At 10:27 AM 8/14/96 -0700, Tim wrote:

* the role of physical vs. cyberspace data havens ..... so I tended to view data havens as not being tied to physical communities where the local potentates could revoke work permits, visas, travel permits, business licenses, etc.

Agreed. At least for now, banking havens are a different kind of market than data havens - people want to be able to demonstrate that activities are being run from Non-Taxing states, though there's a parallel need for private data communications to hide any connections back to a potentially more greedy state, and perhaps to move money back home as well. Data havens, on the other hand, may need public ports in tolerant locations, but most of their business really needs to be encrypted any way; the visible parts such as web pages are only a small part of the game. I suspect that, rather than having fixed physical locations, they probably need to operate on a Temporary Autonomous Zone basis, moving elsewhere when a jurisdiction becomes unfriendly but mostly trying to avoid too much notice.

What the form of these "cyberspace data havens" might take is unclear. Several pieces of technology are missing, just as they were missing four years ago when one of the early list members contacted me to tell me how easy it would be to set up a data haven with computers. (It wasn't easy then, and it ain't easy now. The pieces that are missing are the reifications of protocols we talk about a lot....mere encryption and authentication are only the starting points, and look at how hard it's been just to get _them_ deployed.)

Reification is one thing; developing business models and markets is another, and making the activities visible so potential users can _find_ data havens is a third. There are some activities that operate as temporary data havens today - child pornography, warez, police Red Squad and blackmail files on citizens kept illegally on home machines outside the public's control, and other unsavory groups that limit the people who know about them. Public data havens are a bit different. Finding a reason to Just Do It means you either need a real threat model or you end up becoming Yet Another Spam Server like many of the remailers have been. Some things we need to implement Data Havens - 1 - digicash or equivalent - it's coming, but it's not widely used, and if you can't pay anonymously it's tough to pay for data havening anonymously. 2 - practical temporary registration of connections - is hacking a DNS server enough? Or do we need IRC meetmes? Not sure. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com # <A HREF="http://idiom.com/~wcs"> Defuse Authority!