 As a result of recent activities, I don't think there will be a court case at any point. So there'll probably be continue in this state. Why am I giving this talk? So basically while I worked there, it was sort of seeing the forest for the trees and when you're working for a company, you're sort of biased toward being positive about it and you sort of are encouraged to be more positive about it. And some of the things weren't really apparent to us. Maybe they would have been if we'd been more experienced with this kind of thing in the past, but they didn't seem obvious then. And yeah, and there was also NDAs and stuff, but yeah, they tend to apply less when the other side has vanished. So yeah, basically I still am not going to release any information on confidential customers at any point and I don't actually have any current confidential information because it doesn't really exist and I don't really have access to the things that do exist. So everything in this speech is actually based on public information that anyone can get with a basic level of network knowledge and basic level of digging. And I've documented how I've gotten all this information just to show that fact. Yeah, and a good deal of this is actually my fault. The problems are in some cases technical, but primarily business and as the only person really involved from start to finish, I guess a good deal of a blame is mine for not correcting these problems preemptively, but yeah, I won't make the same mistakes again. And make different ones. So yeah, so basically the idea was that the motivation for the whole thing was that there was a lack of privacy and freedom on the internet and the laws have been getting progressively worse. So we wanted to try to fix this problem by creating an offshore data haven that wouldn't have restrictions placed on it and we had to figure out how to do this practically. Like you can't really create something and say there's absolutely no restrictions because it'll immediately be used for purposes that will cause it to be shut down immediately. We tried to strike a balance between what we could do commercially, what we could do practically, and what people would actually want to do. Oh, that's interesting. Yeah, Brooklyn in particular. Let me show you how to do this. Ready? No, that's how you do it. That's marginally better. It's a Mac, I don't use a Mac. Feel free. But I'll just continue the stuff during that. Basically, we needed to figure out what we could practically do as well as what people would want to do and it was, yeah, interesting. So we wanted to try to figure out a good balance and we decided on something that was basically we'd prohibit very few things. We'd make all these restrictions explicit up front and as long as we never change those things, I would be okay with having those restrictions up front. I don't really care if an ISP says we're gonna filter your traffic from day one. It's explicit in the contract and even if they say we're gonna monitor all your traffic and post it to the internet, if they do that from the start and are consistent about it and up front about it, there's really no problem. It's only that the people discover these problems after the fact that it's a real problem for people's privacy. And that was a model that we all agreed on and we also had the idea of doing the same thing in multiple occasions to make it more secure from a being difficult to shut down standpoint and also having a complete package of services that would be attractive to all sorts of businesses. Can't do full screen one second. Okay, good. So basically we met in San Francisco, we decided to do all this stuff and we were in an interesting position that there were these people that had had Sea Land since 1967, the Bates family and they'd been using it for pirate radio broadcast they'd been doing pirate radio broadcasting not from there, they'd been doing other miscellaneous like marine type projects, fishing, things like that. And they weren't really from an internet background and we really had no idea who they were when we started doing business with them but they had this asset that existed and we sort of had to do business with them. So we, well, I'll just speak if there's no, there's really just slides. It was a sort of, we didn't have much choice in the matter like because normally when you're picking a startup company you get to pick all the people involved but so we didn't really do that much due diligence on the whole thing and we met with these people, decided to go ahead, raised some angel funding back when it was easy and went ahead. I moved out there, I lived there from 2000 until December 2002 and we did the conversion of the place into a data center. We launched with a lot of publicity. We had pretty good plans like on paper but they, this was sort of at the beginning of the dot-com problem so we were doing business with certain dot-coms like Windstar that failed to ship circuits in a timely manner so we had things like an STM-1 that was on order that was supposed to be ready by June that never actually got delivered after we paid them and we were stuck running on a 128 kilobit per second VESAT link, the same one they used like during Burning Man for the internet connectivity was about what we had and trying to host a bunch of content off of that and as a result, we didn't even have that for like eight months so it was kind of tricky getting any of the customers actually set up but we went ahead and we eventually got some network connectivity and we had so much press inquiry that nobody actually did any other work so like every day people would fly out on a helicopter and talk to the press for about six or seven hours and then go back somewhere or go to sleep and that was about it. I was like the only person doing anything other than talking to the press. So we eventually got 4E1s which is like eight megs running from London telehouse to a building on the shore that was really tall and we set up some free BSD boxes with eight or two 11 between these things because somebody else wanted to get some really expensive wireless gear but the free BSD stuff was already there and worked and we eventually had high speed connectivity. We tried to get customers but they all had, I'll go in a second. Let me fuck the audio, keep talking. So we tried to get customers signed up, we had a huge amount of initial inquiries, we had like two or three thousand people that wanted to sign up right away in like June 2000 but we didn't have any internet connectivity then, we didn't have any other stuff so we sort of waited and a lot of them like sort of vanished over the time but we signed up initially just a bunch of people that were doing various kinds of things like there was one stock market information site and there were some insiders that had their boxes and that was about it for a while and yeah so we didn't really need, okay so I can just do four. Oh okay so it's just an internet but it's a projector. Oh okay, I'm just confused then. I have really bad luck with projectors. Yay, yeah, finally. It doesn't blink, I know, how I survive. So yeah it was basically some initial customers. What'd it do? Yes, that's interesting. So we had some initial customers that were kind of boring and very small and we still had a lot of press coming and we kept talking to the press a lot and I actually moved out there full time and was doing work while everyone else was talking to the press. We set up a temporary thing where we had like five little RS relay racks that were set up in one of the