Those of you who know my writing on matters of Internet law and jurisdiction will understand why I like this little item. The folks over at wikileaks.org* have put together what sounds like a reasonably serious proposal to prepare a jurisdictional “safe haven” for information on the global network, a set of highly-protective laws for anonymity protection, free expression, immunities for information providers, and the like for those who make information available on the net, and it appears that they have some serious supporters in Iceland who are interested in trying to put this into place via legislation. An “offshore publication center,” or a “Switzerland for bits,” they’re calling it (not quite the right metaphor, imho; more like the “Cayman Islands” for the net).
This idea – which I’ve been talking and writing about for a long time — was discredited many years ago by the “Sealand” operation, a bunch of “pirate radio” operators from the UK who set up on an abandoned oil platform in the North Sea, declared their independence from the UK, and offered up their servers to anyone who wished to reach the global Internet, completely free of any interference from pesky legal strictures like “law” or “regulation.” It didn’t last too long – the UK ultimately cut the trunk line feeding the offshore platform, ending their ability to transmit information over the Net. But it lasted long enough to serve as a good straw man for everyone who wanted to argue that the Net wasn’t as unregulable as it seemed to be. “Look at what happened to Sealand!” But this wikileaks proposal for Iceland looks a lot more promising – I have no particular reason to think that it will, in fact, succeed, but at least it wouldn’t surprise me if it did. One can even imagine this providing a not-inconsiderable revenue stream for a country that was pretty badly battered by the recent crisis — if you don’t think so, think about what Delaware has managed to accomplish, revenue-wise, just by offering itself as the go-to place for corporate registration; if Iceland were to offer information providers substantial protections that they could operate free from threats of exposure or liability, my guess is that people will pay something for that, and things have a way of adding up quickly on the net.
[Thanks to JL Dunn for the pointer]
[*If you're not familiar with wikileaks.org, you should be; they are, in the words of their wikipedia entry, "a website that publishes anonymous submissions and leaks of sensitive governmental, corporate, organizational, or religious documents, while attempting to preserve the anonymity and untraceability of its contributors. Within one year of its December 2006 launch, its database had grown to more than 1.2 million documents,[2] leading to many front-page newspaper articles and political reforms.” They’ve performed an enormously valuable public function over the years — and are now, as you can see if you go to their website, in dire financial straits, and seeking donations. A worthy cause.]
Brian, follower of Deornoth says:
The history of Sealand is somewhat stranger than your post suggests; have a look at
http://en.wikipedia.org/wiki/Sealand
Somehow I suspect the entry doesn’t cover the full story.
January 8, 2010, 12:22 pmCraving Oyer says:
So then … just cut off Iceland’s Internet?
January 8, 2010, 12:25 pmguest890 says:
If Iceland wants the job, it should seize the opportunity, before Kinakuta beats it to the punch.
January 8, 2010, 12:59 pmChris Travers says:
Iceland…. There is a country which has been the object of some amusing ethnic stereotypes in the past. Reading some of the late Medieval and Renaissance portrayals of that country makes one think the inhabitants are as strange as antipodes…..
However, I hope this works. Iceland (really, the original home of the free, albeit run by a government-by-attorney with jurors who were loyal to their lawyers) could recapture some of their past glory by undertaking something like this.
January 8, 2010, 1:08 pmCan't find a good name says:
Wikileaks.org is the opposite of a worthy cause. They have no ethical or moral standards.
January 8, 2010, 1:18 pmCan't find a good name says:
See this article for an example of the kind of work that Wikileaks’ donors are supporting.
January 8, 2010, 1:22 pmThe Unbeliever says:
“Information wants to be free”, although a nice and consistent hacker ethos, isn’t really a worthy cause in the normal sense of the phrase.
At best it could be called an informal law of systems or knowledge management.
