Right, that's the AUP I wrote in 1999/2000. and additional clarification added by me in September 2001 (after some initial grumbling about potentially hosting an mp3 indexing server).
It's not been ammended on the website, but no longer is the sole set of restrictions which apply to customers; customers who fully comply with that AUP have been turned away. No one was more annoyed by this than me, or continues to be annoyed by non-updating of the website.
Come to my talk at Defcon for details; I'll put up a website after with info as well.
That's the site of someone pissed off at the Bates family (Prince Roy and Prince Michael) for offering and then withdrawing an offer to flag a pirate radio ship as a broadcast station off the US, from what I was told. I never really did get the straight story on that or some previous business dealings involving Sealand, though.
Really, if you're interested in this, you should come to my talk at Defcon 11, where all will be revealed (http://www.defcon.org/)
Yep. I'd be happy to do a slashdot interview or write something for people to link to about this, either before or after defcon.
There is still hope for secure hosting -- I'm doing distributed hardware tamper-resistant location in a multiplicity of jurisdictions, which I think is ultimately a much better solution.
Sealand is still physically there, but I'd no longer consider HavenCo a "data haven" after the events in 2002 and 2003.
I think the best part of a conference like this is meeting people with whom you've talked online for years -- they were quite interesting, as were the new people I met at the conference.
H2K2 definitely had a more activist/political slant, vs. purely technical like blackhat/defcon, or commercial like RSA, or academic/mathematical like the IACR conferences. It's nice to have such a range. H2K2 was probably the best conference I've ever attended in the US, although HAL2001 in Holland was more unique -- being in a field with even more hackers, faster network connection, and the special goodness of Holland is pretty much ideal.
I host DeCSS on Sealand. It was reported in New Scientist. It had all of...8 hits?
Re:Za hosts their ccTLD dns servers on sealand
on
HavenCo Doing Well
·
· Score: 2
Please provide a reference for this. I would be very interested.
As far as I can tell, some lame ZA reporter reported this story without doing any research whatsoever (or simply fabricating it entirely), assuming that since Sealand is far away, no one would ever check the facts.
9:13@atreides:~% whois =ZA
Domain Name: ZA
Registrar: NETWORK SOLUTIONS, INC.
Whois Server: whois.networksolutions.com
Referral URL: http://www.networksolutions.com
Name Server: APIES.FRD.AC.ZA
Name Server: AUTH00.NS.UU.NET
Name Server: HIPPO.RU.AC.ZA
Name Server: MUNNARI.OZ.AU
Name Server: NS.RIPE.NET
Name Server: RAIN.PSG.COM
Name Server: UCTHPX.UCT.AC.ZA
Name Server: NS-EXT.VIX.COM
Name Server: FLAG.EP.NET
Updated Date: 06-jun-2002
Feel free to resolve on those nameservers; AFAIK none is hosted on Sealand.
We get lots of publicity and wait for people to mail us. We also have resellers in key industries like gaming, but mainly we have smaller customers and consultants who send referrals. Lots of regular gaming, payment systems, etc. companies use our service.
It's mainly word of mouth; we don't really actively try to sell or market.
I'd be happy to have a p2p system as a customer, but the best ones, like MNet, are the ones which have the least need for centralized servers in the first place.
Those pics were taken by the reporter for Wired who visited in March 2000; also my first visit to Sealand. This was before we completely rebuilt the infrastructure and interior.
The interior of Sealand now is pretty much the same as a regular commercial or light industrial building anywhere else. Carpet in the bedrooms and living room, even.
There were actually 200-300 soldiers (sailors, actually...it was Royal Navy, although the Army had forts up the Thames).
They had 2 x 3.7" mounts, which require gun teams of maybe 20-30 people each (manually load ammo, etc.). They had some 40mm bofors (2 or 4) which require 5-10 per gun crew. They had radar, and some light AA (1" or.50) which require 2-5 each.
Plus, support, damage control, officers, cargo, medical, etc. Naval ships have always been oversupplied with people so they can continue fighting even with casualties -- compare a supertanker (crew of 30-50) and a carrier (crew of 5000)...not all of those people are needed for direct operations all the time.
I'm sure it sucked when there were 200-300 people here, but they did live here.
There were a few minor inaccuracies in the article; we don't actually host the Tibet Online site (we were going to, but it was just an organizational confusion, and it ended up not happening); we don't rely exclusively on satellite; etc.