empty rooms and that ended up being where all the machines went. We had all these plans to build out like really nice data center stuff but we only got about a third of the money we were supposed to get so they all actually went in the five relay racks but we were somewhat embarrassed by our five relay racks that were full of like $300 for you machines. So that was the demo room and there was some other secret room somewhere else in the facility that contained all of the machines which yeah, never actually existed. Yeah, it was really interesting whenever the press would come out because there's like a steel plate in the floor covering up the empty area and there was one piece of like 12 gauge Romex running down to that that powered the facility that had thousands of machines and all the cooling and heating and there's no other ducting down there and nobody ever mentioned it. It's been photographed repeatedly and they like completely didn't care. Yeah, and there were actually some like network engineer people that were also press that went out and did the same things and they also didn't comment on this. So I think people, this whole idea, hold on a second, sure. That didn't happen because there was no data center that was for the non-oxygen atmosphere. Yeah, the original plans for the data center were, I mean, it's fairly practical to do there because the rooms are sealed anyway. You could just remove the oxygen chemically from the air in those rooms or at least remove the moisture and remove the oxygen as well. But no, that was not done because there was no data center. Yes, I have photos on the CD as well as a bunch of other stuff on the CD and on the website that you'll have URLs to that show all the actual equipment and at the peak of having machines, which is like 20. The critical components were supposed to be tamper resistant and we decided not to spend the money, like the $20,000 back when we did have lots of money to hire the guy to do that project, despite the fact that that was like the key element of the entire security model. Yeah, and we also had customers come and they wanted to set up a complete business. They would come to us and they'd say something like, I went to set up a casino on your site and we have to tell them, oh, you must get payment processing and yeah, cool. They need to get payment processing and the way you get payment processing is you have to incorporate in another country, get a bank to do business with you in that country and then you're supposed to put your servers in yet another location, despite the fact that you're already a legal corporation and all of your banking happens through another country. So in most cases, they would come to us, they'd say, we want to set up a new business and we tell them that you have to set up your payment processing somewhere else and they would then go to the somewhere else and then get Kolo there and yeah. We also were pretty, that was probably the single biggest problem was a lack of ability for businesses to actually processing payments. We also were pretty disorganized. I ended up doing all the accounting and billing as well as all the technical stuff, as well as all the sales stuff because people left as well as didn't do anything. Two of the three founders left for personal reasons, like very early on in the project, there's no problem there but they just left because I think primarily they didn't like living in a tiny platform and we'll see, imagine that and that left me as the only technical person on site and there was Prince Michael who is nominally running the company but really didn't do anything day to day for a very long time. He'd like drive around when we went to go pick up cash and things like that but that was about it. We also had security and maintenance people who probably did more work than everyone else put together who were just feeling the generator running the boats and everything else but over time they also left. The company continued to consume money quite prodigiously until like September 2001. We would get like a wire transfer for Western Union and pay like $1,000 to get $9,000 every week to make payroll. It was quite fun and I ended up taking a bunch of credit cards and maxing them out on cash advances to pay people salaries too which was also not very fun. Luckily I had very good credit. Few new customers came over time because of the problems in getting the payment processing setup was a primary problem and other general problems. Also the fact that we were like 10 times more expensive than onshore opportunities made it a bit more difficult. I do note the irony of all the technical difficulties with the talk, yes. The, so if any new customers came, hopefully if I don't touch any of this stuff it won't break. So the rate of inquisition increased like we'd sort of, we had these plans of like the whole dot com explosion growth and then we cut back on that when everyone else collapsed. We were doing a little bit better than people like WorldCom and Enron for awhile and like the summer of 2001 it had actually gotten pretty good because I moved there full time. I worked there without drawing a salary and or with having it not actually paid and doing stuff pretty cheaply but pretty well like we had redundant networks because we used free BSD boxes for routers and things like that. It worked pretty well. We were getting a reasonable number of customers in over time like a few a month actually and so I'd say 2001 we were actually a pretty successful company. I went to HAL 2001 there and spoke about it there and we got like 10 customers in a week so at that point things were actually going quite well and quite well in terms of financial stuff but I still stuck living there all the time and it looked like it was actually in like a year or two gonna do quite well but the problem is we had this original agreement with the C-Land people that we signed with them where we were going to give them a huge amount of money after a year. We then when our CEO left replaced him with Prince Michael at least on paper and there was no real rush to renegotiate because like they were sort of running the company officially because the son of the prince was the CEO and they said oh just give us money later and it's all good so we sort of believed that and kept operating while making capital improvements to a place that we didn't really own and building up a business there. So yeah that's the real mistake that I made there and I learned. So 2001 was pretty good but then in fall 2001 there's an advisor to Prince Michael's father who is a very traditional, very conservative guy who basically didn't like the idea of Havenco who got involved and he was trying to do C-Land's claims of sovereignty with the ITU like we've been trying to get a top level domain ISO registration all sorts of stuff for a long time not very much work had been put into it and he was a lawyer that had lots of experience in doing this kind of thing or so was said and was trying to do this kind of thing and took over things like trying to create texts for the website, for the C-Land site and sending off letters to people and that's sort of at odds with Havenco like if you're going to have a free data Haven thing that doesn't really make the countries that you're trying to get recognition from that happy like they were worried that it would be a very bad thing on the reputation otherwise of course nobody would have heard of it and that would be even worse because it would be like the little weird free state project that some little weird