ҹ1000

On rebel territory

Hunkered down in an offshore gun platform that they claim is beyond the reach of the law, a bunch of Internet activists has built a profitable business peddling online freedom. David Cohen met the rebels

WAVES crash over the bow of the powerboat as I scud across the North Sea at high speed. The spray stings my cheeks and every few seconds the boat bounces off the crest of a wave like a skimming stone. Ten minutes into the white-knuckle ride out of Harwich harbour, the coast behind us is just a faint outline. And that’s when I see it.

On the horizon ahead, what looks like a squat oil rig is heaving into view. This is my destination: the self-proclaimed sovereign territory of Sealand, a crumbling concrete and steel anti-aircraft gun tower built by the British Navy and abandoned after the Second World War.

The ramshackle platform, six miles off the east coast of England, is now home to one of the most radical ventures of the Internet era: HavenCo, the world’s first offshore “data haven”. I’m travelling there to meet its co-founder, a shaven-headed MIT dropout called Ryan Lackey, to hear how he has transformed this windswept dot on the map into a dotcom that’s defying the system.

This week, in what will be HavenCo’s first publicly defiant act, Lackey will launch a website hosting DeCSS, the notorious software that disables anti-piracy systems on DVD players and discs. DeCSS was recently outlawed in the US and is soon to be made illegal across the European Union too. The launch is the culmination of years of hard work setting up an Internet base which, Lackey believes, is beyond the legal reach of governments and corporations.

Two years ago, Lackey teamed up with a group of American cryptographers and British entrepreneurs to set up HavenCo. The idea was to exploit Sealand’s self-proclaimed sovereignty to cash in on the ongoing restriction of online freedom. To its customers, HavenCo’s Internet servers are an information sanctuary where freedom of speech, anonymity and privacy are guaranteed.

An eerie omen of that constriction of freedom surfaced last autumn as a direct consequence of the 11 September attacks. Backed by new laws passed while the US was still in shock, Federal agents raided and closed down several websites publishing what they considered to be information useful to terrorists. Among the censored information was a map of nuclear power stations across the US, floor plans of CIA offices and other intelligence buildings, a report critical of security at a chemicals plant and another report about lack of preparedness against a terrorist chemical weapons attack.

Even before 11 September, the Internet was being blamed for giving “evil-doers” access to dangerous information and making it easy for criminals to cover their tracks. Law enforcement agencies pointed their finger mainly at the use of strong encryption techniques and the ability to use email systems called “remailers” to send anonymous and untraceable messages.

Meanwhile, big business has been banging a similar anti-Internet drum. Angered by file-trading networks such as Napster, which enable mass distribution of pirated music, films and software, corporations are calling for more policing of, and restrictions on, the Internet.

As a result, Western governments are now bulldozing ahead with legislation to help them police the Net. The “frontier” days of the late 1990s are coming to a close. Virtual borders are being drawn and behind those borders many rights and freedoms we take for granted in the real world are being crushed (see “The law logs on”).

Since September 2001, the Electronic Frontier Foundation, a San Francisco group that campaigns for online freedom, has been monitoring and cataloguing website closures, surveillance activities and other actions by government and law enforcement agencies that have restricted freedom of speech. They counted more than 100 websites that were modified or temporarily closed down, including extremist sites such as iraradio.com, qoqaz.com and raisethefist.com. The US also temporarily shut down Somalia’s only connection to the Internet because it suspected that the telecoms company providing the link was connected with terrorism.

It was with an almost prescient anticipation of such actions that Lackey and his colleagues began looking for a bolt-hole beyond governmental reach. In his late teens, Lackey, now 23, had been involved in an online gambling business based in the tax haven of Anguilla. This got him thinking: was it possible to dodge information-disclosure laws in the same way? In a nutshell, could he set up an offshore data haven?

Lackey and co-founder Sean Hastings toyed with several schemes to put themselves beyond the reach of the law. At one point they even considered building an artificial island off the coast of California. Unsurprisingly, they decided that would be too costly, so they turned to the Web to trawl for ideas.

And that’s when they found Sealand. They emailed their business plan to its “government” and in June 2000 HavenCo was born.

Sealand’s history goes back to 1967 when former army major Roy Bates and his wife Joan occupied the disused gun platform, then called Roughs Tower. At the time the platform was considered to be in international waters, so on 2 September Bates declared it a sovereign state and installed himself as the Prince of Sealand.

Britain was not amused. In 1968 the Ministry of Defence dispatched a helicopter and a ship to evict the new occupants. Bates fired defiant warning shots and was promptly arrested and dragged back to the mainland for prosecution.

But in what Sealanders now point to as the landmark case, the High Court judge ruled that the platform was beyond the then three-mile limit of British territorial waters. Sealanders immediately set about making coins and stamps and issuing passports.

In 1987, Britain extended its territorial waters to 12 miles, annexing Sealand in the process. The current British government does not recognise the sovereignty of Sealand and a Home Office spokesman says that any company resident there would have to comply with British law, including laws restricting Internet freedom.

But Sealand remains defiant. The current head of state, Roy’s son Michael Bates, argues that international law does not permit the extension of territorial waters to engulf another nation and that Britain’s claims are unfounded. And so the situation stands and the legal status of Sealand’s sovereignty awaits a test in a court of law—a test that will surely come now that HavenCo has taken up residence.