January 8, 2010, 2:18 pmMonty says:
This all sounds great as applied to wikileaks; but would iceland be willing to go far enough to provide total protection to wikileaks if the consequence is the protection of less ‘savory’ content?
The most immediate candidate is pirated intellectual property. If wikileaks iceland cannot host stolen IP, then all someone needs to protect data from wikileak exposure is to assert a copyright claim. Its not really a safe haven if you will have a court deciding on a case by case basis whether challanged documents are subject to protection. But then does that mean Pirate Bay Iceland will be protected? What about someone who does more then host trackers, and actually provides downloads?
Personally I think piracy is an acceptable price to have an information safe haven, though I can understand how others may differ. But what happens if its not just piracy? What about Hate Speech? What about incitement to Terrorism? What about an al qaeda message board? What about the perennial favorite Kiddy Porn? Would Iceland accept all that as a price of free speech? Or would they try to draw lines? Once you start picking and choosing what speech is permitted, how sure can you be that some wikileaks content wont end up in the prohibited column?
January 8, 2010, 2:40 pmDan Weber says:
The biggest lesson from HavenCo is that, if your employer is based on the concept of ignoring silly things like laws, you are likely to find yourself not getting paid.
Checking out more of Wikipedia, you have free speech in Iceland “as long as it does not endanger or demean other people.”
Trying to start up a free speech haven in a place where it’s illegal to merely demean other people is probably a losing proposition.
January 8, 2010, 3:59 pmBC says:
I could not disagree more with the claim that Wikileaks “has performed an enormously valuable public function over the years”, and that they’re in any way, shape, or form a worthy cause. The simple fact of the matter is that they’ll publish anything, irrespective of whether it’s a legitimate example of whistleblowing on corporate or government malfeasance, or whether the “leak” is actually a political dirty trick — see, e.g., their publication of U.S. military strategy documents, unconnected to any of the public controversies surrounding the Iraq war; they published information that could’ve gotten U.S. soldiers killed. The Wikileaks principals are unprincipled pieces of human garbage, and it’s enormously disappointing to see somebody like David Post lending them support.
January 8, 2010, 4:28 pmSteve P. says:
Can’t find a good name – I don’t have a problem with what happened in that article. They informed all donors twice before releasing the information, and they only did it because Coleman’s campaign denied that a) it had been leaked, and b) they used shoddy security practices (storing unencrypted credit card numbers!). Embarrassment is a pretty good incentive to prevent future mistakes like those.
January 8, 2010, 4:31 pmSteve P. says:
I’m a little unclear on why the documents were a “political dirty trick” – were they forged or inaccurate? If they’re valid documents released to embarrass someone, well, I think one of Wikileak’s strengths is that they don’t make those judgement calls. The problem with that kind of self-censorship is that people are always going to argue where that line is, and nudge it back and forth. Might as well make a bright-line rule that all real (not fake) documents are fair game.
January 8, 2010, 4:38 pmMark S says:
As a semi-literary aside, I believe it was Science Fiction author Bruce Sterling who coined the term “Data Havens” in his book Islands In The Net. Wikipedia has entries for the book, the author and the term “Data Haven”.
Sterling wrote his book in 1988, which won the Campbell award in 1989 and was nominated for both the Hugo and Locus awards that year.
I tend to use the term, myself, for such constructs.
January 8, 2010, 4:54 pmCan't find a good name says:
Steve P.: I am certain that Wikileaks didn’t inform all donors before posting the information, because I was one of those donors and my information was posted, but they didn’t even inform me once in advance of posting it.
While I believe that the Coleman campaign was partially at fault for the release of the information, for allowing the data to get leaked and using shoddy security practices, I am not sure why it was necessary to release the information about me and 51,000 other people in order to teach the Coleman campaign a lesson.
January 8, 2010, 5:35 pmSteve P. says:
Can’t find a good name – it’s definitely disappointing that they didn’t inform you before releasing the information, and if I was in your shoes, I’d be pretty mad. However, I’m not in your shoes, so I can play the devil’s advocate and point out that the information was already “in the wild”, so to speak.