like imaginary country thing that everyone else does but I don't know some reason they thought it was a serious PR liability to do this kind of stuff so basically what they tried to do was minimize the kind of content we would host and the kind of problems we would cause and they viewed us more as a liability than anything else of course we were also a liability that's paying all of the bills to the whole thing and bringing in customers and stuff and also he has very interesting technical ideas we had working redundant network connectivity and we had no money because they owed like five million dollars including lots of money to me and I decided to spend lots of money that we didn't have on replacing the gear that did work instead of buying other gear so we bought things like a Nx64 wireless bridge it was like $30,000 to replace the working 802.11 system that was in there that got rid of our multi-path and has been unreliable for like two years but it was a British company so it was cool and we sort of continued going we'd have customers come if they were at all questionable like if they weren't the standard gaming company or anything else there would be either two routes either I wouldn't tell anyone else in the company that this customer was signing on what they did I would just like sign them up and say this is a customer that's like an ISP or something and that would be fine because that's within our AAP we didn't want to know what your business was I told customers like don't tell us what you're doing and that was good but occasionally they would go and actually meet the customer and the customer would be somebody doing something that they found offensive and they would say oh we must comply with all international practices and customs for all things and basically we ended up we had more restrictions placed on us than a US ISP if it was anything that looked defensive like anyone might have any problems with it they would try to get rid of the customer there was one really good example of that which is coming up so we did lots of cool things during this period because nobody else in the company had root on any of the machines except for a couple other technical people and so I could set up things like a re-mailer discounted projects from open source all sorts of cool stuff because they didn't really involve themselves in it and at that time the Sea Land people were just involved in trying to make Sea Land work and they weren't trying to do anything with Havenco and it was very very good and then they started saying they were gonna start taxing Sea Land hosted companies and that was very interesting so yeah they started messing with the AUP they never actually updated the AUP but there was a de facto AUP of like don't offend anyone then the whole September 11th thing happened very convenient timing and we got to the discussion of Al Qaeda on we were giving an interview I think to the BBC and I gave one interview saying that basically there would be no problems this is our AUP nothing else matters and then they gave an interview saying that yes we'd certainly turn this over on the sly with the authorities if there was a serious problem with any of our stuff and I felt very angry and annoyed at that and luckily there was sort of I was able to only convince them that from a commercial standpoint this was a very bad idea not that like we had already told our customers the other thing and that ended up not running but financial stability was getting really questionable because we were spending even more money and reducing our demand so if you spend more money and decrease the demand for your product that's not a good combination yes yes yes they were very very good at trying to simulate a real country there because they acted like politicians financial stability was pretty questionable and we still didn't have an agreement with them and they kept saying oh we're gonna do this we're gonna do this and we also had never actually issued stock or any other stuff to the company which is coming up in a second oh yeah we hadn't issued stock to the investors because our original incorporation was Anguilla and we couldn't do banking there for some reason and we decided to reincorporate in Cyprus and we never really ended up doing we legally are incorporated in Cyprus it's what the who is information is but there was an agreement on paper to issue stock to various people but never was actually done and there was various other stuff that was not done and we also had several large loss attacks and that caused problems as well as equipment problems with the new equipment that didn't have backups so we were losing like five days of connectivity to time which is really really really bad for a DSL connection at home and for an ISP or for a colo company that's like completely unacceptable and yeah so then our vendor went bankrupt for our circuits and we then had a two month outage due to our E1s being through a company that went bankrupt they told us oh we're bankrupt so you must buy new ones but they refused to buy new ones because that would have been cost money so they got an agreement with them not to turn them off for a while but then they turned them off when they went bankrupt because they were no longer a company and so we were stuck on VSAT again for two months with a reasonable number of customers and I got to play the like customer service game of making the customer sort of happy by not charging them for a little bit and yeah it's gonna be ready next week and yeah it kind of was amusing it was also amusing when the press would come out because my cell phone had a faster internet connection than our main internet connection so I would browse on my cell phone yes so then the absolute worst thing happened in September or something it was I think it was May 2002 we had a online movie rental business formerly based in Taiwan so you can probably pretty easily remember who they were that got arrested that then came to us with a lot of cash saying we're gonna set up a business and we want to do it completely legally we want to do basically DVD rental over the internet by digitizing the DVDs, storing physical DVDs and then only running one at a time so you're just downloading streaming and that might have been legal under C-Land law because we could have written it and it's certainly not as questionable as like a pure file trading system and it might have been an interesting experiment and they had lots of cash which would have paid off all of the debt for the company and paid all of their expenses like four or five times over but no, that was not an acceptable business for C-Land to be hosting and I pretty much decided then that I was going to quit but I wanted to delay that for as long as possible such that our existing customers would have continuity of service and things like that but really if they were so concerned about their legal status, if they thought they couldn't host this thing did they really believe that the country had any legal existence from day one? It really makes me question it. So yeah, so basically I was going to depart gradually through 2002 and they found a local Red Hat sysadmin from a single box pillow to start doing stuff which was an interesting choice and given all of our boxes as a previous D and I had some other projects that I was doing with Havenco like I had a 10 kilogram gold-backed electronic currency which was about ready to launch and no, you're not permitted to do such a thing because it might be used by money lenders at some point. So yeah, in 