I'm going to be at H2K2 in NYC and at DEF CON X in Vegas. Avi Freedman and I are speaking about HavenCo at H2K2; I'm doing something else at DC X:) I actually get to go to Burning Man this year, too, heh.
Basically, we're now at the point where the company is entirely self-sustaining and growing financed by revenues, which is ideal; we had to put off some interesting stuff earlier due to lack of time and other resources, but we can finally move forward on these things. (Everything is basically automated, too, which is always good -- I'm considering releasing some of our colo management software under GPL later this year)
Our policy about what we'll host is unchanged; basically anything goes, as long as it doesn't endanger our network connectivity (it's unlikely anyone will invade/destroy Sealand, far more likely they'd get our addresses blocked at a bunch of routers in various countries). Spam and hacking would get us blocked by network admins themselves, so we prohibit those; child porn would too, so we prohibit that. If we were hosting alqaedaunlimited.com or something, we would probably be forced to shut down the server, but since this would destroy the contents, it's really no worse for a site operator than a permanent DoS attack. (we actually have no "shady" customers of any kind, since they would tend to just use a cheap server somewhere with a stolen credit card or something, or keep their servers on their own premises -- also, they tend to use consumer services, which we don't offer.)
As for a betting pool on HavenCo/Sealand's survival, this is a great idea. I'd suggest using a system like ideosphere if you're not interested in doing it for money; otherwise, I'd be happy to host such a service:) Would need to come up with precisely measurable conditions, specify a judge, etc. I suppose I already have a pretty large bet down in favor of "will survive 10+ years".
We're mostly using Appro 1124i servers (good quality 1U), although we've got a fair amount of Sun and some other stuff. I am looking at blades, and it might be a way to offer a USD 300-500 low-end server, with fully metered bandwidth (such that if you max out the server, it costs you more than a 1U, but for a small site, it's cheaper).
One of the other 2002-2003 projects is bringing in a BIG pipe so our bandwidth cost drops to US carrier prices, + $50/Mbps or so. (Right now, we have 25-50% capacity utlization, selling 256Kbps to each customer, with very little oversell; however, our cost on the bandwidth we do have is pretty high per megabit, so bandwidth is actually a loss for us.) We could then host huge data archives, porn sites, streaming audio and video (non-multicast, a bunch of unicast streams), news servers, etc. The main thing I need to do for that is get 500-750 Mbps of customers signed up ahead of time for the link; it should be about 4 x 10 Gbps initial link capacity, so you guess what tech it is:) Total cost for that is probably about USD 1-2m, but we don't want to kill our short term cashflow to do it, so we might have to wait a while, unless we get extra funds from investment or customers for the service.
HavenCo + infinite bandwidth would be really exciting -- the tax and physical security advantages alone would be enough to make moving servers out there worthwhile, if the price is the same as anywhere else.
There are procedures which have withstood legal challenges for offshore trusts and their records which we follow with the systems administration of the mail servers.
The overarching principle is that the party having received the subpoena is not capable of taking the action, and does not contribute to the action being prevented.
The analogy with trusts is a good one; basically, the onshore party is *unable*, not *unwilling* to comply with the request, having ceded authority to an outside party. When you enter into a trust you no longer have ownership or control of the assets, which is why they are legally distinct from your own in the case of subsequent legal action.
The US's trust-busting is primarily focused on tax and criminal investigations, and requires the cooperation of the offshore jurisdictions in which the trusts are domiciled. Sealand Law would make it illegal for the Sealand Government or HavenCo to comply with any requests for the data.
It is certainly within a judge's powers to approve a discovery motion bringing in all PCs in a company to scan for files, but if the company has a policy (regardless of what it is), and then convinces the judge that it follows that policy, the judge will then only approve discovery motions which are likely to produce decent results based on the interpretation of that policy (weighed against business costs in complying with that motion).
If an offshore party refused to assist the subpoenaed party in taking an action, the onshore party would NOT be in contempt of court, provided he could not take the action alone anyway, and provided he had not instructed the offshore party to destroy documents or whatever after the subpoena was received (but rather, the offshore party continued to operate under a pre-existing contract presented to the court), the CEO would not be in jail.
