You shouldn't even be expected to geoblock. If I'm operating a Web site in country A, I should not have to care about country B's laws unless I am taking specific action intended to attract users in country B in particular. That's doesn't mean just to target the whole world, either. If you don't want your citizens to access something in another country, take it up with your citizens.
It was obvious from the minute that idiots started creating IP location databases in the first place that people would demand that they be used like that... and those demands seem to be winning out.
Preston talks about this in an earlier blog post. It's a matter of UK law and, I'd bet, many countries, that they have the sovereign right to legislate about matters in and outside their borders. "If Parliament says smoking in Paris is illegal, it is illegal." What's different today than when that doctrine was conceived of is: data goes everywhere, communications are decentralized, international cooperation around especially data allows nations to enforce their own rules outside their own borders by treaty.
What was known and not said when Parliament might have outlawed smoking in Paris is that there was literally nothing they could do to enforce such a law. Today the governments have options, hence the fight here. And many other places.
> It's a matter of UK law and, I'd bet, many countries, that they have the sovereign right to legislate about matters in and outside their borders.
Basically all countries take that position legally. But there are norms and customs about how often you exercise it (as well as practical questions of power).
Extraterritorial regulation of Web sites is unfortunately in the process of being established as normal, but it's a bad norm. Not as bad as drone striking anybody who lights a cigarette in Paris (which could be made legal), but a bad norm nonetheless.
Some activists should start making lots of complaints demanding that country A’s government sites comply with government B’s laws. Maybe the laws will change to reflect reality when government A says to fuck off
For many years, Google solved this by saying the laws of country X only applied in the country specific domain of Google.
They now seem to have backtracked on that and are using either the country the request came from or the country the account was set up from (both using IP geolocation)
Interestingly, Ireland seems to be one of the few countries whose constitution explicitly limits the reach of its laws:
> It is the firm will of the Irish nation, in harmony and friendship, to unite all the people who share the territory of the island of Ireland, in all the diversity of their identities and traditions, recognising that a united Ireland shall be brought about only by peaceful means with the consent of a majority of the people, democratically expressed, in both jurisdictions in the island. Until then, the laws enacted by the Parliament established by this Constitution shall have the like area and extent of application as the laws enacted by the Parliament that existed immediately before the coming into operation of this Constitution.
(Which means the territory of what is now called the Republic of Ireland, that is, explicitly excluding any claim to Northern Ireland in order to comply with the Good Friday agreement)
"Extraterritorial regulation of Web sites is unfortunately in the process of being established as normal, but it's a bad norm."
Perhaps "Extraterritorial regulation" is bad wording. A country can regulate whether an extraterritorial website is distributed and or viewed within its borders but it has no legal authority force another country to close down a website that's operating legally within its jurisdiction.
The only remaining options are diplomatic action—request the site be taken down or war/by force. Whether we like it or not the only practical action is for a country to geoblock offensive websites at its borders.
Sadly, given the current state of world affairs, it seems to me geoblocking will become the norm almost everywhere.
> Perhaps "Extraterritorial regulation" is bad wording. A country can regulate whether an extraterritorial website is distributed and or viewed within its borders but it has no legal authority force another country to close down a website that's operating legally within its jurisdiction.
The issue is they're doing this through might makes right rather than jurisdictional authority.
You have a website in one country, 99% of the content is legal in another country but it also contains a post by a user which is legal in the first country and not the second.
The second country then demands that the website remove the post -- for everyone, they don't even want it accessible via VPN -- or they'll have their ISPs block not just the entire website but also the entire shared hosting provider the website uses. The site which is entirely in the other jurisdiction can't withstand that much pressure and removes the post.
You now have a country censoring a post world-wide because they leveraged every company within their jurisdiction to enforce a law against one that isn't. That's extraterritorial regulation.
> You now have a country censoring a post world-wide because they leveraged every company within their jurisdiction to enforce a law against one that isn't. That's extraterritorial regulation.
Hopefully this will break up the cartel of websites/distributors back into a decentralised web eventually.
Ok, but I feel like the UK government hasn't thought this matter through. Think about what happens if the US decides it can enforce US law on UK soil against UK citizens. The main industry of the UK is questionable international finance using legal fictions on various islands. What happens when the US decides that that shouldn't be happening anymore? Its the same logic OfCom is using here. And unlike the UK government, the US could actually enforce this stuff in person. The US literally has military bases outside London with tanks and artillary and airstrips. This isn't a road to continue down.
PS The UK doesn't have free speech and never has. Free Speech was invented by the Dutch and the US was the first to put it in a founding document.
PPS I know of no government that thinks it can enforce their law outside of their borders against foreigners. That is outside the definition of sovereignty and something the UK government seems to have invented lately.
> Think about what happens if the US decides it can enforce US law on UK soil against UK citizens.
The US has asserted that right globally for quite some time, and literally threatened force against other countries to get them to actively support (not merely tacitly permit) such enforcement, even when it directly violated the constitutions of the countries involved (as well as simply doing armed enforcement without consent of the government iinvolved in other cases.)
This has been particularly notable since the outset of the “Global War on Terror”, but didn’t start there (it was a big part of US counter-narcotics policy long before the GWoT.)
The US is quite literally killing people outside its borders every day. It even ran a program of kidnapping and torturing people from foreign countries for years, and still maintains a network of prisions outside America. The US very much thinks it can enforce its laws however and in whatever twisted fashion it likes.
> The USA does this quite regularly. Look at FATCA as one example.
The problem here is that some twits did something like this once and since then everyone is saying "but look, they're doing it, why shouldn't we?" when they ought to be saying "we're all going to be imposing sanctions on that country until they stop doing that".
If someone is doing something, that's precedent -- but the precedent can either be "someone who does that can get away with it" or "someone who does that is not going to get away with it". And when making the decision, think through the consequences of everybody doing it to you if you allow it to be the first one.
Um, no, it attempts to compel foreign banks, which may not even have a presence in the US, to disclose information about US citizens, using various threats. It doesn't threaten to throw foreigners in jail, but it does threaten to use US government "clout" against them... and the actors it's trying to put obligations on are absolutely not US citizens.
Funny how you make tax evasion and money laundering on par with political speech. Fighting for your rights to be corrupt is a pretty weird take. If we can talk someone into doing what we want, that's perfectly legal as long as we or they aren't violating any laws. And nobody complains because getting dirty banks to spill is in everyone's best interests. Remember how happy everyone was at all the FIFA corruption data we uncovered.
It's only a tax evasion concern in the first place because the US started the trend of hoovering up wealth generated in other countries, which in-context still sounds like US overreach.
They weren't arguing for anyone's right to be corrupt in the first place though. If US citizens really have to pay extra taxes and have arduous reporting requirements then so be it, but why is the rest of the world dragged into that mess? This isn't a "dirty banks" issue; it's nearly impossible to get a bank account at any reputable institution as a US citizen abroad just because of the PITA of the reporting requirements. It's a mediocre law from questionable authority.
They didn't make anything on par, they gave an example of the US government enforcing US laws on foreign entities abroad.
Another example is that e.g. AWS Europe, even if every single one of its employees, board and what have it are all Germans, are still compelled to hand over their data if Amazon US is the parent company, under the likes of the CLOUD Act or FISA. That's a foreign entity comprised of foreign citizens and concerns the assets (data) of foreign citizens.
Besides the extraterritoriality issue, the other problem with FATCA is that it makes Americans living overseas (99% of whom are just normal people not trying to evade taxes) radioactive to overseas financial institutions because of the potential consequences of failing to report on someone's accounts properly.
Sadly a lot of Americans hear "foreign bank account" and immediately think "tax evasion" without realizing there are a lot of ordinary Americans overseas who just want to pay the rent and save for retirement but can't because Uncle Sam follows us wherever we go for life.
> What happens when the US decides that that shouldn't be happening anymore?
Like the US did with Swiss banks?
“…the standard of justice depends on the equality of power to compel and that in fact the strong do what they have the power to do and the weak accept what they have to accept.”
— Thucydides, 5.89 (trans. Rex Warner, Penguin Classics edition)
The US government in that case was requesting information on US citizens and not foreign nationals. I put in those last two words ("against foreigners") for a reason. If the UK government was trying to enforce UK law on UK citizens in the US, that's one thing. That's not what is happening with Ofcom, they want to enforce these laws against US citizens in US territory. That is a very blatant violation of US national sovereignty.
> Think about what happens if the US decides it can enforce US law on UK soil against UK citizens.
Yeah about that …
Try looking up Gary McKinnon or Larry Love. The US has a history of this stuff, those are just a couple of examples. Hell, Kim Dotcom (NZ but same deal).
And that’s before we get into whatever the f*ck was happening at Guantanamo Bay.
> I know of no government that thinks it can enforce their law outside of their borders against foreigners.
> I know of no government that thinks it can enforce their law outside of their borders against foreigners. That is outside the definition of sovereignty and something the UK government seems to have invented lately.
The USA has been doing this for a long time e.g. Wikileaks and Julian Assange, Kim Dotcom etc.
> It's a matter of UK law and, I'd bet, many countries, that they have the sovereign right to legislate about matters in and outside their borders.
As I mentioned elsewhere in this thread, the entire founding political mythology of the United States is pretty much "The Parliament of the UK tried to regulate our freedom of speech without even giving us a vote, and that was intolerable." Specifically, the Stamp Act was seen as suppressing the right of the American colonies to engage in political speech. (This wasn't the only reason for the Revolutionary War, but it's one of the ones we still remember. We remember it in part because laws regulating the publishers of political pamphlets get complained about in political pamphlets.)
This isn't a political issue in the normal sense. It's more like Guy Fawkes and the "gunpowder treason and plot." The one thing that the "Tea Party" and the "No Kings" protestors can probably still agree about is that the Stamp Act was bad, because this issue is part of the fundamental political mythology of the country. "The British Parliament does not get to regulate our speech" is right up there with "The President does not get to wear a crown."
This is not a fight that the UK government can actually win, not in the long run. Any US politician who allows Parliament to regulate the speech of a US citizen will find themselves in the awkward position of British politician who proposed a national monument to Guy Fawkes. Allowing this is "Un-American" in these sense that it goes almost directly against our founding patriotic mythology and symbolism.
The UK should just accept the geo-IP block of the UK as a compromise, and walk away. This particular fight isn't worth it. Trust me on this.
> "If Parliament says smoking in Paris is illegal, it is illegal."
I'm not entirely sure if you yourself understand the context or real meaning of that phrase, but for others at least, it was NOT meant to highlight that Parliament has a burning desire or real ability to legislate outside of its jurisdiction!
Just that it has the legal authority to create any such law, and that the legitimacy of a law is not dependent on its moral content. It's merely a paraphrasing/summary of H.L.A. Hart's legal positivism.
The Americans take the same stance. See their obsession with copyright for example. You know, up until American companies violated those laws en masse in the name of profit and suddenly nobody cared.
No the US doesn't do that. We had to make special international treaties which involved getting other governments to sign up for that (in exchange for other concessions). Stop inventing things that never happened just to excuse your politicians bad behavior.
PS Arresting foreigners for things that happened outside of your territory is an act of war.
You should ask AI go give you a long list of people who were arrested/captured/kidnapped/killed by the USA for the things they did outside of the US. Often, without doing anything illegal (locally, but sometimes even by US law).
Guantanamo bay exists outside of the US territory for a reason, so that no legal rules would apply. CIA/USA has been keeping secret prisons and torturing people all around the world (incl. EU).
Conflating people shooting at your military with freedom of speech is pretty insane. But I understand, the UK has never had free speech so you just don't know what it means.
Look, I am the first to say that the US dogpiling that happens online is sometimes not justified. In this case, though, this is not a hill you want to die on. Extrajudicial black site funny business is kind of the US's thing. It's good that the US makes treaties but if those treaties fail to materialize and the US wants something bad enough, it'll happen.
If you operate a website outside UK and that's it, you may not care. But if you offer paid servies, collect money from UK citizens, you must have a business representation in the UK, which is bound by UK laws, can be fined, dragged to a court, etc. If you have this vulnerability, or you don't but your holding company has other web properties that do, the UK government has a way to make you listen and comply.
> But if you offer paid servies, collect money from UK citizens, you must have a business representation in the UK
I don't think that's true at all. You be taking payment by credit card, which doesn't require you to have any local presence.
I think your bigger risk is that you get a judgement made against you by a UK court, which a court that has jurisdiction over you is willing to enforce. I'm not sure under what circumstances that is the case, but I believe that it being the case with libel judgements has been an issue for a while (since plaintiffs can 'forum shop').
> You be taking payment by credit card, which doesn't require you to have any local presence.
But you're offering an online product, plus you are taking money from people from all over the world, whose governments have different regulations and points of view, your own business charges differently for different countries, and credit card providers are bound to different fees and/or extra charges for international transactions.
You ship me money, I ship you product. I don't need presence in your country, you don't need presence in mine. If your country doesn't like my product, they can enforce against you (or block it at the border).
I broadcast radio from my country, according to the rules of my country. If you tune in, and your country doesn't like it, they can enforce on you or broadcast something else on the same frequency if that's allowed by their rules.
And to be clear, that’s still true for selling services online to UK citizens who are also UK residents, it’s not a quirk of you having moved away from the UK - it’s just not true that you need a legal presence in the UK to serve customers from the UK.
Is there no way to improve the user experience for this?
Company A sells cryptocurrency in country A. Company B is a payment processor in country B. You in country A go to the country B merchant's website and enter your card info to buy something. Your card gets charged by company A to buy cryptocurrency, the merchant gets the money through company B and the transfer of cryptocurrency from company A to company B happens in software on a server somewhere and the user doesn't have to do anything.
Why is this either not happening or not sufficient?
The UK has no problem asking their ISPs to block the Pirate Bay. Why can’t OFCOM do this? I don’t understand the attempt to pursue this in a foreign country. It’s fairly obvious that what they’re doing are not considered crimes in the US and politically it looks bad from Trump and his administration. And also, until 5 mins ago I had no idea this site existed. Now I do. Seems to achieve the polar opposite as I’m in the UK and browsing a dangerous forbidden site now. Wooooo
RIRs don't prohibit out-of-region use of IP addresses or ASNs registered in their region. The country an IP is registered in is not necessarily the country it's being used in.
ASN is even worse, honestly. If I'm behind starlinks AS then I'm American? AWS, I'm also American? Level 3? American. Colt leased line in my office in Madrid, apparently I'm English.
That's the current status quo. The UK can't sue you, extradite you, or really do anything. Assuming that your service providers are US based and you follow US law, they can pound sand. In practice, the US is the only country powerful enough to enforce its laws extraterritoriality. The UK trying to enforce its internet laws on me? An American citizen? Funny joke
As long as you don't set foot on British soil you'll be fine. But that's less simple than it sounds. Don't book a flight that connects in the UK, sure. But what if your NYC-to-Munich flight has engine trouble and needs to make an emergency landing in London? You are screwed: You'll be pulled off the plane and taken to jail.
Will the US embassy get involved? Of course. Will they get you released? Maybe, but it's not guaranteed. And you are in for a bad time regardless.
The UK knows their place. They could do that but they won't. Also, they'll have trouble even finding who the business operator is. The US allows pseudonymous business structures and their subpoena request will be thrown out on a 1st amendment defense.
I can only imagine the storm that would emerge if the morning the UK ever attempted to arrest an American for self-expression inside or outside the USA. That is how you get some Democracy delivered.
I've just come to this story after seeing it on HN so I might have misunderstandings from being unaware of the background. Also, I neither reside in the US nor UK so I'd have not seen local media reports.
In short, I gather UK's Ofcom is threatening a US web site for online content that is lawful within the US's jurisdiction and unlawful in the UK as it contravenes the UK's Online Safety Act.
I am bewildered that Preston Byrne has even bothered to acknowledge Ofcom's correspondence let alone respond to it as the UK (Ofcom) has no jurisdiction over actions of any entity or person within the continental US—or for that matter the actions of those outside its borders unless, say, covered by treaty, etc.
That Preston Byrne responded to Ofcom seems strange given the fact that he is not only a lawyer but also head of legal and compliance at Arkham law firm, thus he ought to be aware that is client is shielded from UK law by virtue that the UK has no jurisdiction on US territory.
If I'd been Byrne I'd not have even acknowledged Ofcom's correspondence with a 'fuck off/cease and desist' reply but filed it in the trash can. (If there's some mitigating matter I've missed here let me know.)
It's clear to me the the UK's Online Safety Act stops at its borders so the UK has full responsibility for blocking websites that are physically outside its jurisdiction, similarly blocking or stopping its citizens from accessing accessing them.
It seems to me many of the younger internet fraternity are unaware that there's longstanding precedent for how such matters are handled. Back in the days of the Cold War before the internet some countries used to broadcast propaganda on HF/shortwave radio bands to those that were their political enemies and recipient countries would attempt to jam the broadcasts so their citizens would not be able to listen to them. For example, Communist USSR, China etc. would jam the BBC or the US's VOA (Voice of America).
Simply, if a country did not want its citizens to listen to the broadcasts of another country it was its responsibility to jam the incoming signals. It seems to me all that has actually changed since then is that nowady the unwanted broadcasts come via internet circuits.
Frankly, Ofcom has an unmitigated hide to threaten people who are acting lawfully within the US. That said, it's not unexpected, in recent decades the UK's been acting like a petulant bully, it seems to have forgotten that without it's empire it can no longer enforce its bullyboy tactics.
BTW, the matter of what content is or is not acceptable online is completely separate issue from Ofcom's behavior. Personally, from what I've gathered I'd find content on the SaSu website unacceptable and I can understand why many in the UK want it blocked but bypassing another country's sovereign authority is not the correct way to go about it.
The UK -- and many other countries -- assert that their laws do bind people outside their borders, regardless of the absurdity (in most cases) of attempting to enforce that law elsewhere.
I think it's important to fight these sort of things even in cases where they can't actually enforce it. For one thing, say one of the site operators in question have a need or desire to visit the UK at some point in the future, but can't, because there's some sort of legal judgment against them because of this. That would be a shitty situation.