2002, November, they decided that the ticketing system be removed so we wouldn't have a way of tracking queries and that all the billing information was going to go to the girlfriend of the advisor in the UK to do all our billing such that all of the records exist on a Windows 95 PC in the UK. Yeah. Yeah. This after all the customers are like, oh, can we pay in cash? Sure, but we have to keep records somewhere and yeah, so I pretty much refused this. I was also not there at the time. I was on my first vacation in a while and I had to do all this through email which I all have saved and it's very interesting. And basically I refused to let the records be placed in the UK. I said, go ahead and do the billing. Have this person do the billing if you want but we have a remote system that can do it on SeaLand and it sort of completely violates our entire security model to do this and I think it's a professional responsibility thing to prevent such things. I did say if they were fully aware of all the problems I would implement it but not if they were just asking this. Also the advisor is not actually a formal employee of the company so it was basically a random guy asking us to put all the records in the UK. So yes. So we had a meeting in late November over this issue and they wanted to take over HavenCo it turns out. Apparently they had a meeting like a day before and they decided they being a few of the people that are involved, one of the investors that basically they didn't wanna be, they didn't want me to continue doing their stuff and they wanted to have the SeaLand government run HavenCo and we worked out an agreement which was actually a pretty reasonable agreement where shares would actually be issued and debt would be repaid to all people out of the profits. I would continue giving them, I'd give them all the information to keep running it. I'd help them, whatever else and I'd resell their stuff even and which I felt sort of uncertain about but yeah. So I got this agreement with them, I got my stuff and I flew away and I waited for a couple of days and within five days they violated this agreement which was quite amusing. They basically started, they tried to enforce a non-compete agreement with me which interestingly enough never existed because they never had one and I had some personal servers that were allowed to be remaining there which would be about like three of the remaining six or seven servers and they decided to turn them off and take them and use them for stuff even though they were mine. So there's that. They also owe me $220,000 and shares so yes. So that's what I say but what you can observe is what you can see on the network. So what I say is that they're continuing to sort of limp along with the SeaLand stuff but the cool thing about an internet company having this problem is that you can actually see what their infrastructure is very easily and that's the technically interesting part of this. What you do is you do a who is on the company with Ripe. I have all this stuff on the CD, all the NMAPS and all sorts of other stuff. You do a who is on them, you find out what the names are, of course I know where all this stuff is but I want to make a document so that an outsider using just basic knowledge of the internet could discover all this. Do who is, find the subnets, NMAP the subnets, tell that to service ports, see the banners, see what servers are up and see what services are running and see what company names advertise themselves. And of course as far as I'm aware which is pretty reasonable knowledge about this that no international organization has actually accepted their claims of sovereignty. Perhaps it will change but you can easily see now that the website is available. The network is reachable sometimes. You can ping it. It has pretty good ping time still over the single E1 and they answer email. You can see that there's like 5,000 total queries since day one in RT because it has a ticket number system. Of course if you know that 95% of that spam on a normal mail account, yeah. And physically it's still there. I haven't seen it in a while but I believe it's still there. I haven't seen any press come out in like a year but yeah it's probably still there and there's probably from the best of my knowledge a couple of people there because if you look at all the photos you'll see the same people all the time and you can easily deduce how many people are there. I don't believe there are any new customers and there's certainly been no shares issued and there's large outstanding liabilities. I'm aware of this and they still do not have like I do know people that have asked them for Kolo to for certain businesses and I can still see that they're still enforcing this like pseudo AUP which is on the website. Only a slash 20? Yeah it was only a slash 20 because we were ripe. Look I'll do questions in like a minute or two. But yeah it's got two megs of bandwidth so yeah. Oh and the company registration has lapsed which is another very disturbing sign. You can call up the Cyprus register of companies and ask them what the status is of this company registered at this address and they'll say that they lapsed because they didn't pay. So I would say effectively it's nationalized and the three remaining customers I'll give you a pretty good deal in color if you want but they're playing an interesting game there. They continue to take money from them certainly and yeah it can probably operate for a while because knowing the infrastructure it doesn't really require too much day-to-day maintenance. But if you leave free BSD boxes on the net unpatched for six to eight months you might start to have problems. Yeah because yeah all the network infrastructure is free BSD that's been in the press so yeah. So if anyone has any 4.8 exploits have fun. Or rather 4.6 exploits. So yeah I don't suspect much change in the legal status because there's no reason to challenge it now. I'm also in the interesting position that if I want to get any money out of it I would have to sue them. I could sue them in the US, the UK Cyprus but if I do or C-Land. But if I do it will probably resolve the C-Land sovereignty issue and does mean that there's no money to be extracted from the thing because it'll probably resolve negatively. So it's sort of like a catch 22. So yeah which is why I'm not doing other things. But yeah so just as a very basic thing right before I start doing questions they have done business with people in the past. This is what you usually find out with when you do due diligence and we did not. They had a ship registration business going on where they would register ships for people that were pirate radio broadcasters in the UK and this guy has a website and he's still really pissed off at them. Basically what happened is he tried to do pirate radio broadcasting in New York using a C-Land flag and then they hung him out to dry and the C-Land thing came up in the US court and was resolved fairly negatively and they took the ship and confiscated it and it was blown up in like die hard too. So it was like, it was a repossessor's spot sheet so yeah, you can see it on TV. And they wanted to do a TV broadcast thing to the UK rather, to the Southeast UK because most of the people in the UK live near London or in the Southeast and they ended up not doing it. I'm not sure why, maybe they didn't execute, maybe they were worried about the ITU stuff but I don't know. There was also an amateur radio day which I put a pretty reasonable amount of effort into organizing so that we do like a ham