[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Protecting floating datahavens?
-----BEGIN PGP SIGNED MESSAGE-----
To: [email protected], [email protected]
Date: Sat Aug 17 20:15:22 1996
> The basic risks with such things are:
> 1) Getting governments to agree to leave you alone. If you're doing a
> 2) Getting governments and other pirates to actually leave you alone.
> 3) Making it work financially, for the proprietors and tenants/co-owners.
> 4) Convincing investors that you're safe enough on 1) and 2)
Auctually, the one real big problem is that the data is all in one place.
Rememeber that the whole point of a data haven isn't secure backup -- it's
secure storage. And if the place gets blown sky-high (which can easily be
done discreetly and possibly made to look like an accident), all the data
is going to be lost, and you're basically screwed.
The only workable solution to this that I can see has nothing to do with
floating countries or anything of the sort. Instead, the use of
data-splitting programs could be used. I'm not all up on the security or
reliability of these programs, so if I'm making unwarranted assumptions,
guess I did a lot of typing for nothing. This has probably been proposed
before, too, but what the hey...
For example, lets say you set up an office in 100 countries (it would be
more effective to have more, but let's say 100). Through the use of
anonymous remailers and encryption, he could apply for a customer ID number
and password. To avoid any possibility of forgery, such IDs could be
prehaps 100kb-1Mb (this is just for confirmation of identy when sending the
data into the data havens -- shorter IDs would be used for identifcation).
Then, he could split the program into 100 parts, with (say) 70 parts being
needed to restore the entire file. He would then encrypt and send each of
these files to each remailer through the Internet.
To get the data back, he would send in the ID and password, encrypted
again, to the nessecary number of offices in order to retrieve the data.
Payment, if nessecary, could be made by anonymous bank transfer or
something like ecash.
Proprietary encryption systems (PGP-like, with IDEA/RSA hybrid in it, but
can accept 5000+ bit keys and padding) might be used, as well.
This scheme has several pluses. One, it doesn't rely on any fancy legal
manuevering with off-shore nationalities and crap. Second, it isn't very
vunerable. They would need to get legal jurisdiction in 70 different
countries to sieze the data, and then they have the encryption to deal
with. Third, if there's any server problems, it wouldn't affect the entire
system. Fourth, you don't have to attach missle launchers and hire a
private security force to defend it. There are several problems, though.
First, it relies on the Internet, something which is inherantly insecure
anyway. Second, if someone's being wiretapped in their own country, then
the whole effort is in vain. Third, it would be incredibly costly, but
probably no more so than any kind of off-shore platforms. In fact, it
would probably be cheaper.
Any comments?
- ---
Sean Sutherland | GCS/C d- s+:+ a--- C+++ V--- P L E- W++ N++ K w o O-(++)
Key: E43E6489 | M-- V PS+ PE++ Y PGP++ t--- 5+++ X++ R b++ DI+ D+ G e-
Vote Browne '96 | h! !r y
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Key: finger or email w/ 'send key' in subj. http://www2.interconnect.net/maverick
iQEVAwUBMhZuq1ZoKRrkPmSJAQE9QQf7B+ikk1/dFKyydIzQkGcfX8+srK5GeRlr
5IhEFkXJY34dI4Dqg/yKQ6m/XwRMyqPHxcyV6lR6qU9ngaawBWjd1Q+HBtCOzEs6
Ch8AgTq5CWox8/7FZKz32xGJCVpPJ+etzeJSK2kqKfPnTW+yhz7rch+DIvEJKnM1
ktlxsi/3c1Hn89OLZrCHUeJQqBMoU7rVnmVv6sfGVUQuwJ09yWT457HCN7dZbH1z
Nrc+w7ewlxivH1r6KZ1DNk8BJrroQXD7mSHvXmEwyTiyr9DzaPhtlllarz/iPNFF
295F/4Cj9K2HiwJfKH7pDy60OKLBGP72xnc0cjxj8TlIp/KDY7VsPQ==
=BNfl
-----END PGP SIGNATURE-----