(Certainly this was true some time ago. The RIP Act in the UK may complicate things for those in the UK, and there might be civil lawsuits against the company for contracting with a non-cooperative offshore party in the first place, but this is far less than the original case)
As for liability on the part of HavenCo for continuing to respect a lawful contract even once our counterparty has legal difficulty in another country -- perhaps. As far as I can tell there is not a lot of precedent here. The Sealand Government would presumably receive legal requests from overseas governments; it would be a violation of Sealand Law to comply with them. The analogy is offshore trusts, where if a doctor for instance is sued for malpractice in the US, the offshore trust will not turn over assets, which has been tested repeatedly. The US specifically has engaged in "trust busting" with respect to fraudulent forms of trusts used for tax evasion, but the general concept of trust is respected greatly in most other common law countries, and aside from tax issues and criminal investigations, in the US as well.
Yes, this is definitely an interesting legal area which hopefully will have some precedents set in the next 10 years.
The employees of a company would first receive a subpoena in the discovery process to turn over all relevant mail. If the employees refuse to comply, they will be found in contempt and locked up indefinitely.
However, they can only comply if they are technically capable of complying. It is not contempt to say "that document was shredded a year ago in accordance with our published retention policy", if the document was actually shredded. If recovering mail is blocked by a systems administrator located outside the jurisdiction at hand, then it would be technically impossible for users to recover the mail, and then they would be ok.
It would not be acceptable for someone who receives a subpoena to delete his own key locally and thus lose access; that would be considered a willful obstruction of the legal process. But it is perfectly acceptable for an overseas party not named on the subpoena (or not served) to take arbitrary actions, and it's acceptable for a company to contract with an offshore agent to undertake security monitoring of a site and lock off access in the event of any suspicious activity.
(I would be amused if these slashdot postings themselves ended up in testimony when we finally have a test case on the email servers)
Yes. Most of our clients for email use secure imap with mail kept on the server, or use web-based mail systems (which offer ticketing and other features as well)
The ultimate system would involve secure laptops with no local unencrypted state -- using RAM for cache, and/or encrypted disk, but requiring connections to a non-US location to unlock the encrypted disk each time the machine is used. You could easily replicate the unlock servers for fault tolerance, and with a cell modem you can easily get a few hundred bytes exchanged from almost anywhere. Desktops and local servers could be handled the same way -- no local unencrypted state when powered off, and no way to unlock them without positive assistance from outside the jurisdiction, which would be revoked if there is evidence of an attack.
Employees will use them against their employers, but the much larger risk is outside discovery motions. The Microsoft trial was a good example -- none of the Microsoft employees whose email was subpoenaed benefitted from that. When the really-bad-attitude list was taken from Netscape, none of the list members really wanted that, either.
There are threats from inside and threats from outside, and having a document retention (==destruction) policy will protect against outside threats. It will not protect against employees blackmailing their employers.
However, if an employee keeps copies of mail in violation of a document retention policy, that employee can be sued separately. I imagine federal whistleblower laws might offer some protection, but in the case of a civil suit between companies, if an employee maintains a banned archive and then sells access to that archive to the other company's legal team, the employee is likely to suffer.
(Disclaimer: I'm cofounder and cto of HavenCo, an offshore colo and supporting services company on Sealand)
This is one of the main reasons people put email servers offshore now, even if they're operating onshore. This got started with HavenCo's gaming clients, but we now have general-purpose mail server customers who just want to company with their existing onshore document retention policies without the risk of someone subpoenaing their mail server and then trying to recover the disk.
One of the features I'm working on now is some basic intelligence to detect out-of-character behavior by a mail server client -- such as attempting to download all messages, which would indicate they've been subpoenaed. If that happens, then we would attempt to contact the customer and get positive confirmation that they are *not* being investigated before allowing the transaction to continue. It's a trade-off between allowing normal function and protecting against legal attacks.
Perhaps an extension of normal document retention policies for companies can be to keep them locally for 3-6 months, then move them to offshore "cold storage" where they will only be released when the offshore agent holding the files is certain a request is not due to legal duress. Trade a bit of latency for a lot of security, and otherwise the documents get destroyed anyway.
Either Bram or Len abused the hosting which was provided to codecon on the basis of "information about CodeCon, text-only" to host large files of non-open-source software. I have removed the files, please get them from a mirror.
Anyone who gets free service and then abuses the terms of service under which that service is provided really has little right to complain when their access is permanently deleted.
Paying customers are certainly welcome to use their full available bandwidth. CodeCon is hosted for free, as it was originally an idea a few of us on OPN were discussing and originally organizing.
