HavenCo was an attempt to build a secure, unregulated Internet service provider on the tiny "island" called Sealand.
Ryan Lackey's new venture is Metacolo, a "secure offshore colocation" provider.
Sealand's sovereignty status "has never really been tested." He doesn't think it ever will be. Previously he was bound by NDAs, and he had a positive bias toward the company, but now he can speak more truthfully about what happened. He still won't reveal customer information, and everything he will tell at this talk is already public information (to the moderately dedicated discoverer). He accepts some of the blame for how HavenCo turned out, since he was the only person involved from start to finish.
The basic problem HavenCo was intended to solve is that there are more and more restrictions on privacy on the Internet. Lackey tried to "strike a balance" between his ideals and what was commercially practical. He has a strong belief that service providers should state a complete, explicit acceptable use policy at the beginning of operations, and stick with it. He only really has a problem with service providers when new restrictions are added later to existing customer contracts.
The Bates family has claimed sovereignty over Sealand since 1967, and has been using it mainly for pirate radio and fishing. Lackey didn't really know them beforehand; he just kinda got stuck with them. "I didn't really do that much due dilligence on the whole thing." HavenCo got started with some angel funding. He actually lived at Sealand for around 2 years.
There were many problems with vendors, including low bandwidth due to the difficulty finding providers. This made it hard to get and keep customers...
There was so much press activity that nobody did much actual work. He was the only person doing anything besides talking to the press. Finally HavenCo got an 8Mb/s connection to the Internet, via an 802.11b link to a provider in the UK .
Initial customers "were kinda boring and small". HavenCo only got about a third of the startup money they were expecting. They lied to the press about the actual size of their customer base. They would show the press a tiny room with a few computers, and told them there was a much bigger room loaded with machines downstairs. "There was no data center." The peak of installed machines was "like 20".
The original plan was to have tamper-resistant machines, but due to funding problems, they never actually implemented that. They had to turn away customers since companies can't get incorporated in Sealand; people would get their companies incorporated in other countries (for e.g. gambling), and then just colocate their servers in those countries instead of in Sealand.
For personal reasons (i.e. they didn't like living on Sealand), other technical people left early on in the venture. Lackey maxed out his own credit cards to pay people. "Luckily, I had great credit." Note past tense...
HavenCo was "like ten times more expensive" than on-shore colo facilities. "We were doing a little bit better than people like Enron and Worldcom, for a time." They started getting more and more customers in 2001, "like ten customers a week". At this time HavenCo was starting to resemble a reasonably successful business.
"The real mistake I made there:" making capital improvements to a place he didn't really own.
Prince Michael of Sealand became the CEO of HavenCo. Michael's father was "very conservative and didn't like the idea of HavenCo." The mission of HavenCo was perceived to go against the goals of Sealand (to get recognized by other countries).
The owners then decided to buy expensive gear that didn't work to replace gear that did, e.g. the wireless set up. Occasionally the owners would get annoyed by what some of the customers were doing. "Eventually we had more restrictions on us than a US ISP." Lackey covertly set up an anonymous remailer; he had to hide it from the Sealand ownership.
The owners said they were going to start taxing customers. There were changes to HavenCo's Acceptable Use Policy (AUP), but these not well-documented or communicated to customers.
Then 9/11 happened. The owners said they would, on the sly, report customer information to governmental authorities if asked. That was against the mission of HavenCo. "They were very good at simulating a real country there, because they were acting like politicians."
HavenCo re-incorporated in Cyprus. There was an agreement on paper to issue stock to the key people, but that was never done. The company started having bad (five day long) network outages. There was a two month semi-outage (they had to fall back to a slow satellite link). The vendor of the telco gear went bankrupt, and cut off service when they went out.
A company wanted to start a legitimate-seeming DVD-streaming business that would have paid off all HavenCo's debts, but the owners found that offensive and wouldn't do it. That's when Lackey decided to gradually leave HavenCo.
