Talk:HavenCo: Difference between revisions
Does the original article look like an ad to anyone? |
Ryan_Lackey (talk) No edit summary |
||
| Line 15: | Line 15: | ||
----- |
|||
Feel free to speculate on such things and add them to the article! |
|||
(I am CTO of HavenCo, but I think the HavenCo article is relatively unbiased; no one else posted anything yet, though) |
|||
Our policy has always been "we can destroy stuff before it is captured, and will do so". We have sufficient security/military/etc. to protect equipment from our own staff, and from invasion. We certainly can't defend against destruction. Our communications are relatively robust (terminating in many countries), but even someone like AboveNet could be flooded off the net for a few weeks with enough effort. Our security is sufficient to delay capture long enough to destroy things (which in most cases just means shutting off power; disks are encrypted, and boot codes require positive cooperation and can be destroyed with a single switch) |
|||
We also do tamper-resistant hardware for our more security-conscious customers -- even I can't compromise it. Even if the hardware fell into "enemy" hands for months, it would be in my opinion impossible to recover data. |
|||
As for being a sting -- sure. Crypto AG is a better example. We deal with this issue by not requiring *any* information from customers; leave a bag of cash in a locker at an airport, anonymous-remail me the code, I'll pick it up, and then put a server online, using factory-standard tamper-resistance, which can be remotely verified. We *could* be a sting, but we work to make sure stuff is provably secure even from ourselves, so even if I worked for the CIA or MI6, customers could trust our security due to faith in mathematics and physics. I'd have *more* trust in HavenCo if it were MI6/CIA, as then you'd know for sure it was being operated professionally. Most of our customers are casinos and backups anyway, and don't really care about security from intelligence agencies. |
|||
I'll include some comments on this (including links to Crypto AG and a brief article on it) if you don't. |
|||
Revision as of 19:53, 17 November 2001
It should be noted that this article appears to have been written by someone with the same Wikipedia user name as one of the people named in the article.
One might speculate on how long HavenCo could resist an attack from a nation state or its police force, or how robust its communications to the Net are against attack.
One might also speculate what form a sting operation by a nation state against prospective data haven users would take.
Feel free to speculate on such things and add them to the article!
(I am CTO of HavenCo, but I think the HavenCo article is relatively unbiased; no one else posted anything yet, though)
Our policy has always been "we can destroy stuff before it is captured, and will do so". We have sufficient security/military/etc. to protect equipment from our own staff, and from invasion. We certainly can't defend against destruction. Our communications are relatively robust (terminating in many countries), but even someone like AboveNet could be flooded off the net for a few weeks with enough effort. Our security is sufficient to delay capture long enough to destroy things (which in most cases just means shutting off power; disks are encrypted, and boot codes require positive cooperation and can be destroyed with a single switch)
We also do tamper-resistant hardware for our more security-conscious customers -- even I can't compromise it. Even if the hardware fell into "enemy" hands for months, it would be in my opinion impossible to recover data.
As for being a sting -- sure. Crypto AG is a better example. We deal with this issue by not requiring *any* information from customers; leave a bag of cash in a locker at an airport, anonymous-remail me the code, I'll pick it up, and then put a server online, using factory-standard tamper-resistance, which can be remotely verified. We *could* be a sting, but we work to make sure stuff is provably secure even from ourselves, so even if I worked for the CIA or MI6, customers could trust our security due to faith in mathematics and physics. I'd have *more* trust in HavenCo if it were MI6/CIA, as then you'd know for sure it was being operated professionally. Most of our customers are casinos and backups anyway, and don't really care about security from intelligence agencies.
I'll include some comments on this (including links to Crypto AG and a brief article on it) if you don't.