fest from C-Land and they then canceled that for UK and ITU reasons. There have been various proposals to expand C-Land physically and they've come and gone and they kept saying they were gonna issue more coins and stamps but they still haven't so that shows, yeah. So yes, next, so I'm doing other stuff that's very interesting but the key lesson from this is that if you're going to put a color facility somewhere, the political and contract stability in that jurisdiction is very important and that technical costs, when you're trying to do something it's supposed to be replicated and you end up making one of them, it's just like selling something to the government and it's really expensive for that one and customers really want pretty good service, they don't want to have their network be out for two months, yeah. The funny thing is they actually put up with it which we only lost like 25% of the customers for a two month outage, so yeah, yeah. 1500 a month? Were they charged? No, they weren't charged. They were charged for I think six weeks of the two months but it was sort of on an individual basis like how annoying the customer was where we're asking for a refund whether they got a refund or not, like yeah. Because we also didn't have any money so we couldn't really give them refunds so it was the interesting balance, yeah. But yes, so yeah, the whole idea of doing an offshore thing is I think still interesting because a lot of other countries are grouping into one big political, they have harmonized regulations in a lot of cases. It's not like they're becoming one state but they're having the same regulations in every state which is effectively the same thing and the ultimate lesson here is that if you have a very small number of people involved in the business, it's very easy to violate agreements because yeah. And it's really fun, I never got to interact with the UN or ITU before and when they say no, they say no in a very nice way, they say oh you must ask these other people and we'll do it immediately as soon as the other people say something and you get cycles and yeah. And also claiming sovereignty is actually pretty meaningless unless you have from a practical standpoint unless you have all the commercial support infrastructure there for it. Technical things, it wasn't that bad from a technical perspective until it like started getting messed with. Windstar sucks but they're out of business now so it doesn't matter and yeah. Customers aren't really that good at picking out what services they're gonna buy because when they were on the satellite we had people come and ask for bandwidth and they saw the trace routes and they said oh can we use this for fast stuff and we explained it to them but they still took it. So it's really kind of yeah. Also if you have a startup and you max out your credit cards, make sure you get something in writing in the process of maxing them out such that you get the money back or otherwise have a way to do so. Yes. So yeah. So I think still it's a reasonable idea doing an offshore thing. Oh and the press is not really as, the whole idea of having a free press try to verify things. They don't really investigate so much as report on what other people say. A lot of the press, well I do like the press, they do things like they read a press release and they reformat it and they release it as a news story. They don't really do any serious in-depth thing, particularly technical. There are a few really good tech reporters that do make good investigations of stuff but in general the quality of tech reporting is not as investigation oriented as the quality of like crime reporting or government reporting or anything else. And I think that's a serious problem. I think that's one of the reasons why we have problems like Enron and all these things is that the press isn't fulfilling their role of actively searching for problems in companies as well as with governments. And they also don't have technical knowledge so I think the best thing we could do would be to educate the press in their role as sort of like watchdogs for this stuff on how to investigate technically. I'll do questions in a minute. So what next? Secure client systems I think are important and I think secure protocols are important and I have a new company doing basically what HavenCo does but in a slightly different way. I have cages and racks in various cable head-in facilities around the world and I'm doing tamper system hardware in these facilities that you can basically put a secure server in any country you want as opposed to picking a single country and then you have to comply with the local regulations there but if you pick the right country you've got pretty good deal and it's different than HavenCo but in some ways better in some ways worse. Pretty much just gonna roll through these. Secure clients are very important. Hardware security is very important and collocation is also important. I think, yeah I'm gonna do questions in a second. Yeah. Cool. Also I trust crypto a lot more than I trust people. But cool. Oh yeah, other stuff. Two slides that are important. There's other interesting stuff like the problem with the thing I'm doing now is that it will never accomplish the goal of having a good example of a free state and that's something that was one of the main goals of HavenCo was to create a state which had certain regulations and show that these regulations were self consistent and that everyone liked doing things there if it was successful then maybe other countries would try to copy it because it's pretty useless to us if everyone in the world had to live in a tiny little platform in the North Sea. What we really wanna do is change the laws in major countries to at least be more free with respect to information and possibly with respect to drugs and everything else that were serious problems elsewhere. And that's not gonna happen when you just put Colo in other people's cable head ends but there are other projects doing it. There's a crypto, maybe I think crypto and technical means are what's gonna provide us with privacy and anonymity on the internet but it's gonna be things like the free state project that are going to provide a good place to live. It's gonna be political change in major countries through maybe acting at a local level and making local regulations. I think the drug thing is a good example of that. There are states that are refusing to enforce drug laws and maybe that will eventually put pressure on the federal government but it's a lot easier to have serious political influence in a local area than in a major area which is what the free state thing is doing. They're basically trying to take a state and change the state legislature in that particular state and it's really easy to do in a small state like if you take like New Hampshire you can get you can, each district for a congressman for the local state government there is like 7,000 people. So if everyone at DEF CON moved to New Hampshire they could elect probably 20 or 30 of the 400 members of the state government in or the state legislature in New Hampshire and that's pretty powerful. If you control a state that's pretty important. If you look at like Nevada versus California you've got pretty big difference. And I have some resources and then I'll do Q and A. I'm writing a book about the Haven Co experience. I have a chapter or so ready. I'm talking to a couple publishers. Should be ready in a while. The URL's there. There's nothing as much there. I'm gonna put up a 10 page thing when I get my 1xRTT