They also didn't want to attempt Lackey's business idea of having a digital cash system (backed by 10Kg of gold). "I will not deploy any [digital cash] system that is not fully anonymous, because I believe to do anything else is irresponsible."
The owners wanted to have the billing moved out to the girlfriend of one of the company's advisors, in the UK, on a Windows 95 PC. Lackey decried that as absolutely unacceptable for security and privacy reasons. Finally, the Sealand government said they wanted to take over HavenCo. They worked out a "pretty reasonable agreement", including issuance of stock. Within five days Sealand violated the agreement. They confiscated his servers, they owe him money and shares, and they tried to enforce a non-compete agreement that never existed.
Lackey demonstrates how you can use Internet query tools such as nmap, whois, ping, traceroute, and others that show how dead HavenCo is (they are running very few hosts and very few services). "The network is reachable sometimes." The ping times are not too bad when the network is reachable. Lackey doesn't believe there are any new customers. HavenCo's IP block has lapsed due to non-payment? The FreeBSD systems left upatched might cause problems. "If anyone has any exploits for FreeBSD 4.8, have fun."
He could sue, but it would cost him too much, so he has moved on and is doing other things now. He didn't do due diligence; if he had he would have found that other people have had bad problems with Sealand before. He gives the example of a failed ship registration business.
Lackey thinks the off-shore hosting thing is still "interesting" and "a reasonable idea". Ultimate lesson: "If you have a very small number of people in a business, it's easy to violate agreements." Claiming soverignty is pretty meaningless unless you have the commercial infrastructure.
The press doesn't investigate, they just report what they are told. In general the quality of tech reporting is not as investigative as for crime reporting or the like. He thinks the press should be educated as to their role here.
His new company, Metacolo, is doing essentially the same thing HavenCo was intended to do, but in a different way. There are colo cages in many countries, using tamper-resistant hardware. "I trust crypto a lot more than I trust people."
Lackey believes in the potential of the Free State Project to secure liberty in the US. He is also writing a book on the HavenCo experience, and a book about how to be anonymous on the Internet.
Q: Did you ever consider an armed insurrection against Sealand? A: For a few minutes. "But then I'd be stuck there." Someone in the audience suggests you could sell Sealand on eBay.
Q: Did you have any customer inquiries that surprised you? A: Yes, many businesses inquired that did not really need what made HavenCo unique.
Q: Did you investigate where the DDoS attacks came from? A: Yes, he thinks the attacks were misdirected, and some of the hosts were just ancient and unpatched software and so were easy targets.
Q (me): Tell more about tamper-resistant hardware. A: IBM 4758 tamper resistant, really cheap now; also uses FBSD with encrypted disks. Combined with standard physical security, this is "pretty good".
Lackey shows off his Sealand passport, which has handwritten numbers on the front. "This cost me $220,000 and three years of my life." He can't use it to enter the US because he has a US passport; that would be a felony.
China, and places in South America, et c. apparently have some "free trade zones". He wants to set up various projects in such places, like reverse engineering labs and colocation facilities.
He won't reveal the name of the advisor of Sealand that messed things up so bad. However, he says you could find out with public documents, and he will serve as "an oracle, serving one bit of information, yes or no" to aid in the identification of this person.
Lackey advocates, in place of things like tithes to the church, in-kind contributions to open source projects and legal defense funds like the Electronic Frontier Foundation.
Q: What kind of help do you need with your new ventures? A: Partners in "interesting countries". An initial investment of $20,000 - 30,000 is required for build-out to set up one of his colocation facilities. "Also, if anyone knows any good publishing houses or agents" for the books he's working on.
Q: More about tamper-resistant hardware. There is a project at Los Alamos to rate how tamperable certain hardware is. A: He tells about it and is interested. He is working on a project "completely unrelated to computer security" for this that will withstand a lot of tampering. Has a patent application in process, and says the poeple here would not like what it's for. But he is going to make his fortune with it.
© Copyright 2003 Chris Palmer