I've been using these for a long time (6200 dual-port in hardware-mirror, up to the 8-port cards for large disk configs), and they're very fast and reliable. Cheap, too.
$500 for an 8-port 64-bit RAID controller, looking to the host like a single scsi device per logical volume, seems like the best deal available. Along with a motherboard with sufficient slots for gig-e and these cards (easy to get 4 64-bit slots...maybe you can get more with 3-4 buses), and a 4U rackmount case with 16 drive bays, and you can have 4U of rackmount storage for $5k, too.
I've been using setups like this for clients, as well as for private file storage (divx, mp3, backups, etc.), and know of people using them for USENET news servers (one of the most demanding unix apps for reasonably priced hardware).
It goes without saying you want a journaled file system or softupdates when you have disks this size, and ideally keep them mounted read-only, and divided into smaller partitions, whenever possible. e2fsck on a 300GB partition with hundred of open files is painful.
I went to this during the summer -- I was one of the semi-finalists for HavenCo in Entrepreneurship. There were some very interesting people there -- not really any of the "big names" in the business/tech categories who won, but lots of interesting people from the media, law, etc. I met only one other person under 40, though.
My personal favorite is the University of Surrey's satellite center -- I think constellations of LEO microsatellites, using packet-switching, are going to be one of the most interesting technologies in the next 20 years. There are some ways to get the costs down to the point where you could have flatrate global email from an LEO constellation for about as much as US nationwide 2-way pager coverage, which may not seem like much, but when applied to non-human operations like trucks, containers, etc. sending telemetry, it's very exciting.
Amazingly, for a country originally populated by convicts, Australia seems to be outpacing the US for the honor of being the worst western country in terms of individual liberty (UK, US, AU...it's a three horse race I think). If it were me in that part of the world, I'd pick New Zealand. Unless I were serving AU-domestic customers specifically, I see no reason anyone would colo there; they might as well at least use the US where things are cheap.
Nice specifications, though. A single generator for on-site power is probably a bad idea, though, even with 2 substation feeds; any outage which could take down a substation could easily be system-wide, and some of those take a long time to restore. Witness the 9-11 situation where 111 8th and 60 Hudson (2 of the 3 important NYC carrier facilities) were on extended generators). 111 8th's generator 1) ran out of fuel 2) didn't start due to dust clogging the air filters. And powering up a 2MW diesel every 6 weeks for testing is also bad; should be done weekly or better.
I think it's rather telling that no one is building out bare colos like Exodus, Frontier GlobalCenter, etc. did back in the mid-1990s; there's a glut of raw space except in very specific markets. Managed services or differentiation (by security, expansion of over-capacity carrier hotels, low pricing, etc.), but not by massive up-front capital spending.
Despite plans to go to Amsterdam and Berlin for xmas/nye, I've ended up working, due to other staff being unavailable. I'm not bitter though:)
I'm working on some code which should be very interesting in 4-6 months...bigger than HavenCo!:) So now I get to work on it sitting here in a warm, stationary office, vs. on a bumpy train with a GSM modem.
I actually had the idea several years ago, when tangentially involved with a ccTLD commercialization project, to auction domain names in a "virgin" domain on a first-come, first-serve, reverse auction basis. I'm sure others have as well -- auctions are a standard way to distribute scarce resources, like RF spectrum.
On day one, offer any available name for USD 100m. (first come first-serve intraday). Second day, USD 50m. Third, USD 25m...
Certainly there would be few/no sales at the higher price, but at some point, domains like "anal.*" would go for a high price. And single-letter domains. I like this system because it allows users to decide what domains are valuable, and whoever values the domain the highest, gets it. It really seems like the only fair way to distribute the resource.
It's better to do reverse vs. forward auction because otherwise bidding for popular domains could drag out for some time. Forward auction might increase prices if there is a "bidding war". Some of the details can be tweaked.
However, it's unclear if this kind of sale would be ok with ICANN (or at the time, IANA). Not that it particularly matters; they're pretty much morally bankrupt at this point, and if the proceeds went to the country involved, I doubt they could successfully protest.
If anyone with a ccTLD wants to do this, please email me, I'd be happy to set it up for you, I have the code:)
Slashdot Mirror
Right, that's the AUP I wrote in 1999/2000. and additional clarification added by me in September 2001 (after some initial grumbling about potentially hosting an mp3 indexing server).
