Sealand and HavenCo Part II: The Rise and Fall of HavenCo

Yesterday, I blogged about Part I of my new article, Sealand, HavenCo, and the Rule of Law, which chronicles Sealand’s quirky history. Today, I’ll pick up the story with Part II, which follows HavenCo’s founding, rise to fame, and slide back into obscurity.

HavenCo’s founders, Sean Hastings and Ryan Lackey, were hardly the first to bat around the idea of a data haven. The idea cropped up in policy debates in the late 1970s, in science fiction in the 1980s, and in cypherpunk theory in the 1990s. But few people have done more than Hastings and Lackey to actually create a data haven. They met at the Financial Cryptography Conference in 1998 and found a common interest in starting an offshore hosting site for data of any kind, safe from governmental snoops, censors, and prudes.

The only problem was where to put it. After looking into some of the smaller Pacific islands, or creating their own on the Cortes Bank, they settled on Sealand — and discovered that Michael Bates was receptive to their idea of a joint venture. The royal family would make Sealand available in exchange for a stake in the company and a series of payments as HavenCo took off. The business plan called for $25 million in annual profit by year three. In addition to Sean Hastings and Ryan Lackey, the rest of the initial team included Sean’s wife Jo, plus well-known technologists Sameer Parekh, Avi Freedman, and Joi Ito.

The plan was simple. Move a bunch of computer servers out to Sealand. Plug them in to a generator. Contract with networking companies to lay cable and create wireless line-of-sight links to the shore, with a satellite link as a backup. Allow anything except child porn or spam. Charge handsomely; get rich.

Here’s how journalist Simson Garfinkel explained HavenCo’s pitch to clients, using as an example a fictional idealized customer, “MacroMaxx, a Berlin-based construction giant”:

The server’s location on Sealand means MacroMaxx won’t have to worry about fires, earthquakes, tornadoes, thefts, bomb threats, industrial sabotage, or killer-bee attacks. Or, for that matter, the discovery process in civil suits. If MacroMaxx is embroiled in a legal tussle and doesn’t feel cooperative, it could use Sealand’s unique status as a way to dig in its heels. Say, for example, that a pesky court official shows up at the company’s Berlin office with a disk-duplicating device, demanding all company email for the past year. MacroMaxx execs could say, “Gee, we don’t have that here.” The official would be stymied, because the email simply wouldn’t be on the premises, and it’s up to MacroMaxx whether it keeps any backups around. The primary data would be housed only at Sealand.

And should the authorities find out and call Sealand demanding to come aboard and access MacroMaxx’s machines? No problem, says Lackey: They’ll be told to bugger off.

That threat — “bugger off” — was to be backed up with a kind of defense in depth. The first line would be Sealand’s sovereignty. The second would be physical: a nitrogen-filled server room, protected by guards with machine guns and 12-gauge shotguns. And the third would be pragmatic: “We’d power off the machine, optionally destroy it, possibly turn over the smoking wreck to the attacker, and securely and anonymously refund payment to the owner of the server.”

So What Happened?

The initial press coverage, sparked by Garfinkel’s story, was immense. HavenCo even made The Daily Show. After the launch, though, HavenCo all but dropped off the radar. Lackey made conference appearances in 2001 and 2002 to talk about how well things were going, but news was scant.

And then Lackey showed up at the 2003 Defcon hacker conference to deliver stunning news: HavenCo was “of uncertain operational status now.” None of the founders or investors were still with the company, and he was deeply skeptical of its viability. The talk that followed was highly critical of Sealand and its Royal Family, but also unsparing in its self-criticism. Lackey still was optimistic about data havens and freedom through crypto, but wanted to help others avoid his mistakes. (Sean Hastings, for his part, later delivered his own post-mortem on the experience.)

On one level, HavenCo suffered a classic early-2000s dot-com flameout: it was overhyped and underused. The company never had more than a dozen clients at a time; most of them were online gambling sites. There never were nitrogen-filled server rooms or .50-caliber machine guns. Doing everything from Sealand drove up the costs; the expected flood of business never materialized. Sean and Jo Hastings, tired of living at sea, dropped out of the project.

There had also been a deep rift between HavenCo and its hosts. Lackey was a strong believer in freedom through cryptography: he did things like install an anonymous remailer. Prince Michael and his advisors, though, had much less appetite for real conflict with the major nations of the world. They regularly put the kibosh on any of Lackey’s plans that he told them about, like his scheme for a “10kg gold backed online electronic currency at HavenCo using anonymous digital cash technology.” The straw that broke the camel’s back for him was Sealand’s unwillingness to get into the unauthorized streaming-video business.

HavenCo at this point theoretically owed Sealand princely sums under its original contract, and also owed Lackey for the debt he’d taken on to keep it going. He and the Sealanders worked out a deal in which Sealand would take over day-to-day operations, with Lackey staying involved as an authorized reseller (but from dry land). Within days, though, he alleged at Defcon, Sealand froze him out: changing the passwords and seizing his personal computers. HavenCo, he said, had been “effectively nationalized.”

It only went downhill from there. Sealand tried to keep the company operating, but almost all of the real technical knowledge was gone. By 2006, HavenCo was being hosted from London, not from Sealand itself. By 2008, even its website had fallen over.

Tomorrow: Why did HavenCo fail?