In the meantime, HavenCo is taking no chances. In the real world, digital freedom has to be backed up by very physical levels of security.

Our boat pulls up alongside one of Sealand’s two hollow, seven-storey concrete legs—the first line of defence. Someone lowers a winch, the boat is hooked like a bucket and plucked from the water. Anyone trying to board Sealand would have to brave the surging surf and scale the 20 metres to the main platform. Then they’d have to overpower an armed crew.

Lackey is on deck to meet me, but after a brief “hello” he disappears down below to finish off some work. I’m shown into a shabby office under the disused helipad to have my passport inspected and stamped.

Apart from a day’s shore leave, Lackey has spent the past six months on the platform—no bigger than a tennis court—running HavenCo’s servers with nothing but a satellite Internet link and a mobile phone connecting him to the outside world. Supplies come in from Britain every week along with a changeover of crew—a guard and a maintenance hand. Entertainment is limited to computer games, DVDs and Web surfing.

To the outsider, this isolated and crumbling dive might seem like a funny place to find freedom. But Lackey has long abandoned the quaint 20th-century meaning of the word. This is digital freedom, the ability to do whatever you like in the privacy of your own Internet server, away from the prying eyes of governments, regulators, competitors and anyone else eager to stick their nose into your business.

Presently, Lackey spirits me down to the third floor of the south tower, for a look at HavenCo’s Internet servers and an exposition of its philosophy.

He tells me he strongly believes that freedom of speech and the ability to remain anonymous—once taken for granted by netizens—are becoming ever more difficult. And while the legal clampdown may have benefits when it comes to catching criminals and terrorists, Lackey says the laws are stifling legitimate dissent and are an affront to human rights. “I think the balance of power has swung too far,” he says.

He clearly isn’t alone in these opinions. A growing number of businesses, organisations and free-speech activists are turning to HavenCo so they can do with their data what they please—keep it secret or anonymous, or distribute it without fear of censorship. What’s more, they’re prepared to pay. “We’re one of the few dotcoms that’s actually making money,” says Lackey with a grin.

Customers are free to store or publish any information they like on HavenCo’s servers as long as they comply with a minimalist Acceptable Use Policy. At present this allows just about everything under the sun except child pornography and sending bulk emails, also known as “spam”.

In return for their money, customers get peace of mind that their data will be protected at all costs. “If I believed that my client was being put under duress by a court to hand over information I would not hand anything over,” Lackey says, adding that no law can compel him to do so. If push came to shove and Sealand were raided, Lackey says he’d destroy the servers rather than let them fall into the wrong hands. What’s more, he says his clients could not be held accountable because access to the data would be physically and legally beyond the clients’ control.

Lackey says he’s not afraid to defy law enforcement agencies. “If the CIA approached me I would definitely not comply, but I would publicise the fact that I did not cooperate with them. That would gain me kudos with my customers.”

So far, most of the companies HavenCo hosts are rather seamy: online casinos and gambling sites, Internet currencies and share-tip information sites. But more principled exponents of online freedom are starting to arrive too. Sealand hosts websites for political groups banned in their own countries, including Tibet Online, the website of the Tibetan government in exile. It also has anonymising email systems—servers that strip the original sender’s email address from a message and forward it on—which are a godsend to whistle-blowers. HavenCo, in other words, is a success. But can it last?

Ross Anderson, a computer scientist at Cambridge University and co-founder of the Foundation for Information Policy Research, thinks not. He says law enforcement agencies will simply go after the undesirables who host data on Sealand. “If you are a substantial business, or even someone who is readily identifiable or prosecutable, this doesn’t help that much,” he says. Lee Tien, senior staff attorney at the Electronic Frontier Foundation, agrees. “For the time being it may be a solution, but I’m certainly not optimistic that Sealand can resist the UK,” he says. “The developed nations are very aware of data havens and the Convention on Cybercrime is a big step towards creating international consensus on how to deal with the issue.”

The acid test may not be far away. If HavenCo does indeed host DeCSS, it’ll almost certainly bring the law down on itself. The US movie industry has launched legal attacks on DeCSS wherever it has appeared, and Sealand won’t be any different. Then we’ll see who’s really got the law on their side.

On rebel territory

Over the past two years, online freedom has been severely restricted by a raft of new laws, and there are more in the pipeline.

In 2000 the British government passed the Regulation of Investigatory Powers Act, which extends the police’s telephone-tapping powers to electronic communications. The RIP Act permits the police to install eavesdropping equipment in the servers of Internet Service Providers (ISPs). It also gives them power to demand the keys for encrypted data. Failure to comply can lead to two years in prison.

Last October the US followed suit with the USA Patriot Act. It extends the circumstances under which law enforcement agencies can monitor email and Web activity without a judge’s approval.

Meanwhile, the European Union is in the process of ratifying a new Convention on Cybercrime, which is designed to foster cross-border online surveillance. One of the most draconian powers it grants is the ability to issue EU-wide arrest warrants. These would allow, say, the British government to extradite a French citizen it suspected of breaking British law, even if their actions were legal in France.

For example, Adolf Hitler’s Mein Kampf is banned in Germany. If someone published an extract on a website hosted in Britain, where the book is legal, German authorities could demand their extradition.

The law logs on

  • The Principality of Sealand’s web address is For a catalogue of website closures and surveillance operations, see

More from New Scientist

Explore the latest news, articles and features