It's not been ammended on the website, but no longer is the sole set of restrictions which apply to customers; customers who fully comply with that AUP have been turned away. No one was more annoyed by this than me, or continues to be annoyed by non-updating of the website.
Come to my talk at Defcon for details; I'll put up a website after with info as well.
That's the site of someone pissed off at the Bates family (Prince Roy and Prince Michael) for offering and then withdrawing an offer to flag a pirate radio ship as a broadcast station off the US, from what I was told. I never really did get the straight story on that or some previous business dealings involving Sealand, though.
Really, if you're interested in this, you should come to my talk at Defcon 11, where all will be revealed (http://www.defcon.org/)
Yep. I'd be happy to do a slashdot interview or write something for people to link to about this, either before or after defcon.
There is still hope for secure hosting -- I'm doing distributed hardware tamper-resistant location in a multiplicity of jurisdictions, which I think is ultimately a much better solution.
Sealand is still physically there, but I'd no longer consider HavenCo a "data haven" after the events in 2002 and 2003.
I think the best part of a conference like this is meeting people with whom you've talked online for years -- they were quite interesting, as were the new people I met at the conference.
H2K2 definitely had a more activist/political slant, vs. purely technical like blackhat/defcon, or commercial like RSA, or academic/mathematical like the IACR conferences. It's nice to have such a range. H2K2 was probably the best conference I've ever attended in the US, although HAL2001 in Holland was more unique -- being in a field with even more hackers, faster network connection, and the special goodness of Holland is pretty much ideal.
http://decss.venona.com/
I host DeCSS on Sealand. It was reported in New Scientist. It had all of...8 hits?
Please provide a reference for this. I would be very interested.
As far as I can tell, some lame ZA reporter reported this story without doing any research whatsoever (or simply fabricating it entirely), assuming that since Sealand is far away, no one would ever check the facts.
9:13@atreides:~% whois =ZA
Domain Name: ZA
Registrar: NETWORK SOLUTIONS, INC.
Whois Server: whois.networksolutions.com
Referral URL: http://www.networksolutions.com
Name Server: APIES.FRD.AC.ZA
Name Server: AUTH00.NS.UU.NET
Name Server: HIPPO.RU.AC.ZA
Name Server: MUNNARI.OZ.AU
Name Server: NS.RIPE.NET
Name Server: RAIN.PSG.COM
Name Server: UCTHPX.UCT.AC.ZA
Name Server: NS-EXT.VIX.COM
Name Server: FLAG.EP.NET
Updated Date: 06-jun-2002
Feel free to resolve on those nameservers; AFAIK none is hosted on Sealand.
We get lots of publicity and wait for people to mail us. We also have resellers in key industries like gaming, but mainly we have smaller customers and consultants who send referrals. Lots of regular gaming, payment systems, etc. companies use our service.
It's mainly word of mouth; we don't really actively try to sell or market.
I'd be happy to have a p2p system as a customer, but the best ones, like MNet, are the ones which have the least need for centralized servers in the first place.
Indeed, that is the 1982 convention.
Sealand was declared in 1967.
Those pics were taken by the reporter for Wired who visited in March 2000; also my first visit to Sealand. This was before we completely rebuilt the infrastructure and interior.
The interior of Sealand now is pretty much the same as a regular commercial or light industrial building anywhere else. Carpet in the bedrooms and living room, even.
There were actually 200-300 soldiers (sailors, actually...it was Royal Navy, although the Army had forts up the Thames).
.50) which require 2-5 each.
They had 2 x 3.7" mounts, which require gun teams of maybe 20-30 people each (manually load ammo, etc.). They had some 40mm bofors (2 or 4) which require 5-10 per gun crew. They had radar, and some light AA (1" or
Plus, support, damage control, officers, cargo, medical, etc. Naval ships have always been oversupplied with people so they can continue fighting even with casualties -- compare a supertanker (crew of 30-50) and a carrier (crew of 5000)...not all of those people are needed for direct operations all the time.
I'm sure it sucked when there were 200-300 people here, but they did live here.
There were a few minor inaccuracies in the article; we don't actually host the Tibet Online site (we were going to, but it was just an organizational confusion, and it ended up not happening); we don't rely exclusively on satellite; etc.
:) I actually get to go to Burning Man this year, too, heh.
:) Would need to come up with precisely measurable conditions, specify a judge, etc. I suppose I already have a pretty large bet down in favor of "will survive 10+ years".