On top of that, ignoring these sorts of things also ignores possible efforts by the UK to convince other governments (like the US) to adopt similar laws, or at least agree to some level of extra-territorial enforcement. Fighting these cases sends a signal to everyone involved. You mention the UK acting like a petulant bully: yes, sometimes a good way to counteract a bully is to ignore them, but other times it's good to fight back, even when the current bullying wouldn't be effective... because future kinds of bullying might be.
"The UK -- and many other countries -- assert that their laws do bind people outside their borders…"
I'm aware of that, it's become an increasing trend over the past 40 or so years as diplomatic norms have broken down, changed or become more disrespected. If it continues we'll see even more tit for tat reprisals as respect for international law and authority continues to break down (we're now 80 years on from WWII and the world has almost forgotten lessons learned and the international order that arose from that conflict).
"…have a need or desire to visit the UK at some point in the future, but can't, because there's some sort of legal judgment against them because of this."
I remember a time when my passport was stamped in big purple letters "Not Valid for XYZ" country for reasons like that (I could not legally leave the county if that was my destination).
Matters would likely come to a head if say US passports were stamped "Not Valid for the UK". Moreover, it's incumbent on a country to protect its citizens who have done nothing wrong by their laws—hence a country should so warn its citizens beforehand, and stamping passports with large signs is very effective.
This is all part of a much bigger issue too big to address here. It's why I believe it's going to get much worse before it gets better. As I said elsewhere, I believe that with the increase in political and cultural differences brought about by rising nationalism we will see an increase in geoblocking everywhere. I find the trends shocking but there's stuff-all I can do about them.
Edit: I must emphasize that whilst I'm defending the right of law abiding US citizens against action by other governments, I'm not defending the US Government per se (some of it's actions of late I consider alarming). Again, these are separate issues.
> If I'm operating a Web site in country A, I should not have to care about country B's laws
Not defending UK's idiotic laws, but this doesn't hold. If you cannot regulate websites outside of the country of origin, then no internet regulation can hold for any subject. Openly selling stolen personal credentials or botnet usage? Piracy? Reselling personal information without disclosure?
So there are effectively three options for internet regulation;
- Require websites to operate region by region with IP blocks for any non-target market. This is much of EU law is applied. If you put an effort to not serve EU costumers, you can skip following EU rules. "comply or leave"
- Any country can regulate any website regardless of origin, like the UK seems to push for. This is an insane proposal and could easily create geopolitical disputes. Great firewall and banning VPNs would be the only proper way to achieve what they seem to aim for.... which i wouldn't put past them by now.
- Give up regulating the internet entirely. Some level of regulation is valuable so I don't think this will ever work. There are simply some things illegal and deplorable enough to require laws.
No Internet regulation can hold extraterritorially. You leave out the obvious and most important case: the country where the Web site or whatever is located enforcing its own laws. Which is actually how all law has mostly worked from day one.
> Openly selling stolen personal credentials or botnet usage? Piracy? Reselling personal information without disclosure?
If you find a jurisdiction where those are all legal, then I guess you just have to block your citizens from reaching it, or punish them if they do. Not particularly tricky.
> Which is actually how all law has mostly worked from day one.
Internet but not for any other commerce. If you sell products to someone in the EU, you are liable to EU laws about that product category and commercial activity. The internet is the only exception, and that has caused a lot of problems.
IP block is the currently the only reasonable way to apply laws to internet based commerce. It has its flaws in accuracy; but ISPs could easily create a system to make them more reliable for IP lookup. Arguing that websites cannot be regulated outside of country of origin is an insane position to take with even the minimal level of hypothetical reasoning of what that would imply.
UKs laws are dumb, but they should be free to enforce them for websites operating in the UK. And websites should be able to leave the UK to avoid complying. This is a reasonable compromise that is already how both US and EU internet laws operate.
> Internet but not for any other commerce. If you sell products to someone in the EU, you are liable to EU laws about that product category and commercial activity. The internet is the only exception, and that has caused a lot of problems.
I don't know the state of play now, and I do know that things have gotten more that way over time. But the traditional approach to international product sales is that the importer is responsible. That originally meant the person who physically brought it into the country. As common carriers became more common, it meant the person who ordered the thing. That's occasionally been leavened by some consideration of whether the seller specifically targeted customers in the receiving country. And nowadays there's more of a tendency to start "blaming" sellers in some cases, probably because nowadays "importing" something is often a retail order from a specific consumer, as opposed to somebody bringing in a shipping container on spec to resell. Maybe some of those changes are appropriate, but it's just not true that physical goods have always been treated the way you want Web sites treated here, or even that they're mostly treated that way now.
> IP block is the currently the only reasonable way to apply laws to internet based commerce.
"IP block" works in both directions.
If you want to keep something out of your country, you should be responsible for blocking it, not the other way around. That's not necessarily easy, but it's less costly in total than demanding that every Web site enforce every country's regulation... and it has the advantage of putting the cost of a regulation on the people imposing it, which is where it belongs.
> It has its flaws in accuracy; but ISPs could easily create a system to make them more reliable for IP lookup.
From your use of the word "easily", I conclude that you personally would not be among those responsible for making that work.
> Arguing that websites cannot be regulated outside of country of origin is an insane position to take with even the minimal level of hypothetical reasoning of what that would imply.
First, you can in fact "regulate" by blocking, without trying to extend the reach of your laws outside of your border. Your claim that a regulator is left totally powerless is just false.
Second, in practice, that "hypothetical" is pretty close to what we have now, and even closer to what we had 10 years ago. The world did not end.
> UKs laws are dumb, but they should be free to enforce them for websites operating in the UK
Sure, as long as we recognize that "operating in the UK" properly means "is physically located in or controlled from the UK" and not "happens to be accessible to people in the UK". The latter definition would indeed be insane.
> If you cannot regulate websites outside of the country of origin, then no internet regulation can hold for any subject.
It can, but instead of forcing other people to follow your laws, you have to block your country's residents from accessing the sites that break your laws.
I'm not saying I love this method either (China is famously very good at it, and I don't think their methods foster a healthy society), but I believe it should be the only lever you have. Forcing people outside your jurisdiction to follow your laws is a violation of another country's sovereignty.
As an aside, should I take pains to ensure any website I operate follows the laws of North Korea? Iran? China? Russia? Should we be complacent and accepting if HN were to be targeted by any of those governments because people here have undoubtedly said unflattering things about the leaders of those countries?
Of course not. But even though we're talking about a "friend"-type country here, it's not any different.
Another option is an anti-money-laundering like system.
It would need to be set up by an extremely powerful country, either the US or an alliance of smaller countries through international treaty.
It would work as follows:
There'd be a "naughty list." Anybody on the list would be arrested upon entering a participating country. This would include past or current company employees (if employed after the listing date). Companies from participating countries would be prohibited from interacting with listed organizations in any way, under treat of sanctions. This would include VPN, cloud and hosting companies, ISPs, domain registrars, email hosts, payment processors and ad networks. This would provide basic site blocking.
Foreign companies wouldn't be subject to the sanctions, but participating countries would also put them on the list.
You're aware this exists, yes? It's called the OFAC list. It's not generally used to list technologists or web sites related to speech, though, as far as I know.
Then no country should have legal authority over companies operating in the country but based internationally. You could earn a lot of money by selling unregistered firearms, pipe bombs or drugs over the internet and sending it over the border.
"If country B doesn’t like it, block the mail in question". Saying only the country of origin can regulate activity done in another country creates a legal worm-bucket with vast implications. It's also not how laws work currently in pretty much any other sector than the internet.
IP block should be sufficient to void the laws; That's how other EU laws work. If the UK wants more than than then they should just create a firewall. But saying the internet should be a fully unregulated hellscape is not a sensible position here.
> "If country B doesn’t like it, block the mail in question"
That’s actually how it works? Unless you have an extradition agreement, or military overmatch, or you are willing to expend some diplomatic leverage, you are typically not getting a citizen out of a foreign country. The government complains about this all the time with goods from SE Asia, and sometimes they seize fake designer goods and make a lot of noise about it. But the people making the knockoffs just keep on making them, don’t they?
just because a law is difficult to enforce doesn't make it not exist. There are laws for this, and they are enforced. If you aint caught its not illegal?
Typically one-sided laws are not enforced against citizens of foreign countries except in rare cases, because it creates diplomatic friction. Countries really don’t like it when you arrest their citizens for things that aren’t illegal at home. And when one country has enormous leverage over another, it’s a bad idea for the less powerful country to attempt enforcement. A visa ban would usually be a more appropriate tactic.
> Then no country should have legal authority over companies operating in the country but based internationally.
Not sure I see how your logic has led you there. If a company (regardless of where they are headquartered) is operating in your country, then you necessarily have some sort of jurisdiction over it:
- If they are using servers or domain names hosted in your country, you can seize them.
- If they are making use of your country's financial system, you can ban them from that system.
- If they are shipping physical products to your country's residents, you can intercept those packages at customs.
- If any employees (or, better, officers) of that company are physically present in your country, you can fine or arrest them if they don't comply.
- If you have an extradition treaty with the country where they're operating, you can ask that country for help. If they decline, that's unfortunate for you, but that's life.
And right, in the end, if there's no "presence" aside from people in your country accessing foreign websites, then you can (given the right legal mechanisms) order ISPs in your country to block those sites. I don't see why any foreign-operated website should have any obligation to examine your laws and pro-actively block your residents from their site if needed; if you want your laws enforced on your residents, then... enforce them on your residents.
> But saying the internet should be a fully unregulated hellscape is not a sensible position here.
While I do see a few low-effort comments to that effect, I don't think that's a common opinion here. I don't even think the person you're replying to holds that opinion.
Then no country should have legal authority over companies operating in the country but based internationally.
But this is the real issue. To what extent is a company "operating in" a country where it has no staff and no physical presence?
The principle that someone should become subject to the laws of a country they've never visited and where they have no assets just because they communicated with someone else who does live in that country seems questionable. Even if money is sent by the person living in that country to someone based elsewhere it still seems questionable.
Taken to their logical conclusion these kinds of arguments would kill off a lot of the value of the modern Internet (assuming they could be practically enforced). Can you even write a blog post any more if it might be controversial in any country in the world? Do you have to pay if you show ads next to that blog post and someone from the Sovereign Republic Of East Nowhere visits - but the Sovereign Republic Of East Nowhere has a law prohibiting online advertising as a social harm and imposing a fine of 1000% of global revenues generated through ads? What happens when the laws of two different countries are in direct conflict and one requires you to include an official warning of some kind alongside certain information on your blog but the other one prohibits such statements unless you're formally qualified to give advice in the field?
If you want to interfere with international trade or international communications at all then it makes far more sense practically - and arguably both morally and legally as well - to legislate so that your own people in your own country who are subject to your own laws are the ones who must or must not act in a certain way. If there's some kind of regulation on physical goods then make the person importing those goods responsible for compliance. If you want to tax international transactions then make the person in your country who is participating in those transactions responsible for declaring and paying the tax. But realistically this leads to a lot of non-compliance because your citizens don't have to be experts in international tax law so you can collect your $1.53 when they bought a new T-shirt from some online store based in another country and had it shipped.
We have treaties with other contries to cover most of these cases and customs to cover many others.
What the UK is doing is claiming, without having dealt with this via treaty that I am somehow responsible for keeping their citizens off my website. This is not something they can actually do. Now if they made a deal with my country that said that I had to in some way we'd be in a different universe. But currently they do not.
As I, and probably many others, see it. If they don't want UK citizens visiting 4chan or whereever they should control the flow of data through their borders better and punish their citizens for data smuggling if they vpn their way around it. It's no different than prohibited goods like automatic weapons. If I send someone in the UK a fully automatic ak-47 (which is legal in my juristiction) then I suspect UK customs will catch it at the border and possibly jail, or at least have a stern talking to the recipient.
No, they are making threats about the site in country A while the site has voluntarily blocked all of country B, with country B saying that this isn’t enough, despite the operators in country A being out of jurisdiction and making an effort to comply regardless. Country B is basically saying that the site in country A is not allowed on the internet at all.
If I recall correctly, this is how the GDPR works. If someone to who the GDPR applies to visits a website, a website cannot record any information about them, regardless of whether that website actually is based in the EU, which is why certain US websites block traffic from the EU.
1. This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not.
2. This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to:
(a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or
(b) the monitoring of their behaviour as far as their behaviour takes place within the Union.
3. This Regulation applies to the processing of personal data by a controller not established in the Union, but in a place where Member State law applies by virtue of public international law.
I don’t understand the IP location criticism at all. At least for my experience across Europe all locations that are being reported by the common databases are within 250km of the actual customer.
IP locations work great for probably a reasonably large chunk of services.
But it's the edges that get you.
I moved home a few years back, connected a new service with the same ISP.
They have an IP pool that is labelled as for one state (Victoria, Australia) but is also used for their services in Tasmania.
So now I have to fight every major website (Google, Amazon, Maxmind, etc) that does GeoIP lookups that I'm not in Victoria, I'm 500-800KM away.
Google was very confused for about 12 months because when I moved I also brought my wifi gear and so it would give me a precise location of my old address because it used wifi geolocation.
Maybe this is very european of me but 250KM is outrageously far. Dublin to Belfast is like 130KM. If it says they're in Seville (in Spain) within <200KM they could also be in Portugal, Morocco, or Gibraltar. If it says you're in Brussels within <200KM you could also be in France, England, Germany, Netherlands, Lux. If you're in Vienna (Austria), you could also be in Germany, CZ, Slovakia, Hungary, Slovenia or Croatia. Maybe you're in Vilnius? You could also be in Latvia, Poland, Russia or Belarus.
I don’t agree that choosing to host a website without limiting the audience is innocent. It’s a choice, and has been the default for a long time, but it means one has chosen to speak outside the borders of their own country and that comes with rules, like them or not.
No, one has chosen to make something available for contact within one country. One is not actively himself reaching across borders to do so. One cannot reasonably be required to take any affirmative action to fulfill the whims of a foreign government.
Also, Britain isn't important enough to make this stick against e.g. an American.
If someone writes me a letter asking a question about material that is prohibited in his own country, that is not my problem. It is his responsibility to comply with local law and that of local government to seize material that is illegal there. They cannot deputize me to act, unpaid and without consent, on their behalf.
What is having your web server send IP packets with an IP address addressed to an overseas address to your ISP who you have signed a contract with to have them deliver those packets to the designated address if not actively reaching across borders?
That's what happens when you respond to a request after all. (Up to very minor nits, e.g. you might be paying a cloud provider instead of an ISP).
It is a reply. I am not responsible for checking the locality of an IP address. Indeed, I can never do so with one hundred per cent accuracy. It is Not My Problem.
Governments that expect some content or other blocked can damn well do it themselves, in their own legal system. They cannot compel someone else to spend his time, talent, or treasure to enforce their petty rules.
If they go after one of their own for requesting something from me, whatever. If they block me, whatever. I suppose they're within their rights to do that.
The federal government "deputizing" or trying to chill private actors out of speech, out of doing business, etc. is a violation of Americans' first amendment rights; so held SCOTUS last year. No way in h--- are we letting some tinpot foreigner do so.
It is a reply... that you chose to send despite being fully aware that by doing so you might be reaching out across borders because that's how the internet and your contracts with your service providers works.
Governments can do whatever they damn well please in their own territory. Including arresting you if you ever visit because you violated some law that they wrote that applies to people in the rest of the world, or even you violated some law that a friend of theirs (i.e. a country with an extradition treaty) wrote to apply to people in the rest of the world. If those actions compel people to spend their time, talent, or treasure to enforce their petty rules then they can do that.
Whatever "actively reaching out" standard you are imagining doesn't exist in the first place. Even if it did though, you clearly violated it when you sent the reply to the request actively aware that it could go across borders.
SCOTUS (with an emphasis on the US) decisions seem rather irrelevant to non-US actors.
> It is a reply... that you chose to send despite being fully aware that by doing so you might be reaching out across borders because that's how the internet and your contracts with your service providers works.
I think you're looking at it the wrong way. I'm not thinking about that at all. I do not care about that at all. I am not beholden to the laws of any other nation when I operate my website[0]. I don't care about "reaching out across borders". I don't event know the geographical origin of requests that hit my server, because I don't care, and I have no need or desire to hook up some sort of (error-prone) geoIP database to my logs in order to categorize requests. Once the HTTP response packets leave my server and hit the first router hop, I have no knowledge or interest in where they end up after that.
> SCOTUS (with an emphasis on the US) decisions seem rather irrelevant to non-US actors.
Not sure why you're bringing that up, as GP didn't mention SCOTUS at all. But as a US citizen and resident, SCOTUS' rulings are all that matter to me when it comes to what I personally do while at home. If SCOTUS says the content on my website is legal based on US law, then I don't really care whether or not it's legal in other countries[0, again], and I shouldn't really have to; life is too short to have to worry about that sort of thing.
[0] Sure, I agree with you that this could be a problem for me if I do break any of their laws, and then later decide I want to visit that country. It could also be a problem if that country has an extradition treaty with mine, and my country is for some reason incentivized to give me up.
The US will enforce most UK court judgements. I'm not sure how administrative fines work; there might be a need to involve a court first, but once that's done the US will [on edit- may] enforce them.
The US will not enforce UK judgements or fines if enforcing them is contrary to the US' own laws, including its Constitution. SCOTUS ultimately decides when that's the case.
So it's really, really relevant to whether a non-US actor like Ofcom can actually collect fines from people inside the US. That's a separate question from what the UK government can do to people from the US who actually enter the UK, and an important one.
Sure... I think it's pretty much a given that Ofcom expects the US won't help them enforce this law given the 1st amendment. That doesn't mean they won't/shouldn't do their best to do so by themselves..
That's exactly what it means. Actions have costs. Actions this stupid have big costs. If a task is impossible and even trying has a cost, its best to do nothing. Ofcom are bureaucrats, I'm sure they are well practiced at doing nothing anyway.
Starmer's approval rating is under 20% now and his party doesn't have a snowball's chance in hell of holding on to power. Labour has dropped to 4th in the current polls. He is the most unpopular PM in UK history. Dumb things like this are probably part of why. So continuing the same hopeless and unpopular actions is probably a bad idea. I don't think he can jail enough UK citizens to keep himself in power.