working faster in a few minutes and I'm working on another book on how to be anonymous through technical means on the internet. I have a couple of mailing lists to discuss the stuff and it's about it but I'll do Q and A now for the remaining 10 minutes or so. The question is have I looked at the other technical ways of establishing extraterritorial hosting facilities? It was always something that was interesting. I've looked at cheap access to space through things like cannons, space launch systems and all these things. Extraterritoriality is different than sovereignty. You can do certain things if you have a location that's sovereign that you can't do otherwise. I think purely technical internet means like tamper-resistant servers in various places and P2P systems will probably do most of what pure extraterritorial systems will do with the exception of maybe it'll be a cost difference but a factor of 10 or 1,000 cost difference is a huge factor so those systems are interesting. I think space like low earth orbit is one of the most interesting because you have communications and then hosting in the same place. So yeah, is that sufficient? Okay, I'm just gonna go from that side to that side. Yeah, sure. Okay, I'm gonna go into why the bank rigmarole was a serious problem. Basically every business we had hosted with us wanted to be some sort of business that would make money and if you wanna make money you have to collect money from somebody and you can't really process credit cards, you can't really take wire transfers unless you have a bank account now. There are no good internet only payment systems that allow everyone to work without requiring incorporation or jurisdiction in some location so it was impossible for a business to work with that system. That's one of the things I'm working on still. That's why I was going to run an online currency. Sure, yeah. So one of the things that we started with Havenco was actually we were going to run an electronic cash system from day one but we refused, there was another person that was going to develop it for I think 30K and we refused to spend out of our millions of dollars, the 30K on that. So that didn't happen and then I had a system that was developed for summer of 2002 which they refused to deploy. So it was a political problem. There are different risks if you're trying to run a payment system than if you're trying to be a co-locompany. If you're trying to be a co-locompany, your customers might do bad stuff but if you're trying to run a payment system, you have to comply with financial regulations. Every company that does clearing on the internet for people requires that you be incorporated into their jurisdiction or in a major jurisdiction. There was no way a C-Land company could get business service with any of those companies which is really like a Catch-22 and made it very unsuitable. For a couple of minutes. If anyone wants to, feel free but I thought about it and I thought, if I do this, then I'll be stuck here. What am I going to do? And it doesn't really seem like it's worth the effort to do it. You could do it for like 20K or less. You'd run a helicopter, it'd be done in like 10 minutes but yeah, it's not really worth it. Yeah? Yeah, it's fast. Yeah, if anyone wants information on this, feel free to email me. Yeah? Did I have any fear that someone would pull a rainbow warrior on it? I had more fear actually that the concrete was spalling from age and was going to actually fall apart when the rebar rested as it was than that someone would actually do anything. I don't think anyone actually cared about it that much to destroy it. Our customers were completely inoffensive. They were like web hosting and they were like casinos which exist everywhere. There was a, or you can, actually I can talk about any customer in the service banner appears. There's an organ option site that has transacted exactly zero organs. There is a casino. There's an online stock market that only trades that single casino and there's, what else is there? There's a web hosting company which has a banner that's available and there's, that might be it actually. But there's like no more than two or three more. I did have a lot of customer inquiries that surprised me. There were mainly people that wanted it, the businesses that didn't need our services at all really that wanted to pay our customers. A lot of our customers that remained the longest were the ones that needed our services the least. They were running businesses that could be hosted anywhere and they just wanted it for novelty value because they had too much money. And or they liked the project or whatever else. So that was what surprised me the most. It wasn't really that people were running really innovative things because all the problem is our service was expensive enough and we didn't have all the pieces in place for payment processing to make it impossible for a little interesting project to happen. There were people that came to me with ideas for things and I was able to get them like discounted hosting until a certain point when the people decided they wouldn't allow that kind of thing to happen. And I didn't have enough money to pay for these services for them myself because Havenko had all my money. So unfortunately interesting stuff hasn't happened. But yeah definitely I think the really interesting services are the ones that have the least capitalization especially now and those are the ones that I think are most interesting for hosting in the future. Yeah they were aimed at specific customers and I think they were misdirected because the last two octets were misplaced of a major other server. But yeah it was kind of silly. Also some customer servers installed Red Hat six, Red Hat four two, no Red Hat, some old version of Red Hat that wasn't patched and they got rooted within like three minutes and that was a cause of problems. But I should like spread out on the other side. Anyone over here that wants? Sure. Tampa resistant hardware and its application basically I'm using IBM 4758 which I got a bunch of really really cheap because some other dot com bought a bunch of them and they're like 100 bucks now. Also FreeBSD boxes with encrypted disks and otherwise designed so that if you power them off they don't have any state involved that's unencrypted. That level of security combined with the physically secure facility of like regular commercial standards like you put racks in a major colo is pretty good. It means that if somebody comes in and tries to extract the equipment they'll turn the equipment off or they otherwise will not be able to get the sensitive data on the machine. They can do a DOS attack in your machine effectively by turning it off but that's about it. So it really reduces your need for worrying about security on the physical side quite a bit which is really an important thing. It's why we originally planned to do with Havenco but no, actually my personal servers had that but nobody else's servers did. What else, sure. Okay, OpenDBS, the electronic cache system that was going to be deployed with 10 kilos of gold exists as software, does not exist as deployed system will exist as soon as I have enough colo facilities up to host it reliably. And when I move to a place where I want to be in a couple of months outside of the U.S. So I hopefully will have a working test jail electronic cache system for customers but really there's like a catch-22 in deploying a system like that. You have to have customers that you can convert all at once to it to make it a worthwhile