In other words, you might not have found out that your credit card information was compromised if they hadn’t posted it. That would have, theoretically, allowed some nefarious person to spend a bunch of your money before you discovered the fraudulent payments.
January 8, 2010, 5:48 pmTweets that mention The Volokh Conspiracy » Blog Archive » The Iceland of the Internet: -- Topsy.com says:
[...] This post was mentioned on Twitter by Shari Laster, tim gier. tim gier said: a jurisdictional “safe haven” for information on the global network? http://bit.ly/641bgo via David Post volokh.com [...]
January 8, 2010, 5:49 pmdw says:
Thanks for the tip. The work Wikileaks does getting round England’s obscene libel and free-speech laws alone is worth supporting. I just donated $25.
January 8, 2010, 6:04 pmBC says:
Wikileaks purports to serve the public interest by publishing leaked evidence of corporate and government malfeasance. In this case, the leak served no legitimate public interest: the leaked documents contained military planning information of an operational nature, and did not detail any wrongdoing, alleged or proven, by anyone.
The only interests served by the leak were (a) U.S. foes’ interest in having more detailed information about U.S. soldiers’ procedures and capabilities, and (b) anti-war advocates’ interest in embarassing the Bush administration and hobbling the U.S. military.
“We will publish anything anyone sends us, regardless of the equities,” isn’t a brave moral stand. It’s juvenile and sociopathic — which is of a piece with much of the “information wants to be free” hacker ethos.
January 8, 2010, 8:20 pmBC says:
This sort of self-serving rationalization is often employed by hackers and their enablers: “Actually I did you an enormous favor by publishing your secret information/breaking into your secure system/whatever: without my efforts you’d never have known you were vulnerable.”
That’s fine as far as it goes, but without your efforts chances are that nobody else would’ve learned of the vulnerability, either. The non-sociopathic method of bringing someone’s attention to a security risk is to notify them of it privately, not shout it from the rooftops where any random shitbag can use the information to his own advantage.
January 8, 2010, 8:25 pmNorthern Dave says:
They may try, but Sarko will tax them:
http://www.spiegel.de/international/europe/0,1518,670837,00.html
January 8, 2010, 9:07 pmChris Travers says:
That’s blatantly false btw.
On software projects I manage, we have a policy of full disclosure of all security problems within thirty days of report and within 7 days of a fix being released. Full disclosure means we include detailed instructions of HOW to break into the software via the problems discovered. We give credit to whoever reports it too.
Experience has shown that software projects that encourage responsible full disclosure are far more secure than those that don’t. Responsible full disclosure means let the vendor know privately, give a week to respond, and give 30 days to issue a fix. Once that time is up OR the fix is released, full disclosure is ok.
There are all sorts of reasons why computer security professionals publish detailed descriptions of how to circumvent security measures when these are discovered. In general, as long as you update your software properly, this helps keep you more secure.
On a personal note, I discovered a serious flaw in a program once, and it was ignored by the vendor. A year later I finally started up a competing program because I couldn’t honestly support my customers on insecure software. I discovered after that point that several other people had discovered the problem independently.
If one hacker can find a problem, plenty can.
January 9, 2010, 8:01 pmpetB says:
and maybe some Iraq resistance figter’ lives saved – should they decide which life is more worthly? Based on what criteria?
January 11, 2010, 4:24 amJeff Martin says:
Love the site! Thank you for the great info :)
March 13, 2010, 2:25 amRichard Bachner says:
Interesting article with a decidingly libertarian flavor. Despite how permissive US free speech laws are, I wonder if something like http://www.dirtyphonebook.com won’t essentially have to be hosted off-shore to avoid running afoul of the state-attorney generals who are trying to shut them down. Now THAT is an interesting example of free speech in action.
May 2, 2010, 4:56 pm