> That doesn't mean they won't/shouldn't do their best to do so by themselves.
If I were a UK citizen or resident, I'd probably be pretty pissed off that Ofcom was wasting money and resources on battles they are going to lose. Well, I suppose, since Ofcom is funded in large part by the UK-based businesses it regulates, if I were an officer, employee, or shareholder of one of those companies, I'd be pissed that they're wasting money paid by my company to fund them.
And even though Ofcom is not directly a UK government agency, there are certainly political costs to tilting at windmills for the UK government.
“ Governments that expect some content or other blocked can damn well do it themselves, in their own legal system”
What you are describing is exactly what is going on here. OFCAM’s final action, if taken, is blocking at ISP level. All of the legal stuff is happening in the UK system.
I’m just sort of curious for your thoughts after learning that.
(Also, I’m curious about the SCOTUS decision, I.e. which one? I used to be a law nerd and got a kick out of reading oral arguments for the first time in years this week, would appreciate more material)
No, it's also able to do things like issue fines, which they have, although American law is not amenable to actually collecting those if their assets are all here. I don't really care if british choose to block something on british soil.
Murthy v. Missouri was generally a loss; 6-3 with Justice Barrett for the majority ruling states lacked standing, which is consistent with the Roberts court's informal policy of dodging. Alito dissented, joined by Thomas and I think Gorsuch, and that is worth a read. The more important one was NRA v. Vullo, a unanimous opinion from Sotomayor. Gorsuch wrote a concurrence as did I believe one other justice.
The client requests content from a server. The server may be abroad. It's the same as ordering goods from abroad, only much faster. I wonder what the law is for importing goods that are illegal in the destination country.
It's really the same principle. For physical goods that are crossing borders, but are illegal in the destination country, their customs officials can seize the goods. For data packets on the internet, the destination country is free to block them if they find them objectionable.
If someone writes you a letter than they have your family hostage, and to route 50.000 dollars thorough bitcoin to not have them killed, with a AI generated video as proof; are they scott free because they're not based in the US?
First of all, this is about Web sites, and that's not a valid analogy. Web sites don't spontaneously send you letters, let alone kidnap you. You only get content you actively asked for.
Second, where is the person writing the letter from? Mars? They're going to have a hard time finding a place where kidnapping and extortion are legal.
Third, the letter would in fact presumably be aimed at a specific person in a specific country... as would the kidnapping.
Websites absolutely spontaneously send letters, or advertising flyers.
The company could be from china or Russia with little interest in diplomatic pandering for such a small incident.
Providing a user a service in exchange for payment is also aimed at a specific person in a specific country.
heck, if no laws can be applied across borders, it could be a website selling the service of fake extortion letters.
And don't mix up "difficult to enforce" with "legal". Constantly changing domains and hiding who is behind the service are efforts to avoid being caught by very real and enforced laws.
This is the key point. No site is sending material to the UK unsolicited. People in the UK are initiating the download of information they find of interest. If the UK government has a problem with that, it's on them to block the downloads on their side. UK laws have no power outside the UK.
That's absurd. If I put up a website that I believe is lawful in my own country, I'm not even thinking about people in other countries. If people from elsewhere access it, it's up to them to ensure that the content on my site complies with their local laws.
If the government of their country believes that accessing my website is a problem for their residents, then the onus is on them to sort it out on their own, without my involvement. They are perfectly capable of ordering ISPs that operate inside their borders to block my website from their customers.
The fact that Ofcom hasn't just done something like this in the case of SaSu, 4chan, etc., shows that they are not actually interested in "online safety"; they're making political statements and are trying to throw their weight around like the bullies they clearly are.
> I don’t agree that choosing to host a website without limiting the audience is innocent.
"Innocent"? That's a strange word to choose. Who cares what's "innocent"?
> It’s a choice, and has been the default for a long time, but it means one has chosen to speak outside the borders of their own country and that comes with rules, like them or not.
... or it means one has chosen to speak inside the borders of their country, and people outside those borders have chosen to import that speech. Web sites don't lob speech at you willy-nilly.
The bottom line is that that standard is impractical to implement, illiberal in its effects, and just generally a bad idea. For that matter, it's also at odds with most of the ways the world treats trade in physical goods.
Beat me to it. This is my go-to analogy for people who don't understand the problem. I am 100% certain I've violated North Korean law by posting mean things about Dear Leader. I couldn't care less. If I were to find myself in NK, I'm sure I'd care a lot, but that's not going to happen, so I don't.
If I'm not afraid of violating NK law — because I'll never, ever be there — then the same logic holds for the laws of every other country I won't be visiting.
> The primary one is that the notion of a “UK based IP” is nonsense. Geolocation databases work by figuring out where people log in from and only after doing a lot of pattern recognition do those addresses get associated with that location.
I support the cause, but I don't think that's true. RIPE, the RIR responsible for UK, makes available a list of allocations per country. For UK:
This is only "supposed to be" accurate to some definition of what country the IP is assigned to, it is not an authoritative field for where it is currently being used. Multinational corporations, M&As, georedundant failover, leasing/selling, and other events often result in this field being outdated or plain wrong. Hell, I've been able to advertise part of my ARIN assigned US IP space out of a peer in Europe. This also ignores the EU designation on certain records https://wq.apnic.net/apnic-bin/whois.pl?searchtext=94.102.16...
> “country:” – Officially Assigned two-letter ISO 3166 country code or "EU" (exceptionally reserved). It has never been specified what this country represents. It could be the location of the head office of a multi-national company, where the server centre is based, or the home of the End User. Therefore, it cannot be used in any reliable way to map IP addresses to countries.
Not true, IP addresses are sold on, or even from time to time IP addresses are even leased (they can be transferred from RIRs, temporarily or permanently). Some times IP address ranges are registered with RIR but used in a different geography / region.
Geo-IP databases are mostly accurate, emphasis on mostly.
In the overwhelming majority of cases, mobile roaming traffic uses "home routing", not "local break-out". This means it is routed to the country where the user normally resides, not where they currently are. This means:
- For people visiting the UK (and potentially staying there for a long time, if on a permissive roaming plan), their IP address won't show up as UK despite long-term residence / citizenship.
- British people visiting other countries will still be subject to OSA, even when they should not be.
- People (including British people!) who buy British AirAlo SIMs may not get a British IP. AirAlo often uses SIMs registered in a different country than the one you're visiting, and the "exit node" (P-GW) may be located in a different country altogether. I suspect this last option will become quite attractive if VPN bans ever actually come into effect.
This is pretty much unfixable without major changes in how LTE roaming is conducted worldwide, and the UK isn't important enough to make that happen.
Is there really nowhere that you can get a non-UK IP while still being in the UK? What about along the Ireland/Northern Ireland border using a cellphone?
Regrettably, the list in question offers limited operational value, as it omits the so-called «exit» CIDR's utilised by major cloud service providers – a glaring omission that renders the dataset largely superficial.
Let's, for analytical clarity, set aside the UK and examine Germany as an isolated datapoint.
AWS, for instance, possesses and operates the entirety of the 3.0.0.0/9 address space – a range distributed across numerous jurisdictions and continents. Notably, significant CIDR allocations from 3.0.0.0/9 reside within German territory, yet remain absent from the RIPE registry. Such inadvertent obfuscation undermines efforts at precise geolocation.
One may, through inference and correlation – specifically via https://ip-ranges.amazonaws.com/ip-ranges.json – arrive at a reasonably accurate estimation of the German CIDR's by aggregating address ranges tied to a designate AWS region they are associated with. Such inference is only feasible due to the vendor’s decision to publish such data. I would reasonably conjecture that other cloud providers engage in a comparable practice.
Thus, whilst it is not altogether impossible to ascertain the geolocation of a given IP address, the exercise remains contingent upon the discretionary transparency of global infrastructure operators and multiple indirect information sources – a rather fragile foundation upon which to build certainty.
The most frustrating part here is that this car crash of a policy had cross party support so there wasn’t even a way for UK people like me to vote against it.
Even in Reform, I get the sense that Zia Yusuf was the only person campaigning seriously against it. Going on a one man crusade to force Farage to criticise it and put fully repealing the act on their manifesto.
Yes, but she is now allied with a party that has committed to repealing it. This seems to be the result of pure political calculation by all involved. Dorries is unfortunately quite popular with certain demographics that aren't natural Reform supporters (i.e. the sort who love the OSA), so bringing her in probably does help them. But they know they can't absorb too many former Tories without undermining the justification for their own existence.
Yeah they really shouldn’t have let Nadine Dorris into the party. For the sake of online freedom, thankfully Zia outranks her (as she holds no official position) but even so it’s not an ideal situation.
> They’re definitely not treating it like a public safety matter, where they know how to reach us and know that I generally respond within the hour.
It's been exceedingly obvious but it's nice to know that Ofcom never thought that anyone would bother to fight back. This is clearly not about public safety but about controlling American corporations.
Parliamentary forces seem to be directly suborning this corruption.
> This is clearly not about public safety but about
To me, this looks like the culmination of many years of ad hoc censorship breeding cadre of favored censors. They've all grown into a system of expectations where they can just finger frustrating bits of counter-narrative and have it disappeared.
The Powers That Be don't care to hear pesky details about jurisdiction. As such, there is no one around with the temerity to point out the inherent absurdities. So they pursue "offenders" despite the obvious futility, because not doing so means explaining difficult things to people that will not listen.
As I recently wrote[1], there is no metaphysical certitude that Ofcom and its intentions will be forever futile: all that is necessary is for the political vectors to align optimally (as they inevitably will,) and the LEOs of the US would be happy to oblige.
> This is clearly [...] about controlling American corporations
Not exactly. On the surface, it's about kowtowing to pearl-clutching UK NGOs that are empowered by Rupert and Lachlan Murdoch's hysterical tabloids; and underneath, the real agenda is about restricting the influence of unsanctioned sites that could influence UK discourse - influence that established UK press barons (like the Murdochs, Lebedev, etc) want to keep very much to themselves.
The people who are most responsive to NGO campaigning aren't overlapping much with people who read The Sun. Sorry but Murdoch can't be blamed for this one.
The OSA is mostly supported by people who read The Guardian or The Times and watch the BBC. It was originally the work of academics (not big tabloid readers usually) like Lorna Woods, who is supposedly a professor of "internet law", a guy who is the founder of Ofcom, and Baroness Beeban Kidron. If you search Google News for their names you will find lots of left leaning broadsheets and not tabloids.
Is 4chan attempting to unfairly or unduly influence UK "discourse?" Or are they just _contributing_ to it as members of the public on an anonymous forum?
> Rupert and Lachlan Murdoch's hysterical tabloids
Which actually are an attempt to influence UK discourse. The framing errors are interesting.
This is how the UK government, faced with pressing issues, chooses to waste its time and destroy its remaining reputation for competence.
There was never any chance that this would fly outside the country, least of all in the USA. Whoever gave Ofcom the extraterritorial power it has to pursue these goals clearly intended to ensure its failure, and for this I am grateful.
The USA has been exporting its legal system for decades. And the UK still makes plenty of stuff. I really don't think this is valid. There is a close analogy though, companies that end up losing in the marketplace tend to become legally active to try to extract a tax from those that did better.
I fully agree that the US does the same thing, as do other countries- that's why I framed it as a general observation. I agree about the similar corporate behavior. I don't think it's a healthy development, but it's not easy to develop a general model of how this kind of thing plays out.
One of the big things I've been wondering about the decision of the Anglosphere to all switch to a service economy: why would you do that when your population is both smaller and dumber than the populations of other countries?
The UK (nor the US) has no advantage in providing services, all it can do is demand that other people be prevented from providing them.
One advantage English speaking countries have WRT the service economy is that most of the world speaks English at this point.
English became the language of international trade, of course, because we’re all just so adorably stupid, and our countries are tiny and harmless. Plus it is such an easy language to pick up…
It wasn't a decision to switch to services - I'm in the UK - it's just left to the market and that's where the money is mostly. It's kind of irrelevant if your population is large or small etc.
Let's start with a bang. Passports and strictly enforced borders are dumb and this is a clear example of exactly why. Increasingly the digital world -is- the world and arbitrary geographical boundaries are causing nothing but problems. We are taking the ideas of physical borders and passports and, badly, applying that broken idea to a virtual space with typical results. It blows me away that the real problem with strictly enforced borders, virtual or physical, is that they almost always are used to enforce political ideology and rarely do they actually afford protection in any other way. Strict boarders should be looked at highly skeptically and always viewed as a temporary solution that should be solved diplomatically and/or socially. We don't need things like this going from city to city, county to county, state to state but wherever we see an entity that puts a strict boarder in place, virtual or physical, we suddenly see conflict and political games. There are real issues to consider here but the UK is definitely wrong, and creating more long term problems, with this 'solution'.
There's at least 2 billion people in the world that would move to North America and Europe in the blink of an eye if all the borders were opened! Can your countries support all of them without collapsing your systems?
With the invention of steam ships, railways, aeroplanes and the automobile; travel became almost trivial. In conjunction with those inventions, states also became a lot more involved in people's lives; culminating in large welfare states. 3-4 centuries ago, a state did not care much about who lived in in their territory; these days, they are likely to provide them benefits, and have certain obligations according to international treaties about how to treat people within their own borders. These state operations, along with obligations, makes states care a great deal about who enters or leave their territory.
> Let's start with a bang. Passports and strictly enforced borders are dumb
This.
It's weird how it's not considered a basic human right to be able travel to where you want, and even live where you want as long as you can support yourself and comply with the local laws and customs.
And that's how it was for like 99% of the time that humans have existed.
When did keeping people locked inside "borders" even become a thing? I'm guessing post World War 1? Looking up history on Wikipedia says documents for "citizenship" existed maybe as far back as Ancient Egypt but there doesn't seem to be anything that forced people to remain within the nation of their birth.
The West literally bombed Japan and China to open their borders for "tRaDe" then pushed for strict borders after the world's worst wars that they started.
> It's weird how it's not considered a basic human right to be able travel to where you want, and even live where you want as long as you can support yourself and comply with the local laws and customs
The "as long as you can" is exactly the reason. There is no way to ensure the travelers or migrants can (and want) to do that, if you don't have a border.
> The West literally bombed Japan and China to open their borders for "tRaDe" then pushed for strict borders after the world's worst wars that they started.
Eh, that literally is doing a lot of work. Where's evidence to this claim? And at what point did we bomb… checks notes, China?
Also keep in mind that “for like 99% of the time” people didn't move that much. People were very linked to their source of food, community, and what brought them stability. There isn't a lot of examples of 17-century travel influencers going around the world looking for The Best Places For Foodies.
Countries have tough challenges to contend with. Borders are arbitrary, yes, but we can't hand-wave them away now. What we can do is work together at the supra-national level.
I don't really understand the concern. The UK objects to suicide forums and American operators of suicide forums are protected by the First Amendment of extradition to the UK. So if you want to operate a suicide forum from America, just don't travel to the UK and you're okay.
I think the classic example is copyright and hacking offences, of which there are many many examples. Legal in a person's home country, very illegal in the US (unless you are a big corporation, of course).
There is a grade to crimes. Lesser crimes are only punishable if they were done in a country. Bigger crimes are punishable even if you did them outside of the country.
Imagine that your own country finds out that you were a prolific serial killer while on a holiday in another country. Do you think they will just ignore it?
This is because your home country has jurisdiction over you and is more than free to write laws punishing you for whatever they want.
This is country B considering something a citizen of country A did while in country A to be a crime. And not that it even matters but in country A that thing is legal. Like country B is a sovereign state and can arrest you for whatever it wants while you're there but the bigger question is whether country A should be mad about it and impress themselves on country B to get them to not do that.
That's really the issue here and exactly what the GRANITE Act he's proposing does.
It seems like the US is actually being too nice here. It's a perfectly reasonable position to reject the notion that a country has global jurisdiction and to consider such an arrest to be a hostile act against the US. I would be pissed the moment a country thought it could punish one of my citizens for something they did while under my jurisdiction—even something that I consider to be illegal.
Usually, countries only respect extradition treaties when there is an equivalent law on their books
(the workaround would be to charge someone with bullshit charges for the extradition)
The main issue is that few countries respect freedom of speech on principle and even that group has edge cases.
Mens rea usually means intent to do the thing, not intent to commit a crime.
E.g. if I involuntarily swing my arm and hit someone in the face as a result of a medical condition I lacked the appropriate mens rea and am not guilty. If I intentionally punch someone in the face while being somehow unaware that I'm not allowed to do that I am guilty.
Hard to see how mens rea would save anyone from being guilty here.
Extraordinary rendition is still a thing, though; the US has done this several times.
Now, granted, the US is a freer country than the UK is so that doesn't usually matter all that much, but all the US would need to do to nullify its 1A would be to simply permit the UK to enforce its claims of extraterritoriality in US-friendly airspace.
What speech they might be permitted to prosecute would naturally change based on administration.
First of all, I anal and also this is more of a question than a statement but
a us person could travel to a country x and that x could send this us person to a UK prison? I don't know if doing so would be legal but when the rubber hits the road, each country x is technically sovereign and does not have to honor the first amendment of the US constitution.
So even if it might be frowned upon to extradite foreign (US) nationals in country X (such as Canada or India) to the UK, they could do it anyway to send a message?
I traveled to a lot of countries during my time in the military. I was also a legal officer that had to deal with legal issues in foreign countries.
Traveling is no joke. Americans often act like the world is their playground, but you are subject to the laws of the jurisdiction you're standing in. Traveller beware.
Your First Amendment rights only apply within the United States, this should be obvious. Nonetheless, extradition treaties generally require that a crime be considered a crime within both jurisdictions.
Most of Europe does have similar thought-crime and censorship laws as the UK now have. Also, the crime of "hindering an official investigation" could be interpreted into this, and this exists practically anywhere.
The only further question would be if the country is friendly enough with the UK to extradite.
Extradition of a foreign citizen to a third country is not a simple matter, diplomatically speaking. The US might not have the hegemony it enjoyed 20-30 years ago, but it certainly has plenty of sway.