system and if you run a colo that has payment processing for customers it's easy to do that but I'm building up customers again to do the same thing but sure, yeah. I just want to, for selfish reasons want to deploy the service as a service first as well as release the code on the same date such that I can actually make money off of it because if I release the code now I don't really have any advantage in running it but I will release all the code under like an LGPL or a GPL as soon as the system is ready to be tested. E-gold is an unrelated system. I do know that people that run E-gold and they run a system that doesn't use the same technology. They're not as worried about individual user anonymity. They're worried primarily about being a reliable long-term system. They've been in operation since like 96 or 99 or something and they're pretty good at that but they're located in the US and they keep all the records in the US and they're not worried, they have actually gone out and said that they will turn over information on subpoenas because they have to without difficulty. My system, I will only feel comfort, I will not deploy any system that's not fully anonymous to the best of my ability because I think to do otherwise is irresponsible. Anyone else? All right, cool. I do, actually I will take it out but anyone else have questions while I'm doing that? Okay. How much? Ha ha, yeah. I don't know. We could actually. Yeah. Have in fact, the contract. If they minted Sea-Land dollars, they'd probably be pegged to the US dollar but... They haven't gotten around to doing that. This is the only Sea-Land passport I have ever seen. I actually, one of the security guys had one because he'd been there for like 20 years. You can see the lovely handwritten numbers in the front. Yeah. So this cost me $220,000 in three years of my life. Yes. Yes. Yes. Joy. It doesn't have that many pages though so like it might last for like one session but that's about it. Any other questions? I have not attempted to use it because I sort of value my ability to travel unmolested and I don't like the TSA or customs or immigration all that much and I think I'd be stuck doing it. There's also, it would be a felony for me to use a Sea-Land passport entering the US because I do have a US passport so I can only use it going into another country. And I haven't really wanted to do that. I might try it. If anyone knows any government officials in another country, I'd be happy to try it but yeah. Oh sure, I think, I'll just go into my plans for Metacolo basically. What I'm doing is this pure cola thing which will make money and then I'm going also to a couple of countries around the world that have big free trade zones and setting up an internet zone within the free trade zone so that you can have maybe a couple hundred acres of space because some of these are pretty big. They're on like uninhabited or undeveloped areas and set up reverse engineering labs, set up office space, set up anything you want in these facilities that'll have high speed internet. I have three OC192s to one of them and it's really cheap. So you can do all sorts of interesting stuff from interesting places and I think once I have a couple of those up then I can go to other countries that are bigger and more respectable and say we have all this existing free trade stuff that will all move to your new place if you'll set up a certain set of laws and a certain compact that will not be violated by your country at any point. My experience dealing with countries is that they tend to try to violate stuff anyway but there are these things called guns and I would make sure that there was something stronger than the Second Amendment that made sure that the free trade zone wouldn't be at risk. So if anyone has any like maybe like division level TOE that they wanna sell really cheap someday in like 20 years, come by. A lot of the places that have big free trade zones there are usually, a lot of them are actually in unfavorable of big countries for freedom but they have small parts that are free. Like China has some autonomous free trade zones that are pretty free internally and I would be happy to set up something where it didn't transact with a local country. There are a lot of places in the Caribbean that are getting fiber now that are great for this kind of thing. Places in Central and South America. Yeah, there's a place that I have fiber to, that somebody else rather has fiber to that I can get a really good deal and have as much space as I want and thanks to the wonders of DWDM 10 pairs of fiber is an awful lot of fiber now and it goes to a major nap in the US and to Europe. So I can sell a cola really, really cheap if you get a Metacola. I would push, I would do it again if and only if we could push for a legal test case immediately. I'd put in like a month of legal test case where I'd put the best possible test case on there. I don't know what that would be, maybe that would be downloading a Metallica track or something off of our server and try to get it through the courts as quickly as possible because I wouldn't be willing to invest more than a couple months in the whole process. And that was something we had always discussed as the first thing we were gonna do but we wanted to be an external customer bringing in. We had a church of Scientology hosting customer that would have been ideal but they were nixed by our esteemed advisor. So yeah, I tried to host them covertly but they eventually found the machine that was hosted on. He's very old. He never appears in any of the photos because he's very concerned about his privacy and as much as he has screwed over me and the investors in Havenco, I sort of feel that it would be inappropriate to reveal his identity. However, he would be very easy to find if he started poking around in any of the legal documents related to the circuits that we have which would be very easy to do. So if somebody wants to find him, I can probably serve as an oracle with one bit of information yes or no and so feel free to try to find this person. Anyone else? Okay, sure. Is there a market for this kind of service? I think there's only a market for this service if you can provide integrated payment processing, incorporation, messaging. You have to be a full service provider. There's a huge market if you can be a full service provider not just offering a little bit of the whole solution but if you offer the whole solution to allow a business, anyone here to create a service that is currently illegal or highly regulated in a jurisdiction, take it, move it offshore, set it up completely with no difficulty, then there's no problem getting customers. I think you would have thousands, tens of thousands of customers, especially if your pricing was variable with no real fixed minimum for the cost. I have equipment in place now. I expect over the next year to get up to full operation but I can sell Kolo in like 10 different countries right now. Payment processing I can do through other people now-ish and I hope to have the other stuff up in a few months. It's really a question of what kind of businesses come. Casinos I can trivially do now but things like a really powerful peer-to-peer system would be difficult to host and would take like six months of development time to put together hosting for. Sure, I think open source and free hosting is very important because I think every ISP really, people used to give money, like 10% of the money to the church and they would do good things for people but in the case of internet