:) Total cost for that is probably about USD 1-2m, but we don't want to kill our short term cashflow to do it, so we might have to wait a while, unless we get extra funds from investment or customers for the service.
I'm going to be at H2K2 in NYC and at DEF CON X in Vegas. Avi Freedman and I are speaking about HavenCo at H2K2; I'm doing something else at DC X
Basically, we're now at the point where the company is entirely self-sustaining and growing financed by revenues, which is ideal; we had to put off some interesting stuff earlier due to lack of time and other resources, but we can finally move forward on these things. (Everything is basically automated, too, which is always good -- I'm considering releasing some of our colo management software under GPL later this year)
Our policy about what we'll host is unchanged; basically anything goes, as long as it doesn't endanger our network connectivity (it's unlikely anyone will invade/destroy Sealand, far more likely they'd get our addresses blocked at a bunch of routers in various countries). Spam and hacking would get us blocked by network admins themselves, so we prohibit those; child porn would too, so we prohibit that. If we were hosting alqaedaunlimited.com or something, we would probably be forced to shut down the server, but since this would destroy the contents, it's really no worse for a site operator than a permanent DoS attack. (we actually have no "shady" customers of any kind, since they would tend to just use a cheap server somewhere with a stolen credit card or something, or keep their servers on their own premises -- also, they tend to use consumer services, which we don't offer.)
As for a betting pool on HavenCo/Sealand's survival, this is a great idea. I'd suggest using a system like ideosphere if you're not interested in doing it for money; otherwise, I'd be happy to host such a service
We're mostly using Appro 1124i servers (good quality 1U), although we've got a fair amount of Sun and some other stuff. I am looking at blades, and it might be a way to offer a USD 300-500 low-end server, with fully metered bandwidth (such that if you max out the server, it costs you more than a 1U, but for a small site, it's cheaper).
One of the other 2002-2003 projects is bringing in a BIG pipe so our bandwidth cost drops to US carrier prices, + $50/Mbps or so. (Right now, we have 25-50% capacity utlization, selling 256Kbps to each customer, with very little oversell; however, our cost on the bandwidth we do have is pretty high per megabit, so bandwidth is actually a loss for us.) We could then host huge data archives, porn sites, streaming audio and video (non-multicast, a bunch of unicast streams), news servers, etc. The main thing I need to do for that is get 500-750 Mbps of customers signed up ahead of time for the link; it should be about 4 x 10 Gbps initial link capacity, so you guess what tech it is
HavenCo + infinite bandwidth would be really exciting -- the tax and physical security advantages alone would be enough to make moving servers out there worthwhile, if the price is the same as anywhere else.
There are procedures which have withstood legal challenges for offshore trusts and their records which we follow with the systems administration of the mail servers.
The overarching principle is that the party having received the subpoena is not capable of taking the action, and does not contribute to the action being prevented.
The analogy with trusts is a good one; basically, the onshore party is *unable*, not *unwilling* to comply with the request, having ceded authority to an outside party. When you enter into a trust you no longer have ownership or control of the assets, which is why they are legally distinct from your own in the case of subsequent legal action.
The US's trust-busting is primarily focused on tax and criminal investigations, and requires the cooperation of the offshore jurisdictions in which the trusts are domiciled. Sealand Law would make it illegal for the Sealand Government or HavenCo to comply with any requests for the data.
It is certainly within a judge's powers to approve a discovery motion bringing in all PCs in a company to scan for files, but if the company has a policy (regardless of what it is), and then convinces the judge that it follows that policy, the judge will then only approve discovery motions which are likely to produce decent results based on the interpretation of that policy (weighed against business costs in complying with that motion).
If an offshore party refused to assist the subpoenaed party in taking an action, the onshore party would NOT be in contempt of court, provided he could not take the action alone anyway, and provided he had not instructed the offshore party to destroy documents or whatever after the subpoena was received (but rather, the offshore party continued to operate under a pre-existing contract presented to the court), the CEO would not be in jail.