When it's a matter of drug charges or other obviously criminal activity, the US embassy and diplomats don't normally raise a fuss, but for something like this where the person made first amendment protected speech in the US? That'd definitely raise all kinds of hell.
Plenty of US citizens would actively cheer the notion of having a foreign government arrest their political opponents as an end-run around the fact they're not allowed to do it at home.
After all, 1A/"freeze peach" laws should only protect you from your government, right?
> Plenty of US citizens would actively cheer the notion of having a foreign government arrest their political opponents as an end-run around the fact they're not allowed to do it at home.
I'm not convinced that plenty of US citizens would celebrate a foreign government arresting an American for what would be protected by the 1A in the US. There will always be trolls, of course.
> After all, 1A/"freeze peach" laws should only protect you from your government, right?
If my government has the longest dick of all governments in the world, and knows how to swing it, I'm not so sure.
Plenty of US citizens openly celebrated the murder of an American for what was protected by the 1A in the US.
So no, I don't think that the people who celebrated that would care, and said people would actively support an administration that actively encouraged the UK in this manner for the same reason.
I wouldn't be surprised to see the US administration being very selective about which "first amendment protected speech" they actually cared about. I can even imagine them rapidly extraditing somebody who's speech they didn't like, such as pro-abortion or anti-fascist.
I was reading anout attacks on the 1A and thought this was about the UK extrading US citizens. If this is just that you'd get arrested in the UK, then yeah this isn't a 1A concern. Though the US govt should still do something about it imo.
It's not clear to me that the UK even has a mechanism to discover the operators of such sites. If I found myself in such a position, I imagine I wouldn't even bother trying to block UK IPs and let them sort out their own internet blocking.
Exactly. Honestly after the how article was ended by the nonsensical nationalistic chest beating which I absolutely didn't understand why author felt the urge to do that, I got the feeling that it was more about some sense of authors nationalistic pride.
I do not even slightly support these UK's regulations and even an possiblity of ban of VPN services seems bizzare to me but as you said. He is already protected.
It depends, and no obviously not. Having a forum to discuss suicide/suicidal ideation is fine, outright telling someone to kill themselves is illegal. The Michelle Carter case is an example of this
the bravado makes for some great irony. worrying and feeling ultra-superior about the UK government, while letting the tiktok ban and forced sale go through unchallenged.
altogether, if you dont care about following this UK law, whats the need to carr what the UK government does? just dont go there or do business with people who care about the UK government. same as US sanctions and secondary sanctions. the UK at least is a small market
> worrying and feeling ultra-superior about the UK government, while letting the tiktok ban and forced sale go through unchallenged.
And more to the point, many US states passing or attempting to pass laws which aren't all that different to the UKs OSA. Mississippi's version is in some ways even more onerous to enforce as it requires social networks to age-check all of their users, not just those who want to access adult or "harmful" content. Bluesky notably went along with the OSA but considered Mississippi's demands to be over the line and geoblocked them instead.
What's the point exactly? That some US states also did something similar re porn so therefore it's a nothingburger and we shouldn't care about this lawyers campaign to protect the internet from censorship?
I think Bluesky probably went along with the OSA because the population of the UK is like 20x that of Missisipi. Wake me up when they geoblock California.
Ofcom expects _you_ the foreign entity to implement geoblocking perfectly. And if not, they will try to fine you first before they even consider implementing blocking on their end.
That's the core issue here.
This has nothing to do with foreign entities circumventing UK based blocking and getting Ofcom letters for it.
Sounds like UK problem to me. No one can be expected to know or abide laws of another country. In person or in the digital realm. If UK has some laws, then UK citizens should abide them, not the rest of the world. In other words, say betting is illegal in UK and I as a UK citizen go and make a bet via website that is run by a business in Panama. The Panamanian company should not concern itself with anything but rather it is me whom is breaking the law.
And as noted in other comments here he doesn't seem to understand how geo ip databases are maintained. I sure won't be asking this guy to represent me anytime soon.
He is not claiming being blocked from one IP proves the geoblock is complete, he is claiming it shows that the geoblock in place is also active for the mirror site.
>What appears to have happened is that SaSu had a site mirror and that someone figured out a way to hit the mirror – which was also subject to the geoblock, something which took me under a minute to personally confirm – without using a VPN.
> If I had to guess, it’s that some NGO found some UK-based IP addresses which weren’t captured by the block because they weren’t properly geolocated.
Ofcom's clarified contention is that the geoblock is unreliable, while the lawyer seems to be rebutting the original statements that they interpreted Ofcom as claiming no geoblocking was active ('remains accessible to UK users', 'was directly available to people with UK IP addresses (with and without a VPN)').
The combative stance that he's taking really doesn't do him any favors in resolving the issue.
Lawyer: "I've confirmed that at least one UK IP address is blocked."
Regulators: "We've confirmed that at least one UK IP address is not blocked."
In what world is the correct response "Dear regulators, you're incompetent. Pound sand." instead of "Can you share the IP address you used so my client can address this in their geoblock?"
> In what world is the correct response "Dear regulators, you're incompetent. Pound sand." instead of "Can you share the IP address you used so my client can address this in their geoblock?"
That would imply that the client actually would like to be contacted every time Ofcom found a leak in the geoblock. Not a good idea imho.
They don't agree that it is a public safety matter, or at least they've clearly taken the position that they don't care about that kind of public safety.
He's just pointing out that Ofcom's behavior is inconsistent with Ofcom sincerely believing it's a public safety matter either.
I get that it's satisfying to tell them to go away because they're being unreasonable. But what's the legal strategy here? Piss off the regulators such that they really won't drop this case, and give them fodder to be able to paint the lawyer and his client as uncooperative?
Is the strategy really just "get new federal laws passed so UK can't shove these regulations down our throats"? Is that going to happen on a timeline that makes sense for this specific case?
He says on his site that he wants the US to pass a “shield law,” I guess the idea must be to pass a law that explicitly says we don’t extradite for this, pass along the fines, or whatever.
It seems like inside the US, this must be constitutionally protected speech anyway. I’m not 100% sure, but it would seem quite weird if the US could enter a treaty that requires us to enforce the laws of other countries in a way that is against our constitution. Of course the constitution doesn’t apply to the UK (something people just love to point out in these discussions), but it does apply to the US, which would be the one actually doing the enforcing, right?
Anyway, bumping something all the way up to the Supreme Court is a pain in the ass, so it may make sense to just pass a law to make it explicit.
The British legal system is pretty inefficient. I'd probably just say sorry we'll block harder. That'll probably delay things for years, by which time there may be a different government, or a US shield law.
The absolute confidence Ofcom has in its ability to impose laws on US citizens is kind of strange. I'm waiting for the other shoe to drop. Maybe in 2028 we get a president who is willing to let US citizens be extradited based on laws like this.
EU and/or Britain has been telegraphing they want to have some limited jurisdiction over the United States for a few years now. GDPR also claims to be able to charge you for a crime even if you've never been to Europe (FWIW its mostly aimed at large corporations and I don't believe I've heard of them using it for anything other than civil fines but on paper they claim to have that authority even outside of their own borders) and during the big riots in UK last year there were law enforcement agencies threatening to prosecute Americans for inciting the riots remotely over the internet (once again they didn't actually do it but they do claim to have that authority and have threatened to use it).
For a particular (suicide related) site I know that it was 'made known' to resi-ISPs here and as far as I know everyone with existing capability to do so blocked it (though for some smaller ISPs just at the DNS level, so essentially superficially). Though that was just on the honour/good will system, I don't think any had to be forced.
I think that essentially this is probably the best way to do it, IF we must go down this route (and I think in some cases we probably have to).
It would be a lot easier for the UK to just block any site they don't like. Especially when the concern is ostensibly to protect UK citizens from harm.
But Ofcom is in fact saying that you are _not_ free to run those websites from the UK and they expect _you_ to implement a perfect blockade of UK IP addresses. On the other hand, if Ofcom receive a tip-off from a random charity claiming they found a UK IP address which doesn't get blocked for 10 minutes or whatever the hell happened here then they will try to extrajudicially internationally fine you for it.
This post is really mixed up which, for a lawyer, is really disappointing to read.
He can’t seem to decide if Ofcom’s position is that the geo blocking was disabled or that it’s not sufficient. He seems to flip flop between the two positions throughout the post.
This is really strange because he cites Ofcom’s statement! How can he not know what they’re investigating after he’s been told!
In addition, he seems under the impression that Samaritans (a suicide prevention charity) are either a part of Ofcom or if they’re a pro censorship pressure group.
Lesser issues are that he doesn’t understand the government operates out of Whitehall, not Westminster (which is Parliament) and that Parliament can put pressure on government organisations but ultimately it’s independent so Parliament and the government can only ask Ofcom to investigate (outside of passing legislation).
I guess the case he’s making is that not even Ofcom knows, because it has nothing to do with the block itself. They want to make a scene, however possible.
You can’t infer that from the statement posted. In fact, all Ofcom have done is say they’re investigating. Do you expect a regulatory body to not investigate a report from a serious suicide prevention charity?
Isn’t compliance just as easy as asking where the visitor is from (or more specifically if they are from or in the UK), perhaps even just once per IP they visit the site from? Yes, they may lie, but that’s their problem not the site operator’s.
> Ultimately, what Ofcom is doing here is the perfect modern-day lesson lesson for why the First Amendment exists in the first place
The First Amendment was created to protect against foreign governments impeding on your speech?
I feel like that's really missing the point of what this amendment is about, at a time when the First Amendment is at greatest threat from the current US government.
I do not give a single solitary fuck what any Briton thinks of any American exercising their constitutional rights
If the American is lawfully exercising their rights, and the Briton has a reason to censor them, the American is right and the Briton is wrong
No exceptions
This probably sounds "cool" and correct to his supporters but this gung-ho black-and-white approach is hiding an important nuance:
The framing above (UK undermining US law) can immediately be reversed. The UK has laws (that we may disagree with) that are being undermined by US actors.
That's the nature of the internet, and the reason this is a complicated issue to resolve, not helped by showboating lawyers.
A some point, if you do not have any relationship with the UK, go as far as blocking its residents but they still want you to abide by their law, aren't they just declaring war on the entire world?
This is something very deranged that have become very common with the world "becoming smaller": somes will go on a rampage for something happening on the other side of the planet. At the same time they will pretend not to notice that their own house in on fire.
What they seem to be trying to do is declare war on individual sites, on behalf of activist lobbying, in the hopes that they can destroy those sites despite lacking jurisdiction over them.
> A some point, if you do not have any relationship with the UK, go as far as blocking its residents but they still want you to abide by their law
Ofcom appears to agree that geoblocking UK residents would satisfy the requirements of this law. They also however appear to believe the OPs clients are simply lying about actually geoblocking UK residents - and Ofcom appear's to be the quasi-judicial entity which decides (at least as a first step).
I can't imagine OP's response to Ofcom that "we aren't doing that, but we won't explain what we were doing when we created the domain you think we created to do that" was particularly convincing.
> aren't they just declaring war on the entire world?
No, that would only happen if they started attempting to enforce the law by going into "the entire world" by force. Just declaring that some foreign entity broke your laws and owes you money and maybe that you'll arrest them if they come to your country isn't an act of war. Acts of war look like drone striking alleged drug smugglers in some other countries territorial waters without that other countries permission.
> They also however appear to believe the OPs clients are simply lying about actually geoblocking UK residents
They don't seem to claim that. They claim the block is imperfect, and they demand perfection.
Since perfection is in fact impossible, that means there's no reasonable, actually available action you can take to keep them from fining you, or at least trying to.
> In our email dated 13 October 2025, we explained that Ofcom would be taking steps to monitor the voluntary block of users with UK IP addresses implemented by sanctionedsuicide.site and sanctioned- suicide.net on 1 July 2025.
> Ofcom has become aware that the voluntary block in place on the above two websites restricting users with UK IP addresses from accessing these domains is no longer effective to restrict UK users from accessing the service or its content. In particular, we note that content from the service remains accessible to users with UK IP addresses at another domain, namely https://dignifiedexit.com.
This isn't a dispute about effectiveness, this a dispute about whether or not OP's client spun up another domain and didn't block UK users from it.
Of course not. But this is very useful to a) show they are enforcing this shiny new law and b) lay the legal groundwork that blocking it on their side (thruough UK ISPs) is warranted.
Up to a certain point, yes - if you never leave the U.S. and don't anticipate that the U.S. government will at some point extradite you to the UK. And if you travel to other countries, one of those could decide to extradite you to the UK. That is less likely with a lawsuit from Zimbabwe than a lawsuit from the UK. In other words, it depends on how much international influence the country in question has.
Only if you're okay with never visiting or transiting through the UK, or any other country that would be willing to extradite you there, for the rest of your life.
>If we concede even a scintilla of our constitutional rights, we fail.
based.
as someone from a country that had reached the bottom of many slippery slopes in less than ten years, it's very disheartening to see the West following us.
It comes across as unhinged with the current regime daily infringing the [USA] Constitutional rights of USA citizens and the UK in not way seeking to inhibit those rights.
> the current regime daily infringing the [USA] Constitutional rights of USA citizens
That has been happening for decades at this point. That doesn't make today's violations ok, but neither are they something new. The people of the USA gave up on freedom after 9/11.
When content involves self-harm or illegal activity, the discussion isn’t just about geolocation, it’s about platform responsibility, user safety, and effective remediation. Striking the balance between free expression and preventing real harm is why platforms use content policy teams, abuse reporting, and multidisciplinary responses (moderation + outreach + law enforcement where warranted).
Different countries may have different ideas about the balance you've mentioned. One country should not impose its version on another (with threats of jail time). This is what the discussion is about.
>>If any censorship demand gets through our border, we fail.
That means we defend every site, however small or controversial it may be, from foreign attempts to infringe on their constitutional rights. It means not giving up so much as an inch of ground without a major fight, if those are the instructions. It means we must not ever lose.
--
That is a powerful pro-bono defense message by the US person doing it.
Just like the Trump says climate crisis is a hoax and wins elections, can't somebody in the UK say Online Safety Act is nonsense and win election and repeal it?
My personal ranking of principles would never put me into the position to defend an organised group encouraging vulnerable people to successfully kill themselves. That's not a free speech issue, ever, it's clearly immoral. Your liberty should never allow malicious harm to others. I would lump these people into the same place we put child molesters and murderers.
> I would lump these people into the same place we put child molesters and murderers.
So would I, but freedom of speech doesn't have an exception for bad people, no matter how bad they are. Remember the Skokie affair, where a Jewish lawyer defended the Nazi Party's right to free speech? That's what really believing in free speech looks like.
It’s of course reasonable to rank principles that way, and I’d probably agree with you, but it’s not true that it’s “not a free speech issue”. It is a free speech issue, you’re just saying you value other concerns above absolute free speech in certain cases.
'Absolute free speech' doesn't exist anywhere. Would you be arrested if you told national secrets? What would happen if you told everyone at work (unfounded) that your boss abuses their children?
You’re right, but I never claimed it did. Even the famously expansive US freedom of speech protection is not absolute.
> Would you be arrested if you told national secrets? What would happen if you told everyone at work (unfounded) that your boss abuses their children?
Yes you would be arrested, which is a freedom of speech issue, however banning this speech, despite harming freedom, is justified by other factors that are more important in these cases.
Take this case: the law was enacted two years ago by a different government, the regulator follows the law as enacted, and yet no one cares about this little nuance.
In reality, it's a decent technocratic government trying to reverse a decade of mismanagement and fighting about five hundred fires at the same time. It's OK to good.
The party currently in power enthusiastically supported the OSA when it was enacted, and has been enthusiastic about implementing it. They're not just mechanically enforcing something that they inherited.
Funny how that works, when the government I voted for is in, they're a good government and all problems are caused because the previous one was terrible.
Democracy: everyone's somehow smarter than everyone else.
We're aggressively blocking UK IPs before we even have our product ready, neither our website nor our software will work for visitors from the UK, our ToS will prohibit use of our software for UK residents, and we will not sell or offer the software in the UK. Ofcom would have to put a lot of effort to circumvent these measures to even know we exist.
In a nutshell, I'm moderately confident that this will suffice to keep Ofcom away.
So the story behind the title is that the UK gov claims that the IP block wasn't working? And the author agrees that IP blocks can't really work, even?
Separate from the free speech debate, the international law part of this seems pretty cut and dry. Here's the bolded parts:
So, it appears, as with 4chan, Ofcom has elected to proceed with a mock execution... Ofcom is trying to set the precedent that... you have to follow its rules – even if you’re American and you’re engaged in constitutionally protected speech and conduct. To that end, Ofcom has renewed its previous threats of fines, arrest, and imprisonment, against SaSu and its operators – all Americans.
Isn't that how laws work...? Like, it's illegal to be gay in some countries. Theoretically, those countries could open proceedings against every openly-gay person in the world, and try them in absentia. That would be evil and silly of course, but I don't understand what legal principle it would be violating?
More pointedly: what is this lawyer actually "representing" these "clients" for? I don't see any mention of any US legal action, and presumably you need to be british to represent people in UK court. Isn't this just activism, not representation?
Let's say hosting a website for cat pictures is illegal in the UK, but I am based in the US (alas, I am not).
I put up my cat picture website but because the UK is a tiny and barely known country, I don't realise that this cat website would be breaching laws there.
My website gets popular and I receive a strongly worded legal letter from an entity in the UK claiming that they want to take me to court and fine me for providing this website to their citizens.
I am like: WTF? Just fucking block it from your perspective if you don't want your citizens to see it? And I seek legal advice from my lawyer who says: Well, they have no jurisdiction here, so you can ignore this letter, but if you want to minimise hassle, you could just geoblock the UK and hopefully they'll stop coming to you.
So I implement basic geoblocking, which works 99.99% of the time (at least when it comes to figuring out which country an IP is in).
The UK entity acknowledges this in a letter and tells me that this is a sufficient solution for now, but they'll keep watching me.
I go about my business, for some reason or another I make a mirror, which I also implement the geoblocking on, now proactively, because I don't want any more annoying letters from the UK.