companies, church isn't really helping us in any case and I don't think any of us are particularly religious or not very many but if we donate a small amount of our resources, particularly if it's in kind resources, our professional services to worthy causes like free and open source projects, legal defense organizations like the EFF, that really is what we should be doing and I think people should maybe donate 10% of their revenue to free and open source development because they build businesses based on these things and they need to make sure that people continue doing this stuff. If every company in the world put 10% of the resources into creating free infrastructure, well Microsoft probably wouldn't want to do this but if everyone else did, free and open source software, there would be so much great free software out there, there would be, it would be great. Cool, cool, we're getting sort of, I guess there's nobody coming after, so any other questions? The main things, so for the physical facilities, I have local partners in each of the locations I'm setting up, I'm basically setting up a standard package of admin tools for each package. I have two routers, two terminal servers minimum, so basically it's a $20,000 or $30,000 build out per site, per country. So the ideal thing would be partners in interesting countries or interesting locations that have political connections or business connections that want to be partners in a local venture for this kind of thing if they're technical or not technical, as long as they're pretty familiar with local business or otherwise willing to operate. From a payment processing side, if everyone, the other thing that I would like to see is if companies would start to make their services usable without providing huge amounts of identity, we have a huge problem now that everyone requires huge amounts of identity, leaves a huge paper trail when they don't really need it. If you're creating a service, you should take exactly the minimum amount of information from your customers that's required. You shouldn't require that somebody be incorporated in your local jurisdiction to do business with them at all. You should perhaps not extend credit to them, which is a very reasonable thing, but if you just create your service to work with anonymity or pseudonymity as a default service, it'll make everyone, it'll make everything much easier for everyone. It'll prevent the possibility of you being subpoenaed for records. Well, you might be, but you won't have any records to give them. It'll make everything cheaper for everyone. So I'd like to see a fundamental shift in the way everyone architect systems to be based on pseudonyms and anonymity rather than trying to be based on long-term big certification and things. But that's a pretty big thing to ask. And payment processing infrastructure, if there was any good solution for banking in around the world that didn't require people to be incorporated or located in a certain place, that would be a tremendous help for everyone. I'd like to make money, but I'd primarily like to change the political situation in major countries as well as create a free place for doing this kind of business where people can do this thing. And I don't know, anyone knows any good publishing houses or agents, I'd be happy to talk to them too. Anyone else? Yeah, I think spam is a very interesting question because we have, in the process of fighting spam, we've actually done a lot of the things that the government would, if it were, any reason other than fighting spam and you started saying, oh, you can't run an anonymous server, you can't run an open relay. If it was anything but spam, everyone in this room would be yelling that the government shouldn't be doing this, but because it's spam, it's for some reason okay to enforce this restriction on everyone. I dislike spam a lot. Spam is really annoying, but I think the way to solve spam is to put filters in your clients and otherwise architect systems so that resources that are used are paid for as the resources are used. We shouldn't be trying to enforce identity to prevent this kind of thing and catch people after the fact. It's not effective, for one, and it creates lots of other problems. I'd love, if I could trade my, getting huge amounts of spam in the mailbox to have freedom, I'd totally do that with no problem whatsoever. From a commercial standpoint, it's tricky for ISPs to host spam without difficulty. What I'd prefer would be a system where you didn't restrict what people did saying you can't do spam, but you restrict what the characteristics of the traffic are, like you can't send out huge amounts of volume on SNTP on certain times, but, or you have to sign another contract. The other thing is if people want to sign up with an ISP that prohibits spam, as long as the ISP says we prohibit spam and under these conditions up front, that's much more acceptable to me than if somebody has, I know somebody who has a T1 to his house that a major, he actually started a provider and then it got bought by another provider and another provider and they started saying he can't run an open relay after, which wasn't used for spam, like for a long time, he'd been running this thing quite successfully, so he ended up going with another company in the Bay Area that didn't have these restrictions, but it's fundamentally, I think, contract should be how you specify what you're allowed to do and if you say something, you should stick to it, you shouldn't change it without notifying the other party and giving them a chance to break the contract. Any other? One more question. Sure. The VAT group, you mean? Yeah, I'm actually working on an unrelated to computer security hardware TAMP resistance project, which is something that I'd like to talk to those people about. So the cool thing about TAMP resistance, as it's used now, is there's a lab at Los Alamos that has broken, they published the mean, median, and minimum and maximum stats for breaking certain TAMP resistance, so cargo container seals, they've got a lot of stuff that they've got in there, so cargo container seals, they've published the stats for breaking them. It takes them a three-second minimum to break a cargo container seal that's just protecting us from whatever horrors come from tampering with cargo. It takes them a maximum, I think, four minutes or two hours to break one, a median of 90 seconds and an average of like 30 seconds, like a mean of 30 seconds, to break these things that are guarding like hundreds of thousands of dollars worth of, or millions of dollars worth of stuff getting in through customs and they're like the most experienced group in the world for breaking hardware TAMP resistance and I'm working on a completely unrelated to computer security project which involves TAMP resistance, which will be very interesting and hopefully will last for a lot longer than two hours and that's something that I will distribute freely for all but one application and charge one application for and it's an application that no one in this room likes at all, we're all against, but I'll make money off of it and then use the money from that to make the system for other applications but I can't really talk about it right now because I have a patent application sort of in the process of that but yeah, they're a pretty cool group. They, if you have a TAMP resistance thing are the people to go to to break it. Cool, I guess that's it. If anyone has any questions at any point, feel free to email me, I answer email very quickly ryanatmedicola.com.