand

from the yeah,-good-luck-with-that dept

If you were into digital and cryptography issues a little over a decade ago, you surely remember the debacle of HavenCo, the attempt at a secure data haven hosted on the "micronation" of Sealand (better known as an abandoned platform off the coast of England that some folks "invaded" and claimed as a sovereign nation, which no government recognizes). HavenCo and Sealand was a story the press loved, and the hype level was astounding, followed by the whole project being a complete disaster. Last year, James Grimmelmann wrote a fantastic look-back/post-mortem of HavenCo and an even more detailed and comprehensive legal review paper all about Sealand and HavenCo. If you want the history of all of this, start there. Or, if you want the fictional account of the mindset that went into HavenCo, pick up a copy of Neal Stephenson's Cryptonomicon.

Now, it's being reported that James Bates, grandson of Roy Bates, the "founder" of Sealand, has teamed back up with Avi Freedman, one of the initial funders of HavenCo, to relaunch the project with a focus on bringing data security to the masses. Feel free to insert whatever skepticism you have for this project right now, because you're not alone. To their credit, there are two things that are different this time around. First up, they're not trying to host the data center itself on Sealand, which was a part (just a part!) of the mess the last time around. Instead, they're just using Sealand to host air-gapped machines with encryption keys. The actual data will be encrypted, but hosted elsewhere, including in the US and EU, where they believe it will be safe because of the encryption:
Sealand still plays a role in HavenCo’s new business plan, but this time, Freedman says, HavenCo 2.0's servers are going to be based in the United States and the European Union, not stuffed into the legs of an anti-aircraft platform. (Some of the servers are even in northern Virginia, a couple dozen miles from the NSA's Maryland headquarters.) The company will use the platform to stash cold data (i.e., drives that aren't connected to the internet and don't need to be quickly accessible), including encryption keys. Without the encryption keys, the data stored on the mainland servers is all but useless, and Sealand gives HavenCo enough time to shut down their backup servers and dump the keys. "We're not advertising thermite charges or EMPs," says Freedman, but "it's a less exotic method of making the machine a cold dead box."
Also, they're offering more basic tools for protecting your data, rather than trying to build out an entire utopian offshore data haven:
HavenCo 2.0 has four main components: virtual private networks (VPN), which create private networks over public ones; secure network storage; Least-Authority File System (LAFS) storage, an open-source, decentralized storage system; and web proxying, which allows users to shield their IP address by routing through other servers. The end goal is creating communications and storage that are key-encrypted from start to finish.
Of course, the other big difference this time around is the NSA. Or, more specifically, the recent revelations of what the NSA has been doing. As we've been noting, there's a growing interest in greater online privacy and security, and a number of different services have been popping up lately to help provide that. Of course, that also means a lot more competition for HavenCo, and given the brand's dubious background, they may have significant difficulty getting people to bother signing up.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    icon
    Josh in CharlotteNC (profile), Aug 27th, 2013 @ 11:50am

    Trust my encryption keys sitting on a server in Sealand? I think I'll pass.

    Don't get me wrong, I'm all for a real data haven Cryptonomicon style, but Sealand isn't remotely close. (No UN recognition of soveriegnty, long track record of unstable "government", no independence in energy, finances, or even food supply makes that a no-go.)

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Loki, Aug 27th, 2013 @ 12:20pm

    Re:

    If the NSA is just going to scoop this stuff up anyways, they might as well just go all the way and ask the NSA to host the material at the Utah data center to save on cost and all (after all if the data is that secure, what's to fear, right?).

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous Coward, Aug 27th, 2013 @ 12:43pm

    Encryption Keys

    If you do not manage your own keys then you do not know when they are compromised. With your own keys, any cloud storage is as good as any other for off site backup.
    This is another case of compromised security for convenience.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Anonymous Coward, Aug 27th, 2013 @ 1:16pm

    "If you were into digital and cryptography issues a little over a decade ago, you surely remember the debacle of HavenCo, the attempt at a secure data haven hosted on the "micronation" of Sealand (better known as an abandoned oil platform off the coast of England that some folks "invaded" and claimed as a sovereign nation (which no government recognizes)."

    Seriously? First paragraph and the article is already almost unsalvagable.

    There's a missing ) in there somewhere. Also, Sealand is not on an abandoned oil platform. It is actually on something called a Maunsell Fort, a military offshore structure from the times of the WWII, primarily designed to house anti-aircraft defenses.

    I'll save you the trouble of doing some basic research, "journalist", and provide some useful links.

    http://en.wikipedia.org/wiki/Principality_of_Sealand
    http://en.wikipedia.org/wiki/Maunsel l_Forts

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    hans, Aug 27th, 2013 @ 1:23pm

    Is the metadata encrypted as well? Thank you in advance!

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Jim K, Aug 27th, 2013 @ 1:42pm

    Haven CO- Sealand

    Any chance the NSA or a British Intelligence agency is behind it. This way you have a stream of data people want to keep secret, so a higher percentage of it might be of interest to Intelligence agencies.

     

    reply to this | link to this | view in thread ]

  7.  
    icon
    DannyB (profile), Aug 27th, 2013 @ 2:54pm

    Re: Encryption Keys

    It is past 10:00 PM. Do you know where your cryptographic keys are?

     

    reply to this | link to this | view in thread ]

  8.  
    icon
    Avi Freedman (profile), Aug 27th, 2013 @ 10:00pm

    Re: metadata

    Using LAFS for file storage, the metadata is encrypted as well - so HavenCo or any other LAFS-based operator wouldn't know exactly what chunks of data go with what files. There are downsides to that - file consistency can't be checked since we don't know what chunks go with what files, and what files or directories go with what parent directories.

    With the S3-compatible offering, metadata is not encrypted as well. When users enable AES-256 on clients such as Cyberduck or SME, the contents and name of the files/objects are encrypted, but we do have the ciphertext (encrypted data) grouped by file.

     

    reply to this | link to this | view in thread ]

  9.  
    icon
    Avi Freedman (profile), Aug 27th, 2013 @ 10:04pm

    Re: encryption keys on Sealand

    Actually, the idea about key storage specifically is to be able to store encrypted copies of your keys (that HavenCo doesn't have the ability to decrypt) in case you lose them.

    Somewhat like the keys or boot disks you get with drive encryption software.

    This becomes particularly important (or, has been an asked for augment to the offering) with LAFS, since the file *name* ("capability") in LAFS has the decryption key as part of it. So for users not already running drive encryption, they need to store those names on an encrypted partition or in an encrypted file.

    Could be done by users on S3, a google doc, email to gmail or elsewhere, but people have asked for it as part of a service.

     

    reply to this | link to this | view in thread ]

  10.  
    icon
    nasch (profile), Aug 28th, 2013 @ 8:59am

    Re: Encryption Keys

    If you do not manage your own keys then you do not know when they are compromised.

    If you encrypt your private key using your public key and then store it off site, that's perfectly safe. If you don't trust that nobody can get your key that way, then you don't trust your encryption anyway and shouldn't be using it for anything important. Right?

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This