Some time later, the UK entity sends another letter claiming they're continuing the proceedings because someone in the UK told them that they could still access my cat website and provided evidence. Within 10 minutes myself and my lawyer both use VPNs to verify the geoblock is still working, and we're confused.
We ask the UK entity WTF, and they say: We have evidence, the fact that it's clearly still working from _our_ perspective is irrelevant, I bet you just geoblocked our IP address.
A government can claim jurisdiction over anything worldwide. A different government can disagree.
The two may negotiate over that, in which case common sense ideas like "they didn't do it in your territory" may make one side look foolish, which may in fact have a real influence over the outcome of the negotiations.
If they can't come to an agreement, then it may become a matter of whether the "offender" happens to travel somewhere where they can be grabbed. In the end, jurisdiction is about who has the power to enforce their laws. There's no universally-agreed-upon uber-legal system to make it otherwise.
Interesting that it's the existence of the suicide discussion forum that's too much to bare for the UK. Really drives home the point that in the state's eyes: your self, your body and ultimately your life, don't belong to you.
Is it not possible that there is concern for individuals well beings in the midst of a mental health crisis?
It’s one thing to be talking about suicide or assisted suicide because you’ve decided it’s right for you and your situation.
It’s another to be dealing with depression from trauma, unable to get help and have no support system, and then be coerced by individuals on forums with ulterior motives.
I’m not saying I am in support of the UKs attempts, but it’s also not helpful to paint everything black and white on either side. Real solutions require dealing with the grays and the details.
edit: And for reference I have spoken to people in the later situations who have found all too many toxic individuals online who will say things like “you should definitely just kill yourself” in the midst of such situations, who after therapy consider those people to have been committing even more trauma (most likely because they get off on the control of another persons life, playing out murder fantasies etc, and who use the internets anonymity to further traumatize people at their most vulnerable)
> It’s one thing to be talking about suicide or assisted suicide because you’ve decided it’s right for you and your situation.
And that's what the site is for. They could improve by blocking all countries where there's free access to assisted suicide though.
> It’s another to be dealing with depression from trauma, unable to get help and have no support system, and then be coerced by individuals on forums with ulterior motives.
You've answered your own question. "And then" - exactly, THEN, not before. If they could get help, they would. But they can't so they end up there. If your alternative is that they should just suffer for years instead then I strongly disagree with this stance.
I remember one guy on a Polish forum announcing his plans which were stopped because someone called the police.. I kept checking his profile since then and it's clear that he continued to suffer and does to this day.. whoever thought that they "saved" him instead subjected him to literally years of suffering.
I doubt Ofcom are motivated by "concern for individuals well beings in the midst of a mental health crisis", but even then, it is clear in the context of the current discussion that they should be concerned with enforcing their legislation in their own country. The UK is free to build The Great Firewall of the United Kingdom and block half of the internet if their concern is so great.
What they cannot be allowed to do is tell organizations in other jurisdictions that they now suddenly fall under UK jurisdiction.
There are 195 countries in the world. If all of them followed a policy like UK's Ofcom, the internet would be gone in no time and world-wide user-to-user communication would become impossible for legal reasons. It's obviously not a sane position.
> I doubt Ofcom are motivated by "concern for individuals well beings in the midst of a mental health crisis"
Do you have evidence for that? Because when I search I do see them doing investigations concerned with abuse of people including mentioning coercive and controlling behaviors
> If all of them followed a policy like UK's Ofcom, the internet would be gone in no time and world-wide user-to-user communication would become impossible for legal reasons.
Sounds like a slippery slope fallacy to me. Again, not necessarily supporting the policy, but when such arguments are used against it, it’s not convincing.
I honestly still cannot believe that a simple blogger needs to potentially comply with the regulations of some ~200 countries. What happens when the law of two countries conflicts? What if the UK say I need to verify everyone's age, but another country rules I cannot collect peoples IDs? Well I could geo fence the best I can and serve two different paths right? Nope, it seems not.
It's all total madness, and it's not just the UK there are even more crazy regulations coming from the EU. China, and others in Asia are well known for regulating too. A mess.
So the author repeats that the SaSu site was geoblocked but simultaneously note that all UK are idiots that don't realise a geoblock is imperfect and claim...
>The UK regulator has now publicly confirmed that the “mirror” site for my client’s site is not accessible in the UK.
The writer then proceeds to describe the way in which the spinning up of a mirror lead to the site becoming available for people in the UK. And the author protests that:
>The reasons why SaSu had a mirror are SaSu’s alone/none of Ofcom’s fucking business; [...]
The way it is written makes for a string suspicion that SaSu thought they could obviate OSA with a cheeky mirror (standard fare for torrent sites - who also wish to bypass censorship - I gather) and got caught. I can't see why else the author would be so vociferous, nor how the mirror wouldn't block the very same UK addresses as the main-site except by design.
Suicide is illegal here (there is movement on this, thankfully). Helping people do illegal things, also illegal. Facilitating such help, also illegal. There seems no need to stoop to imagining some weird conspiracy or blaming a cabal of shadowy figures.
I guess you could think of it like we treat helping people kill themselves like USA treats UK people facilitating copyright infringement.
If SaSu is voluntarily implementing a UK geoblock instead of fighting Ofcom. Ofcom is claiming it's everyone on the planet's responsibility to implement their own geoblocks of the UK rather than for the UK to set up a GFW. If SaSu was trying to circumvent some UK originated blockade of their website, your comment would make sense, but they weren't.
Even if you hate how this guy writes, which I can agree is questionably professional at times. There's no real way to read this other than that Ofcom, instead of simply complaining that an IP wasn't geoblocked correctly, took the first opportunity they could find to restart their extraterritorial attack on SaSu. All that to avoid the presumably incredibly bad optics of implementing a GFW. Although honestly I would be the least surprised if the UK implemented a GFW soon.
The UK should build a national 'firewall' and prosecute anyone who gets around it via vpn. I'm sure the citizenry will fucking love that and then they can proceed to repeal the law.
Public sentiment in the Uk is actually pretty supportive of this law. I wouldn't be surprised if the firewall did happen eventually, but with support from the public instead of outcry.
That’s because he’s barely a lawyer. He’s a blogger with a legal education. His legal practice is pro bono because nobody would pay for him to LARP as someone with credibility on the subject of free speech.
Edit: I appreciate the down votes but research him, he has never participated in a real case. He is not a practicing lawyer by any real measure.
This guy really is something. From asserting that hate speech is protected by the 1st amendment to suing Australia over Internet policies to suggesting the US dominate all Internet rules: https://tradersunion.com/news/tag/prestonjbyrne/
If the British government can pressure international payment processors or service providers to cut off a website, they can pressure those websites to do stuff.
This happened when the Dems were in power. Its part of the reason why they aren't in power anymore. Letting un-elected bank employees make these sorts of decisions isn't in anyone's best interest. The banks did not enjoy this situation at all and probably won't play ball next time they are asked. Banks hate to lose money and that's exactly what happened in this situation. First they had to turn down business, then they had to pay to defend themselves in a lawsuit.
Well technically, this is just a philosophical point, but the bill of rights is supposed to protect _natural_ rights that apply to everyone regardless of where they live. So in theory the UK can and does routinely violate peoples rights
By attempting to enforce legal judgments in absentia against people who live in the US, operate in the US, and block access from the UK; and then using those judgments to arrest that person as soon as they step anywhere the UK has real influence, or similarly seize their assets anywhere a judge has a sympathetic ear.
Of course it's not literally 'violating the First Amendment', but it sure seems like the kind of thing the writers of Constitution would have tried to protect against if they knew it could happen someday.
You shouldn't even be expected to geoblock. If I'm operating a Web site in country A, I should not have to care about country B's laws unless I am taking specific action intended to attract users in country B in particular. That's doesn't mean just to target the whole world, either. If you don't want your citizens to access something in another country, take it up with your citizens.
It was obvious from the minute that idiots started creating IP location databases in the first place that people would demand that they be used like that... and those demands seem to be winning out.
Preston talks about this in an earlier blog post. It's a matter of UK law and, I'd bet, many countries, that they have the sovereign right to legislate about matters in and outside their borders. "If Parliament says smoking in Paris is illegal, it is illegal." What's different today than when that doctrine was conceived of is: data goes everywhere, communications are decentralized, international cooperation around especially data allows nations to enforce their own rules outside their own borders by treaty.
What was known and not said when Parliament might have outlawed smoking in Paris is that there was literally nothing they could do to enforce such a law. Today the governments have options, hence the fight here. And many other places.
> It's a matter of UK law and, I'd bet, many countries, that they have the sovereign right to legislate about matters in and outside their borders.
Basically all countries take that position legally. But there are norms and customs about how often you exercise it (as well as practical questions of power).
Extraterritorial regulation of Web sites is unfortunately in the process of being established as normal, but it's a bad norm. Not as bad as drone striking anybody who lights a cigarette in Paris (which could be made legal), but a bad norm nonetheless.
Some activists should start making lots of complaints demanding that country A’s government sites comply with government B’s laws. Maybe the laws will change to reflect reality when government A says to fuck off
What happens if two foreign countries try to impose mutually exclusive laws?
For many years, Google solved this by saying the laws of country X only applied in the country specific domain of Google.
They now seem to have backtracked on that and are using either the country the request came from or the country the account was set up from (both using IP geolocation)
Then they kiss
Interestingly, Ireland seems to be one of the few countries whose constitution explicitly limits the reach of its laws:
> It is the firm will of the Irish nation, in harmony and friendship, to unite all the people who share the territory of the island of Ireland, in all the diversity of their identities and traditions, recognising that a united Ireland shall be brought about only by peaceful means with the consent of a majority of the people, democratically expressed, in both jurisdictions in the island. Until then, the laws enacted by the Parliament established by this Constitution shall have the like area and extent of application as the laws enacted by the Parliament that existed immediately before the coming into operation of this Constitution.
(Which means the territory of what is now called the Republic of Ireland, that is, explicitly excluding any claim to Northern Ireland in order to comply with the Good Friday agreement)
"Extraterritorial regulation of Web sites is unfortunately in the process of being established as normal, but it's a bad norm."
Perhaps "Extraterritorial regulation" is bad wording. A country can regulate whether an extraterritorial website is distributed and or viewed within its borders but it has no legal authority force another country to close down a website that's operating legally within its jurisdiction.
The only remaining options are diplomatic action—request the site be taken down or war/by force. Whether we like it or not the only practical action is for a country to geoblock offensive websites at its borders.
Sadly, given the current state of world affairs, it seems to me geoblocking will become the norm almost everywhere.
> Perhaps "Extraterritorial regulation" is bad wording. A country can regulate whether an extraterritorial website is distributed and or viewed within its borders but it has no legal authority force another country to close down a website that's operating legally within its jurisdiction.
The issue is they're doing this through might makes right rather than jurisdictional authority.
You have a website in one country, 99% of the content is legal in another country but it also contains a post by a user which is legal in the first country and not the second.
The second country then demands that the website remove the post -- for everyone, they don't even want it accessible via VPN -- or they'll have their ISPs block not just the entire website but also the entire shared hosting provider the website uses. The site which is entirely in the other jurisdiction can't withstand that much pressure and removes the post.
You now have a country censoring a post world-wide because they leveraged every company within their jurisdiction to enforce a law against one that isn't. That's extraterritorial regulation.
> You now have a country censoring a post world-wide because they leveraged every company within their jurisdiction to enforce a law against one that isn't. That's extraterritorial regulation.
Hopefully this will break up the cartel of websites/distributors back into a decentralised web eventually.
It would have to do the ISPs and that's a tall hill.
Ok, but I feel like the UK government hasn't thought this matter through. Think about what happens if the US decides it can enforce US law on UK soil against UK citizens. The main industry of the UK is questionable international finance using legal fictions on various islands. What happens when the US decides that that shouldn't be happening anymore? Its the same logic OfCom is using here. And unlike the UK government, the US could actually enforce this stuff in person. The US literally has military bases outside London with tanks and artillary and airstrips. This isn't a road to continue down.
PS The UK doesn't have free speech and never has. Free Speech was invented by the Dutch and the US was the first to put it in a founding document.
PPS I know of no government that thinks it can enforce their law outside of their borders against foreigners. That is outside the definition of sovereignty and something the UK government seems to have invented lately.
> Think about what happens if the US decides it can enforce US law on UK soil against UK citizens.
The US has asserted that right globally for quite some time, and literally threatened force against other countries to get them to actively support (not merely tacitly permit) such enforcement, even when it directly violated the constitutions of the countries involved (as well as simply doing armed enforcement without consent of the government iinvolved in other cases.)
This has been particularly notable since the outset of the “Global War on Terror”, but didn’t start there (it was a big part of US counter-narcotics policy long before the GWoT.)
There's a clear directionality there though. It doesn't work in reverse!
The US is quite literally killing people outside its borders every day. It even ran a program of kidnapping and torturing people from foreign countries for years, and still maintains a network of prisions outside America. The US very much thinks it can enforce its laws however and in whatever twisted fashion it likes.
> it can enforce its laws however and in whatever twisted fashion it likes.
The whims of its god-emperor/president. A lot of the enforcement is against US law.
> PPS I know of no government that thinks it can enforce their law outside of their borders against foreigners.
The USA does this quite regularly. Look at FATCA as one example.
> The USA does this quite regularly. Look at FATCA as one example.
The problem here is that some twits did something like this once and since then everyone is saying "but look, they're doing it, why shouldn't we?" when they ought to be saying "we're all going to be imposing sanctions on that country until they stop doing that".
If someone is doing something, that's precedent -- but the precedent can either be "someone who does that can get away with it" or "someone who does that is not going to get away with it". And when making the decision, think through the consequences of everybody doing it to you if you allow it to be the first one.
That law only covers US citizens (that are living abroad). So no, that's not a counter example.
Um, no, it attempts to compel foreign banks, which may not even have a presence in the US, to disclose information about US citizens, using various threats. It doesn't threaten to throw foreigners in jail, but it does threaten to use US government "clout" against them... and the actors it's trying to put obligations on are absolutely not US citizens.
Funny how you make tax evasion and money laundering on par with political speech. Fighting for your rights to be corrupt is a pretty weird take. If we can talk someone into doing what we want, that's perfectly legal as long as we or they aren't violating any laws. And nobody complains because getting dirty banks to spill is in everyone's best interests. Remember how happy everyone was at all the FIFA corruption data we uncovered.
It's only a tax evasion concern in the first place because the US started the trend of hoovering up wealth generated in other countries, which in-context still sounds like US overreach.
They weren't arguing for anyone's right to be corrupt in the first place though. If US citizens really have to pay extra taxes and have arduous reporting requirements then so be it, but why is the rest of the world dragged into that mess? This isn't a "dirty banks" issue; it's nearly impossible to get a bank account at any reputable institution as a US citizen abroad just because of the PITA of the reporting requirements. It's a mediocre law from questionable authority.
They didn't make anything on par, they gave an example of the US government enforcing US laws on foreign entities abroad.
Another example is that e.g. AWS Europe, even if every single one of its employees, board and what have it are all Germans, are still compelled to hand over their data if Amazon US is the parent company, under the likes of the CLOUD Act or FISA. That's a foreign entity comprised of foreign citizens and concerns the assets (data) of foreign citizens.
Besides the extraterritoriality issue, the other problem with FATCA is that it makes Americans living overseas (99% of whom are just normal people not trying to evade taxes) radioactive to overseas financial institutions because of the potential consequences of failing to report on someone's accounts properly.
Sadly a lot of Americans hear "foreign bank account" and immediately think "tax evasion" without realizing there are a lot of ordinary Americans overseas who just want to pay the rent and save for retirement but can't because Uncle Sam follows us wherever we go for life.
> What happens when the US decides that that shouldn't be happening anymore?
Like the US did with Swiss banks?
“…the standard of justice depends on the equality of power to compel and that in fact the strong do what they have the power to do and the weak accept what they have to accept.” — Thucydides, 5.89 (trans. Rex Warner, Penguin Classics edition)
(half-remembered quote found using AI)
original source https://en.wikisource.org/wiki/History_of_the_Peloponnesian_...
Book 5, end of paragraph 89
The US government in that case was requesting information on US citizens and not foreign nationals. I put in those last two words ("against foreigners") for a reason. If the UK government was trying to enforce UK law on UK citizens in the US, that's one thing. That's not what is happening with Ofcom, they want to enforce these laws against US citizens in US territory. That is a very blatant violation of US national sovereignty.
> I know of no government that thinks it can enforce their law outside of their borders against foreigners.
Really, not a single one? Like, a really big obvious one? LOL!
> Think about what happens if the US decides it can enforce US law on UK soil against UK citizens.
Yeah about that …
Try looking up Gary McKinnon or Larry Love. The US has a history of this stuff, those are just a couple of examples. Hell, Kim Dotcom (NZ but same deal).
And that’s before we get into whatever the f*ck was happening at Guantanamo Bay.
> I know of no government that thinks it can enforce their law outside of their borders against foreigners.
Then you haven’t been paying attention.
> I know of no government that thinks it can enforce their law outside of their borders against foreigners. That is outside the definition of sovereignty and something the UK government seems to have invented lately.
The USA has been doing this for a long time e.g. Wikileaks and Julian Assange, Kim Dotcom etc.
> It's a matter of UK law and, I'd bet, many countries, that they have the sovereign right to legislate about matters in and outside their borders.
As I mentioned elsewhere in this thread, the entire founding political mythology of the United States is pretty much "The Parliament of the UK tried to regulate our freedom of speech without even giving us a vote, and that was intolerable." Specifically, the Stamp Act was seen as suppressing the right of the American colonies to engage in political speech. (This wasn't the only reason for the Revolutionary War, but it's one of the ones we still remember. We remember it in part because laws regulating the publishers of political pamphlets get complained about in political pamphlets.)
This isn't a political issue in the normal sense. It's more like Guy Fawkes and the "gunpowder treason and plot." The one thing that the "Tea Party" and the "No Kings" protestors can probably still agree about is that the Stamp Act was bad, because this issue is part of the fundamental political mythology of the country. "The British Parliament does not get to regulate our speech" is right up there with "The President does not get to wear a crown."
