-----BEGIN PGP SIGNED MESSAGE----- To: stewarts@ix.netcom.com, cypherpunks@toad.com Date: Sat Aug 17 20:15:22 1996

The basic risks with such things are: 1) Getting governments to agree to leave you alone. If you're doing a 2) Getting governments and other pirates to actually leave you alone. 3) Making it work financially, for the proprietors and tenants/co-owners. 4) Convincing investors that you're safe enough on 1) and 2)

Auctually, the one real big problem is that the data is all in one place. Rememeber that the whole point of a data haven isn't secure backup -- it's secure storage. And if the place gets blown sky-high (which can easily be done discreetly and possibly made to look like an accident), all the data is going to be lost, and you're basically screwed. The only workable solution to this that I can see has nothing to do with floating countries or anything of the sort. Instead, the use of data-splitting programs could be used. I'm not all up on the security or reliability of these programs, so if I'm making unwarranted assumptions, guess I did a lot of typing for nothing. This has probably been proposed before, too, but what the hey... For example, lets say you set up an office in 100 countries (it would be more effective to have more, but let's say 100). Through the use of anonymous remailers and encryption, he could apply for a customer ID number and password. To avoid any possibility of forgery, such IDs could be prehaps 100kb-1Mb (this is just for confirmation of identy when sending the data into the data havens -- shorter IDs would be used for identifcation). Then, he could split the program into 100 parts, with (say) 70 parts being needed to restore the entire file. He would then encrypt and send each of these files to each remailer through the Internet. To get the data back, he would send in the ID and password, encrypted again, to the nessecary number of offices in order to retrieve the data. Payment, if nessecary, could be made by anonymous bank transfer or something like ecash. Proprietary encryption systems (PGP-like, with IDEA/RSA hybrid in it, but can accept 5000+ bit keys and padding) might be used, as well. This scheme has several pluses. One, it doesn't rely on any fancy legal manuevering with off-shore nationalities and crap. Second, it isn't very vunerable. They would need to get legal jurisdiction in 70 different countries to sieze the data, and then they have the encryption to deal with. Third, if there's any server problems, it wouldn't affect the entire system. Fourth, you don't have to attach missle launchers and hire a private security force to defend it. There are several problems, though. First, it relies on the Internet, something which is inherantly insecure anyway. Second, if someone's being wiretapped in their own country, then the whole effort is in vain. Third, it would be incredibly costly, but probably no more so than any kind of off-shore platforms. In fact, it would probably be cheaper. Any comments? - --- Sean Sutherland | GCS/C d- s+:+ a--- C+++ V--- P L E- W++ N++ K w o O-(++) Key: E43E6489 | M-- V PS+ PE++ Y PGP++ t--- 5+++ X++ R b++ DI+ D+ G e- Vote Browne '96 | h! !r y -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Key: finger or email w/ 'send key' in subj. http://www2.interconnect.net/maverick iQEVAwUBMhZuq1ZoKRrkPmSJAQE9QQf7B+ikk1/dFKyydIzQkGcfX8+srK5GeRlr 5IhEFkXJY34dI4Dqg/yKQ6m/XwRMyqPHxcyV6lR6qU9ngaawBWjd1Q+HBtCOzEs6 Ch8AgTq5CWox8/7FZKz32xGJCVpPJ+etzeJSK2kqKfPnTW+yhz7rch+DIvEJKnM1 ktlxsi/3c1Hn89OLZrCHUeJQqBMoU7rVnmVv6sfGVUQuwJ09yWT457HCN7dZbH1z Nrc+w7ewlxivH1r6KZ1DNk8BJrroQXD7mSHvXmEwyTiyr9DzaPhtlllarz/iPNFF 295F/4Cj9K2HiwJfKH7pDy60OKLBGP72xnc0cjxj8TlIp/KDY7VsPQ== =BNfl -----END PGP SIGNATURE-----