(Certainly this was true some time ago. The RIP Act in the UK may complicate things for those in the UK, and there might be civil lawsuits against the company for contracting with a non-cooperative offshore party in the first place, but this is far less than the original case)
As for liability on the part of HavenCo for continuing to respect a lawful contract even once our counterparty has legal difficulty in another country -- perhaps. As far as I can tell there is not a lot of precedent here. The Sealand Government would presumably receive legal requests from overseas governments; it would be a violation of Sealand Law to comply with them. The analogy is offshore trusts, where if a doctor for instance is sued for malpractice in the US, the offshore trust will not turn over assets, which has been tested repeatedly. The US specifically has engaged in "trust busting" with respect to fraudulent forms of trusts used for tax evasion, but the general concept of trust is respected greatly in most other common law countries, and aside from tax issues and criminal investigations, in the US as well.
Yes, this is definitely an interesting legal area which hopefully will have some precedents set in the next 10 years.
The employees of a company would first receive a subpoena in the discovery process to turn over all relevant mail. If the employees refuse to comply, they will be found in contempt and locked up indefinitely.
However, they can only comply if they are technically capable of complying. It is not contempt to say "that document was shredded a year ago in accordance with our published retention policy", if the document was actually shredded. If recovering mail is blocked by a systems administrator located outside the jurisdiction at hand, then it would be technically impossible for users to recover the mail, and then they would be ok.
It would not be acceptable for someone who receives a subpoena to delete his own key locally and thus lose access; that would be considered a willful obstruction of the legal process. But it is perfectly acceptable for an overseas party not named on the subpoena (or not served) to take arbitrary actions, and it's acceptable for a company to contract with an offshore agent to undertake security monitoring of a site and lock off access in the event of any suspicious activity.
(I would be amused if these slashdot postings themselves ended up in testimony when we finally have a test case on the email servers)
Yes. Most of our clients for email use secure imap with mail kept on the server, or use web-based mail systems (which offer ticketing and other features as well)
The ultimate system would involve secure laptops with no local unencrypted state -- using RAM for cache, and/or encrypted disk, but requiring connections to a non-US location to unlock the encrypted disk each time the machine is used. You could easily replicate the unlock servers for fault tolerance, and with a cell modem you can easily get a few hundred bytes exchanged from almost anywhere. Desktops and local servers could be handled the same way -- no local unencrypted state when powered off, and no way to unlock them without positive assistance from outside the jurisdiction, which would be revoked if there is evidence of an attack.
Employees will use them against their employers, but the much larger risk is outside discovery motions. The Microsoft trial was a good example -- none of the Microsoft employees whose email was subpoenaed benefitted from that. When the really-bad-attitude list was taken from Netscape, none of the list members really wanted that, either.
There are threats from inside and threats from outside, and having a document retention (==destruction) policy will protect against outside threats. It will not protect against employees blackmailing their employers.
However, if an employee keeps copies of mail in violation of a document retention policy, that employee can be sued separately. I imagine federal whistleblower laws might offer some protection, but in the case of a civil suit between companies, if an employee maintains a banned archive and then sells access to that archive to the other company's legal team, the employee is likely to suffer.
(Disclaimer: I'm cofounder and cto of HavenCo, an offshore colo and supporting services company on Sealand)
This is one of the main reasons people put email servers offshore now, even if they're operating onshore. This got started with HavenCo's gaming clients, but we now have general-purpose mail server customers who just want to company with their existing onshore document retention policies without the risk of someone subpoenaing their mail server and then trying to recover the disk.
One of the features I'm working on now is some basic intelligence to detect out-of-character behavior by a mail server client -- such as attempting to download all messages, which would indicate they've been subpoenaed. If that happens, then we would attempt to contact the customer and get positive confirmation that they are *not* being investigated before allowing the transaction to continue. It's a trade-off between allowing normal function and protecting against legal attacks.
Perhaps an extension of normal document retention policies for companies can be to keep them locally for 3-6 months, then move them to offshore "cold storage" where they will only be released when the offshore agent holding the files is certain a request is not due to legal duress. Trade a bit of latency for a lot of security, and otherwise the documents get destroyed anyway.
Either Bram or Len abused the hosting which was provided to codecon on the basis of "information about CodeCon, text-only" to host large files of non-open-source software. I have removed the files, please get them from a mirror.
Anyone who gets free service and then abuses the terms of service under which that service is provided really has little right to complain when their access is permanently deleted.
Paying customers are certainly welcome to use their full available bandwidth. CodeCon is hosted for free, as it was originally an idea a few of us on OPN were discussing and originally organizing.
I've been using these for a long time (6200 dual-port in hardware-mirror, up to the 8-port cards for large disk configs), and they're very fast and reliable. Cheap, too.