This is not a fight that the UK government can actually win, not in the long run. Any US politician who allows Parliament to regulate the speech of a US citizen will find themselves in the awkward position of British politician who proposed a national monument to Guy Fawkes. Allowing this is "Un-American" in these sense that it goes almost directly against our founding patriotic mythology and symbolism.
The UK should just accept the geo-IP block of the UK as a compromise, and walk away. This particular fight isn't worth it. Trust me on this.
Of course though, it is not just the governments that have force enabled by the internet and the modern age.
We need to re-imagine the Parisian as an individual with exceptionally long arms lighting the tip of their cigarette in London...
> "If Parliament says smoking in Paris is illegal, it is illegal."
I'm not entirely sure if you yourself understand the context or real meaning of that phrase, but for others at least, it was NOT meant to highlight that Parliament has a burning desire or real ability to legislate outside of its jurisdiction!
Just that it has the legal authority to create any such law, and that the legitimacy of a law is not dependent on its moral content. It's merely a paraphrasing/summary of H.L.A. Hart's legal positivism.
What did Hart say about comity?
Why don't you tell us?
The Americans take the same stance. See their obsession with copyright for example. You know, up until American companies violated those laws en masse in the name of profit and suddenly nobody cared.
American companies were appropriating IP or trade secrets as they were called when Birmingham was known as Brummagen.
Nowadays we have China, int al, doing the same sort of job.
Nothing changes.
Who is “int al”?
Probably meant “et al”, Latin for “and others”.
inter alia, “among others”
No the US doesn't do that. We had to make special international treaties which involved getting other governments to sign up for that (in exchange for other concessions). Stop inventing things that never happened just to excuse your politicians bad behavior.
PS Arresting foreigners for things that happened outside of your territory is an act of war.
You should ask AI go give you a long list of people who were arrested/captured/kidnapped/killed by the USA for the things they did outside of the US. Often, without doing anything illegal (locally, but sometimes even by US law).
Guantanamo bay exists outside of the US territory for a reason, so that no legal rules would apply. CIA/USA has been keeping secret prisons and torturing people all around the world (incl. EU).
Conflating people shooting at your military with freedom of speech is pretty insane. But I understand, the UK has never had free speech so you just don't know what it means.
Look, I am the first to say that the US dogpiling that happens online is sometimes not justified. In this case, though, this is not a hill you want to die on. Extrajudicial black site funny business is kind of the US's thing. It's good that the US makes treaties but if those treaties fail to materialize and the US wants something bad enough, it'll happen.
That sounds like the same thing, with extra steps.
The extra steps are the thing that convinces the other countries to go along with it.
If you operate a website outside UK and that's it, you may not care. But if you offer paid servies, collect money from UK citizens, you must have a business representation in the UK, which is bound by UK laws, can be fined, dragged to a court, etc. If you have this vulnerability, or you don't but your holding company has other web properties that do, the UK government has a way to make you listen and comply.
> But if you offer paid servies, collect money from UK citizens, you must have a business representation in the UK
I don't think that's true at all. You be taking payment by credit card, which doesn't require you to have any local presence.
I think your bigger risk is that you get a judgement made against you by a UK court, which a court that has jurisdiction over you is willing to enforce. I'm not sure under what circumstances that is the case, but I believe that it being the case with libel judgements has been an issue for a while (since plaintiffs can 'forum shop').
> You be taking payment by credit card, which doesn't require you to have any local presence.
But you're offering an online product, plus you are taking money from people from all over the world, whose governments have different regulations and points of view, your own business charges differently for different countries, and credit card providers are bound to different fees and/or extra charges for international transactions.
It's not a simple solution.
You ship me money, I ship you product. I don't need presence in your country, you don't need presence in mine. If your country doesn't like my product, they can enforce against you (or block it at the border).
I broadcast radio from my country, according to the rules of my country. If you tune in, and your country doesn't like it, they can enforce on you or broadcast something else on the same frequency if that's allowed by their rules.
The example website in this case doesn’t take any payment, it appears.
> collect money from UK citizens
This is quite obviously incorrect. I am a UK citizen, but live in the US. No company needs a UK presence to collect money from me.
And to be clear, that’s still true for selling services online to UK citizens who are also UK residents, it’s not a quirk of you having moved away from the UK - it’s just not true that you need a legal presence in the UK to serve customers from the UK.
Why don't people just build decentralized smart contracts these days? Why worry about all these liabilities?
Because crypto is a liability itself and nobody normal likes interacting with it.
Is there no way to improve the user experience for this?
Company A sells cryptocurrency in country A. Company B is a payment processor in country B. You in country A go to the country B merchant's website and enter your card info to buy something. Your card gets charged by company A to buy cryptocurrency, the merchant gets the money through company B and the transfer of cryptocurrency from company A to company B happens in software on a server somewhere and the user doesn't have to do anything.
Why is this either not happening or not sufficient?
Simple answer: gas is expensive, cashing out is, too. Not prohibitively, but credit cards are so much easier, while also possibly cheaper to accept.
The UK has no problem asking their ISPs to block the Pirate Bay. Why can’t OFCOM do this? I don’t understand the attempt to pursue this in a foreign country. It’s fairly obvious that what they’re doing are not considered crimes in the US and politically it looks bad from Trump and his administration. And also, until 5 mins ago I had no idea this site existed. Now I do. Seems to achieve the polar opposite as I’m in the UK and browsing a dangerous forbidden site now. Wooooo
what happens if an IP address is not in the geo db? For example: 2606:4700::6811:
You check the country the ASN behind the IP belongs to.
RIRs don't prohibit out-of-region use of IP addresses or ASNs registered in their region. The country an IP is registered in is not necessarily the country it's being used in.
ASN is even worse, honestly. If I'm behind starlinks AS then I'm American? AWS, I'm also American? Level 3? American. Colt leased line in my office in Madrid, apparently I'm English.
You are whatever your VPN exit node is.
SOFTNET EUROPE CORP. 6811 Ayala Avenue, Makaty City, Metro Manila, Philippines
That's the current status quo. The UK can't sue you, extradite you, or really do anything. Assuming that your service providers are US based and you follow US law, they can pound sand. In practice, the US is the only country powerful enough to enforce its laws extraterritoriality. The UK trying to enforce its internet laws on me? An American citizen? Funny joke
As long as you don't set foot on British soil you'll be fine. But that's less simple than it sounds. Don't book a flight that connects in the UK, sure. But what if your NYC-to-Munich flight has engine trouble and needs to make an emergency landing in London? You are screwed: You'll be pulled off the plane and taken to jail.
Will the US embassy get involved? Of course. Will they get you released? Maybe, but it's not guaranteed. And you are in for a bad time regardless.
The UK knows their place. They could do that but they won't. Also, they'll have trouble even finding who the business operator is. The US allows pseudonymous business structures and their subpoena request will be thrown out on a 1st amendment defense.
I can only imagine the storm that would emerge if the morning the UK ever attempted to arrest an American for self-expression inside or outside the USA. That is how you get some Democracy delivered.
"You shouldn't even be expected to geoblock."
I read the article and I remain confused.
I've just come to this story after seeing it on HN so I might have misunderstandings from being unaware of the background. Also, I neither reside in the US nor UK so I'd have not seen local media reports.
In short, I gather UK's Ofcom is threatening a US web site for online content that is lawful within the US's jurisdiction and unlawful in the UK as it contravenes the UK's Online Safety Act.
I am bewildered that Preston Byrne has even bothered to acknowledge Ofcom's correspondence let alone respond to it as the UK (Ofcom) has no jurisdiction over actions of any entity or person within the continental US—or for that matter the actions of those outside its borders unless, say, covered by treaty, etc.
That Preston Byrne responded to Ofcom seems strange given the fact that he is not only a lawyer but also head of legal and compliance at Arkham law firm, thus he ought to be aware that is client is shielded from UK law by virtue that the UK has no jurisdiction on US territory.
If I'd been Byrne I'd not have even acknowledged Ofcom's correspondence with a 'fuck off/cease and desist' reply but filed it in the trash can. (If there's some mitigating matter I've missed here let me know.)
It's clear to me the the UK's Online Safety Act stops at its borders so the UK has full responsibility for blocking websites that are physically outside its jurisdiction, similarly blocking or stopping its citizens from accessing accessing them.
It seems to me many of the younger internet fraternity are unaware that there's longstanding precedent for how such matters are handled. Back in the days of the Cold War before the internet some countries used to broadcast propaganda on HF/shortwave radio bands to those that were their political enemies and recipient countries would attempt to jam the broadcasts so their citizens would not be able to listen to them. For example, Communist USSR, China etc. would jam the BBC or the US's VOA (Voice of America).
Simply, if a country did not want its citizens to listen to the broadcasts of another country it was its responsibility to jam the incoming signals. It seems to me all that has actually changed since then is that nowady the unwanted broadcasts come via internet circuits.
Frankly, Ofcom has an unmitigated hide to threaten people who are acting lawfully within the US. That said, it's not unexpected, in recent decades the UK's been acting like a petulant bully, it seems to have forgotten that without it's empire it can no longer enforce its bullyboy tactics.
BTW, the matter of what content is or is not acceptable online is completely separate issue from Ofcom's behavior. Personally, from what I've gathered I'd find content on the SaSu website unacceptable and I can understand why many in the UK want it blocked but bypassing another country's sovereign authority is not the correct way to go about it.
The UK -- and many other countries -- assert that their laws do bind people outside their borders, regardless of the absurdity (in most cases) of attempting to enforce that law elsewhere.
I think it's important to fight these sort of things even in cases where they can't actually enforce it. For one thing, say one of the site operators in question have a need or desire to visit the UK at some point in the future, but can't, because there's some sort of legal judgment against them because of this. That would be a shitty situation.
On top of that, ignoring these sorts of things also ignores possible efforts by the UK to convince other governments (like the US) to adopt similar laws, or at least agree to some level of extra-territorial enforcement. Fighting these cases sends a signal to everyone involved. You mention the UK acting like a petulant bully: yes, sometimes a good way to counteract a bully is to ignore them, but other times it's good to fight back, even when the current bullying wouldn't be effective... because future kinds of bullying might be.
"The UK -- and many other countries -- assert that their laws do bind people outside their borders…"
I'm aware of that, it's become an increasing trend over the past 40 or so years as diplomatic norms have broken down, changed or become more disrespected. If it continues we'll see even more tit for tat reprisals as respect for international law and authority continues to break down (we're now 80 years on from WWII and the world has almost forgotten lessons learned and the international order that arose from that conflict).
"…have a need or desire to visit the UK at some point in the future, but can't, because there's some sort of legal judgment against them because of this."
I remember a time when my passport was stamped in big purple letters "Not Valid for XYZ" country for reasons like that (I could not legally leave the county if that was my destination).
Matters would likely come to a head if say US passports were stamped "Not Valid for the UK". Moreover, it's incumbent on a country to protect its citizens who have done nothing wrong by their laws—hence a country should so warn its citizens beforehand, and stamping passports with large signs is very effective.
This is all part of a much bigger issue too big to address here. It's why I believe it's going to get much worse before it gets better. As I said elsewhere, I believe that with the increase in political and cultural differences brought about by rising nationalism we will see an increase in geoblocking everywhere. I find the trends shocking but there's stuff-all I can do about them.
Edit: I must emphasize that whilst I'm defending the right of law abiding US citizens against action by other governments, I'm not defending the US Government per se (some of it's actions of late I consider alarming). Again, these are separate issues.
> If I'm operating a Web site in country A, I should not have to care about country B's laws
Not defending UK's idiotic laws, but this doesn't hold. If you cannot regulate websites outside of the country of origin, then no internet regulation can hold for any subject. Openly selling stolen personal credentials or botnet usage? Piracy? Reselling personal information without disclosure?
So there are effectively three options for internet regulation;
- Require websites to operate region by region with IP blocks for any non-target market. This is much of EU law is applied. If you put an effort to not serve EU costumers, you can skip following EU rules. "comply or leave"
- Any country can regulate any website regardless of origin, like the UK seems to push for. This is an insane proposal and could easily create geopolitical disputes. Great firewall and banning VPNs would be the only proper way to achieve what they seem to aim for.... which i wouldn't put past them by now.
- Give up regulating the internet entirely. Some level of regulation is valuable so I don't think this will ever work. There are simply some things illegal and deplorable enough to require laws.
> no internet regulation can hold for any subject
No Internet regulation can hold extraterritorially. You leave out the obvious and most important case: the country where the Web site or whatever is located enforcing its own laws. Which is actually how all law has mostly worked from day one.
> Openly selling stolen personal credentials or botnet usage? Piracy? Reselling personal information without disclosure?
If you find a jurisdiction where those are all legal, then I guess you just have to block your citizens from reaching it, or punish them if they do. Not particularly tricky.
> Which is actually how all law has mostly worked from day one.
Internet but not for any other commerce. If you sell products to someone in the EU, you are liable to EU laws about that product category and commercial activity. The internet is the only exception, and that has caused a lot of problems.
IP block is the currently the only reasonable way to apply laws to internet based commerce. It has its flaws in accuracy; but ISPs could easily create a system to make them more reliable for IP lookup. Arguing that websites cannot be regulated outside of country of origin is an insane position to take with even the minimal level of hypothetical reasoning of what that would imply.
UKs laws are dumb, but they should be free to enforce them for websites operating in the UK. And websites should be able to leave the UK to avoid complying. This is a reasonable compromise that is already how both US and EU internet laws operate.
> Internet but not for any other commerce. If you sell products to someone in the EU, you are liable to EU laws about that product category and commercial activity. The internet is the only exception, and that has caused a lot of problems.
I don't know the state of play now, and I do know that things have gotten more that way over time. But the traditional approach to international product sales is that the importer is responsible. That originally meant the person who physically brought it into the country. As common carriers became more common, it meant the person who ordered the thing. That's occasionally been leavened by some consideration of whether the seller specifically targeted customers in the receiving country. And nowadays there's more of a tendency to start "blaming" sellers in some cases, probably because nowadays "importing" something is often a retail order from a specific consumer, as opposed to somebody bringing in a shipping container on spec to resell. Maybe some of those changes are appropriate, but it's just not true that physical goods have always been treated the way you want Web sites treated here, or even that they're mostly treated that way now.
> IP block is the currently the only reasonable way to apply laws to internet based commerce.
"IP block" works in both directions.
If you want to keep something out of your country, you should be responsible for blocking it, not the other way around. That's not necessarily easy, but it's less costly in total than demanding that every Web site enforce every country's regulation... and it has the advantage of putting the cost of a regulation on the people imposing it, which is where it belongs.
> It has its flaws in accuracy; but ISPs could easily create a system to make them more reliable for IP lookup.
From your use of the word "easily", I conclude that you personally would not be among those responsible for making that work.
> Arguing that websites cannot be regulated outside of country of origin is an insane position to take with even the minimal level of hypothetical reasoning of what that would imply.
First, you can in fact "regulate" by blocking, without trying to extend the reach of your laws outside of your border. Your claim that a regulator is left totally powerless is just false.
Second, in practice, that "hypothetical" is pretty close to what we have now, and even closer to what we had 10 years ago. The world did not end.
> UKs laws are dumb, but they should be free to enforce them for websites operating in the UK
Sure, as long as we recognize that "operating in the UK" properly means "is physically located in or controlled from the UK" and not "happens to be accessible to people in the UK". The latter definition would indeed be insane.
> If you cannot regulate websites outside of the country of origin, then no internet regulation can hold for any subject.
It can, but instead of forcing other people to follow your laws, you have to block your country's residents from accessing the sites that break your laws.
I'm not saying I love this method either (China is famously very good at it, and I don't think their methods foster a healthy society), but I believe it should be the only lever you have. Forcing people outside your jurisdiction to follow your laws is a violation of another country's sovereignty.
As an aside, should I take pains to ensure any website I operate follows the laws of North Korea? Iran? China? Russia? Should we be complacent and accepting if HN were to be targeted by any of those governments because people here have undoubtedly said unflattering things about the leaders of those countries?
Of course not. But even though we're talking about a "friend"-type country here, it's not any different.
Another option is an anti-money-laundering like system.
It would need to be set up by an extremely powerful country, either the US or an alliance of smaller countries through international treaty.
It would work as follows:
There'd be a "naughty list." Anybody on the list would be arrested upon entering a participating country. This would include past or current company employees (if employed after the listing date). Companies from participating countries would be prohibited from interacting with listed organizations in any way, under treat of sanctions. This would include VPN, cloud and hosting companies, ISPs, domain registrars, email hosts, payment processors and ad networks. This would provide basic site blocking.
Foreign companies wouldn't be subject to the sanctions, but participating countries would also put them on the list.
You're aware this exists, yes? It's called the OFAC list. It's not generally used to list technologists or web sites related to speech, though, as far as I know.
> then no internet regulation can hold for any subject
Good
If country B doesn’t like it, block the site in question.
You’re not going to extradite US site operators, period. Find another approach.
Then no country should have legal authority over companies operating in the country but based internationally. You could earn a lot of money by selling unregistered firearms, pipe bombs or drugs over the internet and sending it over the border.
"If country B doesn’t like it, block the mail in question". Saying only the country of origin can regulate activity done in another country creates a legal worm-bucket with vast implications. It's also not how laws work currently in pretty much any other sector than the internet.
IP block should be sufficient to void the laws; That's how other EU laws work. If the UK wants more than than then they should just create a firewall. But saying the internet should be a fully unregulated hellscape is not a sensible position here.
> "If country B doesn’t like it, block the mail in question"
That’s actually how it works? Unless you have an extradition agreement, or military overmatch, or you are willing to expend some diplomatic leverage, you are typically not getting a citizen out of a foreign country. The government complains about this all the time with goods from SE Asia, and sometimes they seize fake designer goods and make a lot of noise about it. But the people making the knockoffs just keep on making them, don’t they?
just because a law is difficult to enforce doesn't make it not exist. There are laws for this, and they are enforced. If you aint caught its not illegal?
