ISP contracts and government intervention

Apologies in advance for the non-technical nature of the query. I am a law
student researching a law review article on censorship on the Internet.
My partner and I are investigating the legal consequences of placing a ISP
offshore, in a jurisdiction like Anguilla, Nevis, the Caymen Islands or
some other place like that. Part of our problem is that we're ignorant of
the business practice in the area. I figured I'd go to the horse's mouth,
rather than playing footsie on the legal lists.

Its probable that the ISP could be run in an offshore jursidiction with
strong financial secrecy regulations and any U.S.-based managers/owners
would be insulated from legal action because they could not be identified
(at least, with American subponeas.) On the other hand, a U.S. judge could
presumably order the offshore ISP's U.S.-based upstream ISP to cut off that
ISP (or even the entire jurisdiction, depending on the situation) for DMCA
violations, gambling, etc. Basically, its an issue of how the community
would go about dealing with a blackhat ISP.

An initial question is how closely do backbone providers/upstream ISPs look
at offshore ISPs to begin with? What kind of identification/credentials
does an ISP need to come up with to get a contract? Specifically, do backbone
providers figure out who the beneficial owner of an ISP is before they hook
up the ISP? If someone pays the bills regularly, do they need anything more
than what's in

The next set of questions deal with how long a blackhat ISP could stay connected.
Under what circumstances would an upstream ISP/backbone provider cut off
the offshore ISP before a court order? What are the choices in the market
for backbone providers that are not U.S.-based (and therefore wouldn't be
subject to U.S. legal process)?

Free, encrypted, secure Web-based email at


"blackhat" seems a strong term for an ISP that wishes to operate without
government interference. There are many ISPs that are not US based, and many
ISPs that would provide service to anyone with cash, as long as a court
order does not exist to prevent or stop suck service. The only "credentials"
someone needs is a positive return on a Dun and Bradstreet credit report.
Paying in advance tends to get around even that.

Check out HavenCo, and it's purpose. I think it may be the sort of thing you
are looking for, although I would certainly never call it a "blackhat"
operation, as it is completely above board, just not interested in
government (over)regulation.

("hats" are for hackers. I don't think you'll find many folks who wear such
figurative headgear on NANOG)

- Daniel Golding

Some black hats illustrated here:


Mitch, I got some fertlizer here...from real horses!


Suggest you dip nose in it. Will come out brown...


I think this url better illustrates the pointed "dunce" hat.

Don Vixie? Eh? MIB? Black Helicopters?

My apologies for wasting everyones bandwidth with my lack of


Thanks for directing our attention to a photograph of some Men In
Black Hats; the operational benefit is immense. But in the context
we're talking about, the New Hacker's Dictionary[1] tells us that a
"black hat" is:

  "[common among security specialists] A cracker, someone bent on
  breaking into the system you are protecting. Oppose the less common
  `white hat' for an ally or friendly security specialist; the term
  `gray hat' is in occasional use for people with cracker skills
  operating within the law, e.g. in doing security evaluations. All
  three terms derive from the dress code of formulaic Westerns, in
  which bad guys wore black hats and good guys white ones."

The maintainers of MAPS RSS[2] and pals aren't interested in breaking
into your mail server. Rather, their goal is to protect others _from_
you, as you've chosen to be irresponsible and consciously operate an
open e-mail relay. The problem can be resolved by you fixing your
mail server.

Personally, I'd get by just fine without e-mail from a nice chunk of
the folks listed on your page.


[1] <>
[2] <>

order does not exist to prevent or stop suck service. The only

This should say "such service". Freudian slip, perhaps.