$500 for an 8-port 64-bit RAID controller, looking to the host like a single scsi device per logical volume, seems like the best deal available. Along with a motherboard with sufficient slots for gig-e and these cards (easy to get 4 64-bit slots...maybe you can get more with 3-4 buses), and a 4U rackmount case with 16 drive bays, and you can have 4U of rackmount storage for $5k, too.
I've been using setups like this for clients, as well as for private file storage (divx, mp3, backups, etc.), and know of people using them for USENET news servers (one of the most demanding unix apps for reasonably priced hardware).
It goes without saying you want a journaled file system or softupdates when you have disks this size, and ideally keep them mounted read-only, and divided into smaller partitions, whenever possible. e2fsck on a 300GB partition with hundred of open files is painful.
They selected semi-finalists in early 2001 and distributed them for voting april-may 2001; the awards were in June 2001 I think.
Napster was still big in a lot of people's minds, especially journalists, in early 2001.
Nature, one of the sponsors, just published info now; I guess because it was a year-end thing. Also, they probably have a 3 month leadtime anyway.
I went to this during the summer -- I was one of the semi-finalists for HavenCo in Entrepreneurship. There were some very interesting people there -- not really any of the "big names" in the business/tech categories who won, but lots of interesting people from the media, law, etc. I met only one other person under 40, though.
My personal favorite is the University of Surrey's satellite center -- I think constellations of LEO microsatellites, using packet-switching, are going to be one of the most interesting technologies in the next 20 years. There are some ways to get the costs down to the point where you could have flatrate global email from an LEO constellation for about as much as US nationwide 2-way pager coverage, which may not seem like much, but when applied to non-human operations like trucks, containers, etc. sending telemetry, it's very exciting.
Amazingly, for a country originally populated by convicts, Australia seems to be outpacing the US for the honor of being the worst western country in terms of individual liberty (UK, US, AU...it's a three horse race I think). If it were me in that part of the world, I'd pick New Zealand. Unless I were serving AU-domestic customers specifically, I see no reason anyone would colo there; they might as well at least use the US where things are cheap.
Nice specifications, though. A single generator for on-site power is probably a bad idea, though, even with 2 substation feeds; any outage which could take down a substation could easily be system-wide, and some of those take a long time to restore. Witness the 9-11 situation where 111 8th and 60 Hudson (2 of the 3 important NYC carrier facilities) were on extended generators). 111 8th's generator 1) ran out of fuel 2) didn't start due to dust clogging the air filters. And powering up a 2MW diesel every 6 weeks for testing is also bad; should be done weekly or better.
I think it's rather telling that no one is building out bare colos like Exodus, Frontier GlobalCenter, etc. did back in the mid-1990s; there's a glut of raw space except in very specific markets. Managed services or differentiation (by security, expansion of over-capacity carrier hotels, low pricing, etc.), but not by massive up-front capital spending.
Despite plans to go to Amsterdam and Berlin for xmas/nye, I've ended up working, due to other staff being unavailable. I'm not bitter though :)
:) So now I get to work on it sitting here in a warm, stationary office, vs. on a bumpy train with a GSM modem.
I'm working on some code which should be very interesting in 4-6 months...bigger than HavenCo!
I actually had the idea several years ago, when tangentially involved with a ccTLD commercialization project, to auction domain names in a "virgin" domain on a first-come, first-serve, reverse auction basis. I'm sure others have as well -- auctions are a standard way to distribute scarce resources, like RF spectrum.
:)
On day one, offer any available name for USD 100m. (first come first-serve intraday). Second day, USD 50m. Third, USD 25m...
Certainly there would be few/no sales at the higher price, but at some point, domains like "anal.*" would go for a high price. And single-letter domains. I like this system because it allows users to decide what domains are valuable, and whoever values the domain the highest, gets it. It really seems like the only fair way to distribute the resource.
It's better to do reverse vs. forward auction because otherwise bidding for popular domains could drag out for some time. Forward auction might increase prices if there is a "bidding war". Some of the details can be tweaked.
However, it's unclear if this kind of sale would be ok with ICANN (or at the time, IANA). Not that it particularly matters; they're pretty much morally bankrupt at this point, and if the proceeds went to the country involved, I doubt they could successfully protest.
If anyone with a ccTLD wants to do this, please email me, I'd be happy to set it up for you, I have the code