Typically one-sided laws are not enforced against citizens of foreign countries except in rare cases, because it creates diplomatic friction. Countries really don’t like it when you arrest their citizens for things that aren’t illegal at home. And when one country has enormous leverage over another, it’s a bad idea for the less powerful country to attempt enforcement. A visa ban would usually be a more appropriate tactic.
> Then no country should have legal authority over companies operating in the country but based internationally.
Not sure I see how your logic has led you there. If a company (regardless of where they are headquartered) is operating in your country, then you necessarily have some sort of jurisdiction over it:
- If they are using servers or domain names hosted in your country, you can seize them.
- If they are making use of your country's financial system, you can ban them from that system.
- If they are shipping physical products to your country's residents, you can intercept those packages at customs.
- If any employees (or, better, officers) of that company are physically present in your country, you can fine or arrest them if they don't comply.
- If you have an extradition treaty with the country where they're operating, you can ask that country for help. If they decline, that's unfortunate for you, but that's life.
And right, in the end, if there's no "presence" aside from people in your country accessing foreign websites, then you can (given the right legal mechanisms) order ISPs in your country to block those sites. I don't see why any foreign-operated website should have any obligation to examine your laws and pro-actively block your residents from their site if needed; if you want your laws enforced on your residents, then... enforce them on your residents.
> But saying the internet should be a fully unregulated hellscape is not a sensible position here.
While I do see a few low-effort comments to that effect, I don't think that's a common opinion here. I don't even think the person you're replying to holds that opinion.
Then no country should have legal authority over companies operating in the country but based internationally.
But this is the real issue. To what extent is a company "operating in" a country where it has no staff and no physical presence?
The principle that someone should become subject to the laws of a country they've never visited and where they have no assets just because they communicated with someone else who does live in that country seems questionable. Even if money is sent by the person living in that country to someone based elsewhere it still seems questionable.
Taken to their logical conclusion these kinds of arguments would kill off a lot of the value of the modern Internet (assuming they could be practically enforced). Can you even write a blog post any more if it might be controversial in any country in the world? Do you have to pay if you show ads next to that blog post and someone from the Sovereign Republic Of East Nowhere visits - but the Sovereign Republic Of East Nowhere has a law prohibiting online advertising as a social harm and imposing a fine of 1000% of global revenues generated through ads? What happens when the laws of two different countries are in direct conflict and one requires you to include an official warning of some kind alongside certain information on your blog but the other one prohibits such statements unless you're formally qualified to give advice in the field?
If you want to interfere with international trade or international communications at all then it makes far more sense practically - and arguably both morally and legally as well - to legislate so that your own people in your own country who are subject to your own laws are the ones who must or must not act in a certain way. If there's some kind of regulation on physical goods then make the person importing those goods responsible for compliance. If you want to tax international transactions then make the person in your country who is participating in those transactions responsible for declaring and paying the tax. But realistically this leads to a lot of non-compliance because your citizens don't have to be experts in international tax law so you can collect your $1.53 when they bought a new T-shirt from some online store based in another country and had it shipped.
We have treaties with other contries to cover most of these cases and customs to cover many others.
What the UK is doing is claiming, without having dealt with this via treaty that I am somehow responsible for keeping their citizens off my website. This is not something they can actually do. Now if they made a deal with my country that said that I had to in some way we'd be in a different universe. But currently they do not.
As I, and probably many others, see it. If they don't want UK citizens visiting 4chan or whereever they should control the flow of data through their borders better and punish their citizens for data smuggling if they vpn their way around it. It's no different than prohibited goods like automatic weapons. If I send someone in the UK a fully automatic ak-47 (which is legal in my juristiction) then I suspect UK customs will catch it at the border and possibly jail, or at least have a stern talking to the recipient.
That’s what they’re doing
No, they are making threats about the site in country A while the site has voluntarily blocked all of country B, with country B saying that this isn’t enough, despite the operators in country A being out of jurisdiction and making an effort to comply regardless. Country B is basically saying that the site in country A is not allowed on the internet at all.
It’s not at all what they’re doing, and claiming so is either extreme ignorance of the situation or deliberately lying.
If I recall correctly, this is how the GDPR works. If someone to who the GDPR applies to visits a website, a website cannot record any information about them, regardless of whether that website actually is based in the EU, which is why certain US websites block traffic from the EU.
Source: https://gdpr.eu/companies-outside-of-europe/
E.g. the website in this article https://news.ycombinator.com/item?id=45819635 does not work when you visit it with a European IP address. You get an error 451.I don’t understand the IP location criticism at all. At least for my experience across Europe all locations that are being reported by the common databases are within 250km of the actual customer.
IP locations work great for probably a reasonably large chunk of services.
But it's the edges that get you.
I moved home a few years back, connected a new service with the same ISP.
They have an IP pool that is labelled as for one state (Victoria, Australia) but is also used for their services in Tasmania.
So now I have to fight every major website (Google, Amazon, Maxmind, etc) that does GeoIP lookups that I'm not in Victoria, I'm 500-800KM away.
Google was very confused for about 12 months because when I moved I also brought my wifi gear and so it would give me a precise location of my old address because it used wifi geolocation.
Maybe this is very european of me but 250KM is outrageously far. Dublin to Belfast is like 130KM. If it says they're in Seville (in Spain) within <200KM they could also be in Portugal, Morocco, or Gibraltar. If it says you're in Brussels within <200KM you could also be in France, England, Germany, Netherlands, Lux. If you're in Vienna (Austria), you could also be in Germany, CZ, Slovakia, Hungary, Slovenia or Croatia. Maybe you're in Vilnius? You could also be in Latvia, Poland, Russia or Belarus.
Comedically far.
The criticism is that it exists, which invites abuse. Being more accurate would be worse.
When you put it that way, well, it made me chuckle. (The irony!)
I don’t agree that choosing to host a website without limiting the audience is innocent. It’s a choice, and has been the default for a long time, but it means one has chosen to speak outside the borders of their own country and that comes with rules, like them or not.
No, one has chosen to make something available for contact within one country. One is not actively himself reaching across borders to do so. One cannot reasonably be required to take any affirmative action to fulfill the whims of a foreign government.
Also, Britain isn't important enough to make this stick against e.g. an American.
If someone writes me a letter asking a question about material that is prohibited in his own country, that is not my problem. It is his responsibility to comply with local law and that of local government to seize material that is illegal there. They cannot deputize me to act, unpaid and without consent, on their behalf.
What is having your web server send IP packets with an IP address addressed to an overseas address to your ISP who you have signed a contract with to have them deliver those packets to the designated address if not actively reaching across borders?
That's what happens when you respond to a request after all. (Up to very minor nits, e.g. you might be paying a cloud provider instead of an ISP).
It is a reply. I am not responsible for checking the locality of an IP address. Indeed, I can never do so with one hundred per cent accuracy. It is Not My Problem.
Governments that expect some content or other blocked can damn well do it themselves, in their own legal system. They cannot compel someone else to spend his time, talent, or treasure to enforce their petty rules.
If they go after one of their own for requesting something from me, whatever. If they block me, whatever. I suppose they're within their rights to do that.
The federal government "deputizing" or trying to chill private actors out of speech, out of doing business, etc. is a violation of Americans' first amendment rights; so held SCOTUS last year. No way in h--- are we letting some tinpot foreigner do so.
It is a reply... that you chose to send despite being fully aware that by doing so you might be reaching out across borders because that's how the internet and your contracts with your service providers works.
Governments can do whatever they damn well please in their own territory. Including arresting you if you ever visit because you violated some law that they wrote that applies to people in the rest of the world, or even you violated some law that a friend of theirs (i.e. a country with an extradition treaty) wrote to apply to people in the rest of the world. If those actions compel people to spend their time, talent, or treasure to enforce their petty rules then they can do that.
Whatever "actively reaching out" standard you are imagining doesn't exist in the first place. Even if it did though, you clearly violated it when you sent the reply to the request actively aware that it could go across borders.
SCOTUS (with an emphasis on the US) decisions seem rather irrelevant to non-US actors.
> It is a reply... that you chose to send despite being fully aware that by doing so you might be reaching out across borders because that's how the internet and your contracts with your service providers works.
I think you're looking at it the wrong way. I'm not thinking about that at all. I do not care about that at all. I am not beholden to the laws of any other nation when I operate my website[0]. I don't care about "reaching out across borders". I don't event know the geographical origin of requests that hit my server, because I don't care, and I have no need or desire to hook up some sort of (error-prone) geoIP database to my logs in order to categorize requests. Once the HTTP response packets leave my server and hit the first router hop, I have no knowledge or interest in where they end up after that.
> SCOTUS (with an emphasis on the US) decisions seem rather irrelevant to non-US actors.
Not sure why you're bringing that up, as GP didn't mention SCOTUS at all. But as a US citizen and resident, SCOTUS' rulings are all that matter to me when it comes to what I personally do while at home. If SCOTUS says the content on my website is legal based on US law, then I don't really care whether or not it's legal in other countries[0, again], and I shouldn't really have to; life is too short to have to worry about that sort of thing.
[0] Sure, I agree with you that this could be a problem for me if I do break any of their laws, and then later decide I want to visit that country. It could also be a problem if that country has an extradition treaty with mine, and my country is for some reason incentivized to give me up.
The US will enforce most UK court judgements. I'm not sure how administrative fines work; there might be a need to involve a court first, but once that's done the US will [on edit- may] enforce them.
The US will not enforce UK judgements or fines if enforcing them is contrary to the US' own laws, including its Constitution. SCOTUS ultimately decides when that's the case.
So it's really, really relevant to whether a non-US actor like Ofcom can actually collect fines from people inside the US. That's a separate question from what the UK government can do to people from the US who actually enter the UK, and an important one.
Sure... I think it's pretty much a given that Ofcom expects the US won't help them enforce this law given the 1st amendment. That doesn't mean they won't/shouldn't do their best to do so by themselves..
That's exactly what it means. Actions have costs. Actions this stupid have big costs. If a task is impossible and even trying has a cost, its best to do nothing. Ofcom are bureaucrats, I'm sure they are well practiced at doing nothing anyway.
Starmer's approval rating is under 20% now and his party doesn't have a snowball's chance in hell of holding on to power. Labour has dropped to 4th in the current polls. He is the most unpopular PM in UK history. Dumb things like this are probably part of why. So continuing the same hopeless and unpopular actions is probably a bad idea. I don't think he can jail enough UK citizens to keep himself in power.
> That doesn't mean they won't/shouldn't do their best to do so by themselves.
If I were a UK citizen or resident, I'd probably be pretty pissed off that Ofcom was wasting money and resources on battles they are going to lose. Well, I suppose, since Ofcom is funded in large part by the UK-based businesses it regulates, if I were an officer, employee, or shareholder of one of those companies, I'd be pissed that they're wasting money paid by my company to fund them.
And even though Ofcom is not directly a UK government agency, there are certainly political costs to tilting at windmills for the UK government.
You can't but ISPs could if they wanted to. Someone knows the billing or contact information of the person originating the packets.
“ Governments that expect some content or other blocked can damn well do it themselves, in their own legal system”
What you are describing is exactly what is going on here. OFCAM’s final action, if taken, is blocking at ISP level. All of the legal stuff is happening in the UK system.
I’m just sort of curious for your thoughts after learning that.
(Also, I’m curious about the SCOTUS decision, I.e. which one? I used to be a law nerd and got a kick out of reading oral arguments for the first time in years this week, would appreciate more material)
No, it's also able to do things like issue fines, which they have, although American law is not amenable to actually collecting those if their assets are all here. I don't really care if british choose to block something on british soil.
Murthy v. Missouri was generally a loss; 6-3 with Justice Barrett for the majority ruling states lacked standing, which is consistent with the Roberts court's informal policy of dodging. Alito dissented, joined by Thomas and I think Gorsuch, and that is worth a read. The more important one was NRA v. Vullo, a unanimous opinion from Sotomayor. Gorsuch wrote a concurrence as did I believe one other justice.
The remarkable thing about Murthy is it was bipartisan, with the 3 dissenters being conservative.
The client requests content from a server. The server may be abroad. It's the same as ordering goods from abroad, only much faster. I wonder what the law is for importing goods that are illegal in the destination country.
It's really the same principle. For physical goods that are crossing borders, but are illegal in the destination country, their customs officials can seize the goods. For data packets on the internet, the destination country is free to block them if they find them objectionable.
whatever the laws are, they are the responsibility of the importer, not the producer.
If someone writes you a letter than they have your family hostage, and to route 50.000 dollars thorough bitcoin to not have them killed, with a AI generated video as proof; are they scott free because they're not based in the US?
First of all, this is about Web sites, and that's not a valid analogy. Web sites don't spontaneously send you letters, let alone kidnap you. You only get content you actively asked for.
Second, where is the person writing the letter from? Mars? They're going to have a hard time finding a place where kidnapping and extortion are legal.
Third, the letter would in fact presumably be aimed at a specific person in a specific country... as would the kidnapping.
Websites absolutely spontaneously send letters, or advertising flyers.
The company could be from china or Russia with little interest in diplomatic pandering for such a small incident.
Providing a user a service in exchange for payment is also aimed at a specific person in a specific country.
heck, if no laws can be applied across borders, it could be a website selling the service of fake extortion letters.
And don't mix up "difficult to enforce" with "legal". Constantly changing domains and hiding who is behind the service are efforts to avoid being caught by very real and enforced laws.
Yeah, nah, the internet is pull not push. If a citizen of country A seeks material from country B that's legal in B but illegal in A that's on them.
This is the key point. No site is sending material to the UK unsolicited. People in the UK are initiating the download of information they find of interest. If the UK government has a problem with that, it's on them to block the downloads on their side. UK laws have no power outside the UK.
That's absurd. If I put up a website that I believe is lawful in my own country, I'm not even thinking about people in other countries. If people from elsewhere access it, it's up to them to ensure that the content on my site complies with their local laws.
If the government of their country believes that accessing my website is a problem for their residents, then the onus is on them to sort it out on their own, without my involvement. They are perfectly capable of ordering ISPs that operate inside their borders to block my website from their customers.
The fact that Ofcom hasn't just done something like this in the case of SaSu, 4chan, etc., shows that they are not actually interested in "online safety"; they're making political statements and are trying to throw their weight around like the bullies they clearly are.
> I don’t agree that choosing to host a website without limiting the audience is innocent.
"Innocent"? That's a strange word to choose. Who cares what's "innocent"?
> It’s a choice, and has been the default for a long time, but it means one has chosen to speak outside the borders of their own country and that comes with rules, like them or not.
... or it means one has chosen to speak inside the borders of their country, and people outside those borders have chosen to import that speech. Web sites don't lob speech at you willy-nilly.
The bottom line is that that standard is impractical to implement, illiberal in its effects, and just generally a bad idea. For that matter, it's also at odds with most of the ways the world treats trade in physical goods.
If you choose to call my automated joke line running off of an answering machine in my home, do I have to follow your country's laws or my own?
are your websites compliant with Russian, Chinese, and Iranian laws and online regulations?
Beat me to it. This is my go-to analogy for people who don't understand the problem. I am 100% certain I've violated North Korean law by posting mean things about Dear Leader. I couldn't care less. If I were to find myself in NK, I'm sure I'd care a lot, but that's not going to happen, so I don't.
If I'm not afraid of violating NK law — because I'll never, ever be there — then the same logic holds for the laws of every other country I won't be visiting.
It actually doesn't lmao.
> The primary one is that the notion of a “UK based IP” is nonsense. Geolocation databases work by figuring out where people log in from and only after doing a lot of pattern recognition do those addresses get associated with that location.
I support the cause, but I don't think that's true. RIPE, the RIR responsible for UK, makes available a list of allocations per country. For UK:
These are actual per-country allocations, not interpolations from access patterns.This is only "supposed to be" accurate to some definition of what country the IP is assigned to, it is not an authoritative field for where it is currently being used. Multinational corporations, M&As, georedundant failover, leasing/selling, and other events often result in this field being outdated or plain wrong. Hell, I've been able to advertise part of my ARIN assigned US IP space out of a peer in Europe. This also ignores the EU designation on certain records https://wq.apnic.net/apnic-bin/whois.pl?searchtext=94.102.16...
Edit: RIPE actually has documentation on this fallacy specifically https://docs.db.ripe.net/RPSL-Object-Types/Descriptions-of-P...
> “country:” – Officially Assigned two-letter ISO 3166 country code or "EU" (exceptionally reserved). It has never been specified what this country represents. It could be the location of the head office of a multi-national company, where the server centre is based, or the home of the End User. Therefore, it cannot be used in any reliable way to map IP addresses to countries.
Yeah, geo-IP is not perfect, but it's not built on pure guessing like the author implies.
Yeh it's the sub-country data that's often bad, not the national stuff.
Not true, IP addresses are sold on, or even from time to time IP addresses are even leased (they can be transferred from RIRs, temporarily or permanently). Some times IP address ranges are registered with RIR but used in a different geography / region.
Geo-IP databases are mostly accurate, emphasis on mostly.
And then there's the case of mobile roaming.
In the overwhelming majority of cases, mobile roaming traffic uses "home routing", not "local break-out". This means it is routed to the country where the user normally resides, not where they currently are. This means:
- For people visiting the UK (and potentially staying there for a long time, if on a permissive roaming plan), their IP address won't show up as UK despite long-term residence / citizenship.
- British people visiting other countries will still be subject to OSA, even when they should not be.
- People (including British people!) who buy British AirAlo SIMs may not get a British IP. AirAlo often uses SIMs registered in a different country than the one you're visiting, and the "exit node" (P-GW) may be located in a different country altogether. I suspect this last option will become quite attractive if VPN bans ever actually come into effect.
This is pretty much unfixable without major changes in how LTE roaming is conducted worldwide, and the UK isn't important enough to make that happen.
Is there really nowhere that you can get a non-UK IP while still being in the UK? What about along the Ireland/Northern Ireland border using a cellphone?
No edge cases, it is a matter of law.
The author addresses this: these IP allocation lists are rife with errors and are sometimes outdated.
This is likely why someone living in the UK was able to access one of the sites in question despite the geoIP-based ban.
Regrettably, the list in question offers limited operational value, as it omits the so-called «exit» CIDR's utilised by major cloud service providers – a glaring omission that renders the dataset largely superficial.
Let's, for analytical clarity, set aside the UK and examine Germany as an isolated datapoint.
AWS, for instance, possesses and operates the entirety of the 3.0.0.0/9 address space – a range distributed across numerous jurisdictions and continents. Notably, significant CIDR allocations from 3.0.0.0/9 reside within German territory, yet remain absent from the RIPE registry. Such inadvertent obfuscation undermines efforts at precise geolocation.
One may, through inference and correlation – specifically via https://ip-ranges.amazonaws.com/ip-ranges.json – arrive at a reasonably accurate estimation of the German CIDR's by aggregating address ranges tied to a designate AWS region they are associated with. Such inference is only feasible due to the vendor’s decision to publish such data. I would reasonably conjecture that other cloud providers engage in a comparable practice.
Thus, whilst it is not altogether impossible to ascertain the geolocation of a given IP address, the exercise remains contingent upon the discretionary transparency of global infrastructure operators and multiple indirect information sources – a rather fragile foundation upon which to build certainty.
The most frustrating part here is that this car crash of a policy had cross party support so there wasn’t even a way for UK people like me to vote against it.
Even in Reform, I get the sense that Zia Yusuf was the only person campaigning seriously against it. Going on a one man crusade to force Farage to criticise it and put fully repealing the act on their manifesto.
It was a Reform politician who championed it in: https://publications.parliament.uk/pa/bills/cbill/58-03/0004...
WITH A RAP https://www.youtube.com/watch?v=9ql6tGu9aWg
https://www.youtube.com/watch?app=desktop&v=r4mRo2M5VMA
Yes, but she is now allied with a party that has committed to repealing it. This seems to be the result of pure political calculation by all involved. Dorries is unfortunately quite popular with certain demographics that aren't natural Reform supporters (i.e. the sort who love the OSA), so bringing her in probably does help them. But they know they can't absorb too many former Tories without undermining the justification for their own existence.
Yeah they really shouldn’t have let Nadine Dorris into the party. For the sake of online freedom, thankfully Zia outranks her (as she holds no official position) but even so it’s not an ideal situation.
Interesting isn't it...
> They’re definitely not treating it like a public safety matter, where they know how to reach us and know that I generally respond within the hour.
It's been exceedingly obvious but it's nice to know that Ofcom never thought that anyone would bother to fight back. This is clearly not about public safety but about controlling American corporations.
Parliamentary forces seem to be directly suborning this corruption.
> This is clearly not about public safety but about
To me, this looks like the culmination of many years of ad hoc censorship breeding cadre of favored censors. They've all grown into a system of expectations where they can just finger frustrating bits of counter-narrative and have it disappeared.
The Powers That Be don't care to hear pesky details about jurisdiction. As such, there is no one around with the temerity to point out the inherent absurdities. So they pursue "offenders" despite the obvious futility, because not doing so means explaining difficult things to people that will not listen.
As I recently wrote[1], there is no metaphysical certitude that Ofcom and its intentions will be forever futile: all that is necessary is for the political vectors to align optimally (as they inevitably will,) and the LEOs of the US would be happy to oblige.
[1] https://news.ycombinator.com/item?id=45622304
> This is clearly [...] about controlling American corporations
Not exactly. On the surface, it's about kowtowing to pearl-clutching UK NGOs that are empowered by Rupert and Lachlan Murdoch's hysterical tabloids; and underneath, the real agenda is about restricting the influence of unsanctioned sites that could influence UK discourse - influence that established UK press barons (like the Murdochs, Lebedev, etc) want to keep very much to themselves.
The people who are most responsive to NGO campaigning aren't overlapping much with people who read The Sun. Sorry but Murdoch can't be blamed for this one.
The OSA is mostly supported by people who read The Guardian or The Times and watch the BBC. It was originally the work of academics (not big tabloid readers usually) like Lorna Woods, who is supposedly a professor of "internet law", a guy who is the founder of Ofcom, and Baroness Beeban Kidron. If you search Google News for their names you will find lots of left leaning broadsheets and not tabloids.
https://news.google.com/search?q=Beeban%20Kidron&hl=en-GB&gl...
The first five news sites for that search are: Financial Times, The Guardian, BBC, The Times, The Guardian again. Zero tabloids.
Politicians, who write the actual laws, are all extremely sensitive to tabloids.
> could influence UK discourse
Is 4chan attempting to unfairly or unduly influence UK "discourse?" Or are they just _contributing_ to it as members of the public on an anonymous forum?
> Rupert and Lachlan Murdoch's hysterical tabloids
Which actually are an attempt to influence UK discourse. The framing errors are interesting.
influence that established UK press barons (like the Murdochs, Lebedev, etc) want to keep very much to themselves.
I could see that last century. But do they even care about influence anymore? Isn't the money all they care about now?
The Sun has cumulatively lost about £500m over the last few years. I presume there must be some other purpose for keeping it around.
This is how the UK government, faced with pressing issues, chooses to waste its time and destroy its remaining reputation for competence.
There was never any chance that this would fly outside the country, least of all in the USA. Whoever gave Ofcom the extraterritorial power it has to pursue these goals clearly intended to ensure its failure, and for this I am grateful.
When a country transitions from manufacturing to services, it ends up trying to export its legal system.
The USA has been exporting its legal system for decades. And the UK still makes plenty of stuff. I really don't think this is valid. There is a close analogy though, companies that end up losing in the marketplace tend to become legally active to try to extract a tax from those that did better.
I fully agree that the US does the same thing, as do other countries- that's why I framed it as a general observation. I agree about the similar corporate behavior. I don't think it's a healthy development, but it's not easy to develop a general model of how this kind of thing plays out.
> The USA has been exporting its legal system for decades
With enormous damage to global society, I might add
One of the big things I've been wondering about the decision of the Anglosphere to all switch to a service economy: why would you do that when your population is both smaller and dumber than the populations of other countries?
The UK (nor the US) has no advantage in providing services, all it can do is demand that other people be prevented from providing them.
One advantage English speaking countries have WRT the service economy is that most of the world speaks English at this point.
English became the language of international trade, of course, because we’re all just so adorably stupid, and our countries are tiny and harmless. Plus it is such an easy language to pick up…
> why would you do that when your population is both smaller and dumber than the populations of other countries?
Given that, shouldn't you be able to answer the question?
You're the smartest, most clever, most physically fit, but why does nobody else seem to realize it?
It's the UK that is going North Korea on everyone. Closing off the internet, restricting speech and so on.
Edit: that's not to say it isn't a valid strategy; NK has a big stability buff.
It wasn't a decision to switch to services - I'm in the UK - it's just left to the market and that's where the money is mostly. It's kind of irrelevant if your population is large or small etc.
Let's start with a bang. Passports and strictly enforced borders are dumb and this is a clear example of exactly why. Increasingly the digital world -is- the world and arbitrary geographical boundaries are causing nothing but problems. We are taking the ideas of physical borders and passports and, badly, applying that broken idea to a virtual space with typical results. It blows me away that the real problem with strictly enforced borders, virtual or physical, is that they almost always are used to enforce political ideology and rarely do they actually afford protection in any other way. Strict boarders should be looked at highly skeptically and always viewed as a temporary solution that should be solved diplomatically and/or socially. We don't need things like this going from city to city, county to county, state to state but wherever we see an entity that puts a strict boarder in place, virtual or physical, we suddenly see conflict and political games. There are real issues to consider here but the UK is definitely wrong, and creating more long term problems, with this 'solution'.
There's at least 2 billion people in the world that would move to North America and Europe in the blink of an eye if all the borders were opened! Can your countries support all of them without collapsing your systems?
With the invention of steam ships, railways, aeroplanes and the automobile; travel became almost trivial. In conjunction with those inventions, states also became a lot more involved in people's lives; culminating in large welfare states. 3-4 centuries ago, a state did not care much about who lived in in their territory; these days, they are likely to provide them benefits, and have certain obligations according to international treaties about how to treat people within their own borders. These state operations, along with obligations, makes states care a great deal about who enters or leave their territory.
How would the absence of strictly enforced borders help this particular situation?
Who/what would defend a website in one place from stupidity in another place, were it not an enforced border between these places?
Or do you imply that the stupidity would not arise anywhere, if there were no borders?
> Let's start with a bang. Passports and strictly enforced borders are dumb
This.
It's weird how it's not considered a basic human right to be able travel to where you want, and even live where you want as long as you can support yourself and comply with the local laws and customs.
And that's how it was for like 99% of the time that humans have existed.
When did keeping people locked inside "borders" even become a thing? I'm guessing post World War 1? Looking up history on Wikipedia says documents for "citizenship" existed maybe as far back as Ancient Egypt but there doesn't seem to be anything that forced people to remain within the nation of their birth.
The West literally bombed Japan and China to open their borders for "tRaDe" then pushed for strict borders after the world's worst wars that they started.
> It's weird how it's not considered a basic human right to be able travel to where you want, and even live where you want as long as you can support yourself and comply with the local laws and customs
The "as long as you can" is exactly the reason. There is no way to ensure the travelers or migrants can (and want) to do that, if you don't have a border.
> The West literally bombed Japan and China to open their borders for "tRaDe" then pushed for strict borders after the world's worst wars that they started.
Eh, that literally is doing a lot of work. Where's evidence to this claim? And at what point did we bomb… checks notes, China?
Also keep in mind that “for like 99% of the time” people didn't move that much. People were very linked to their source of food, community, and what brought them stability. There isn't a lot of examples of 17-century travel influencers going around the world looking for The Best Places For Foodies.
Countries have tough challenges to contend with. Borders are arbitrary, yes, but we can't hand-wave them away now. What we can do is work together at the supra-national level.
I don't really understand the concern. The UK objects to suicide forums and American operators of suicide forums are protected by the First Amendment of extradition to the UK. So if you want to operate a suicide forum from America, just don't travel to the UK and you're okay.
> just don't travel to the UK and you're okay.
Pretty much avoid entering Britain or its dependencies or you'll be nabbed on a Commonwealth Warrant and extradited to England.
Seems reasonable. If I committed what is considered a crime on American soil, I wouldn't expect to be able to enter the US without arrest.
Even if it was legal in your own country? That seems odd.
Yes, and this already happens, every day.
So like a German going 160kph on an appropriate section of the autobahn should avoid travel to the US?
I think the classic example is copyright and hacking offences, of which there are many many examples. Legal in a person's home country, very illegal in the US (unless you are a big corporation, of course).
But in this case, they weren't on UK soil when they did something against UK law.
There is a grade to crimes. Lesser crimes are only punishable if they were done in a country. Bigger crimes are punishable even if you did them outside of the country.
Imagine that your own country finds out that you were a prolific serial killer while on a holiday in another country. Do you think they will just ignore it?
This is because your home country has jurisdiction over you and is more than free to write laws punishing you for whatever they want.
This is country B considering something a citizen of country A did while in country A to be a crime. And not that it even matters but in country A that thing is legal. Like country B is a sovereign state and can arrest you for whatever it wants while you're there but the bigger question is whether country A should be mad about it and impress themselves on country B to get them to not do that.
That's really the issue here and exactly what the GRANITE Act he's proposing does.
It seems like the US is actually being too nice here. It's a perfectly reasonable position to reject the notion that a country has global jurisdiction and to consider such an arrest to be a hostile act against the US. I would be pissed the moment a country thought it could punish one of my citizens for something they did while under my jurisdiction—even something that I consider to be illegal.
Many countries have extradition treaties with both the UK and the US. Be careful to check those as well.
Usually, countries only respect extradition treaties when there is an equivalent law on their books (the workaround would be to charge someone with bullshit charges for the extradition)
The main issue is that few countries respect freedom of speech on principle and even that group has edge cases.
Don't most crimes still require mens rea? Or is that only a US thing?
Mens rea usually means intent to do the thing, not intent to commit a crime.
E.g. if I involuntarily swing my arm and hit someone in the face as a result of a medical condition I lacked the appropriate mens rea and am not guilty. If I intentionally punch someone in the face while being somehow unaware that I'm not allowed to do that I am guilty.
Hard to see how mens rea would save anyone from being guilty here.
US doesn't care about mens rea for certain crimes involving speech anyway.
Anti-blasphemy laws, which is what these laws are, don't care about that either.
I'm not sure, but it wouldn't apply in the case we are discussing or I assume most businesses operating globally.
Yes the US does this shit all the time. Suck it up.
So you like it when the US does it, and want to encourage more of it worldwide?
“Suck it up” like you stubbed your toe and not like you got shoved in a cage by a foreign government.
Extraordinary rendition is still a thing, though; the US has done this several times.
Now, granted, the US is a freer country than the UK is so that doesn't usually matter all that much, but all the US would need to do to nullify its 1A would be to simply permit the UK to enforce its claims of extraterritoriality in US-friendly airspace.
What speech they might be permitted to prosecute would naturally change based on administration.
First of all, I anal and also this is more of a question than a statement but
a us person could travel to a country x and that x could send this us person to a UK prison? I don't know if doing so would be legal but when the rubber hits the road, each country x is technically sovereign and does not have to honor the first amendment of the US constitution.
So even if it might be frowned upon to extradite foreign (US) nationals in country X (such as Canada or India) to the UK, they could do it anyway to send a message?
I traveled to a lot of countries during my time in the military. I was also a legal officer that had to deal with legal issues in foreign countries.
Traveling is no joke. Americans often act like the world is their playground, but you are subject to the laws of the jurisdiction you're standing in. Traveller beware.
Your First Amendment rights only apply within the United States, this should be obvious. Nonetheless, extradition treaties generally require that a crime be considered a crime within both jurisdictions.
Most of Europe does have similar thought-crime and censorship laws as the UK now have. Also, the crime of "hindering an official investigation" could be interpreted into this, and this exists practically anywhere.
The only further question would be if the country is friendly enough with the UK to extradite.
Can you show me the "most of the Europe"? This seems as a false statement. It seems incomparable to the UK for me.
Extradition of a foreign citizen to a third country is not a simple matter, diplomatically speaking. The US might not have the hegemony it enjoyed 20-30 years ago, but it certainly has plenty of sway.
When it's a matter of drug charges or other obviously criminal activity, the US embassy and diplomats don't normally raise a fuss, but for something like this where the person made first amendment protected speech in the US? That'd definitely raise all kinds of hell.
Why would it?
Plenty of US citizens would actively cheer the notion of having a foreign government arrest their political opponents as an end-run around the fact they're not allowed to do it at home.
After all, 1A/"freeze peach" laws should only protect you from your government, right?
> Plenty of US citizens would actively cheer the notion of having a foreign government arrest their political opponents as an end-run around the fact they're not allowed to do it at home.
I'm not convinced that plenty of US citizens would celebrate a foreign government arresting an American for what would be protected by the 1A in the US. There will always be trolls, of course.
> After all, 1A/"freeze peach" laws should only protect you from your government, right?
If my government has the longest dick of all governments in the world, and knows how to swing it, I'm not so sure.
Plenty of US citizens openly celebrated the murder of an American for what was protected by the 1A in the US.
So no, I don't think that the people who celebrated that would care, and said people would actively support an administration that actively encouraged the UK in this manner for the same reason.
Nope. US law is international law (because we have all the guns). The UK government would never defy us; they know their place.
I wouldn't be surprised to see the US administration being very selective about which "first amendment protected speech" they actually cared about. I can even imagine them rapidly extraditing somebody who's speech they didn't like, such as pro-abortion or anti-fascist.
I was reading anout attacks on the 1A and thought this was about the UK extrading US citizens. If this is just that you'd get arrested in the UK, then yeah this isn't a 1A concern. Though the US govt should still do something about it imo.
It's not clear to me that the UK even has a mechanism to discover the operators of such sites. If I found myself in such a position, I imagine I wouldn't even bother trying to block UK IPs and let them sort out their own internet blocking.
First they came for the suicide forums...
Exactly. Honestly after the how article was ended by the nonsensical nationalistic chest beating which I absolutely didn't understand why author felt the urge to do that, I got the feeling that it was more about some sense of authors nationalistic pride. I do not even slightly support these UK's regulations and even an possiblity of ban of VPN services seems bizzare to me but as you said. He is already protected.
> suicide forums are protected by the First Amendment
Are they? Is all speech protected? If so, how do you prosecute people who leak secrets?
> Are they?
Yes
> Is all speech protected?
No
> how do you prosecute people who leak secrets?
See above
It depends, and no obviously not. Having a forum to discuss suicide/suicidal ideation is fine, outright telling someone to kill themselves is illegal. The Michelle Carter case is an example of this
the bravado makes for some great irony. worrying and feeling ultra-superior about the UK government, while letting the tiktok ban and forced sale go through unchallenged.
altogether, if you dont care about following this UK law, whats the need to carr what the UK government does? just dont go there or do business with people who care about the UK government. same as US sanctions and secondary sanctions. the UK at least is a small market
> worrying and feeling ultra-superior about the UK government, while letting the tiktok ban and forced sale go through unchallenged.
And more to the point, many US states passing or attempting to pass laws which aren't all that different to the UKs OSA. Mississippi's version is in some ways even more onerous to enforce as it requires social networks to age-check all of their users, not just those who want to access adult or "harmful" content. Bluesky notably went along with the OSA but considered Mississippi's demands to be over the line and geoblocked them instead.
https://en.wikipedia.org/wiki/Social_media_age_verification_...
> And more to the point
What's the point exactly? That some US states also did something similar re porn so therefore it's a nothingburger and we shouldn't care about this lawyers campaign to protect the internet from censorship?
I think Bluesky probably went along with the OSA because the population of the UK is like 20x that of Missisipi. Wake me up when they geoblock California.
Common misunderstanding in these comments:
Ofcom expects _you_ the foreign entity to implement geoblocking perfectly. And if not, they will try to fine you first before they even consider implementing blocking on their end.
That's the core issue here.
This has nothing to do with foreign entities circumventing UK based blocking and getting Ofcom letters for it.
Why doesnt the UK block the website? They do this for plenty of sites. The legal target should be UK telecom companies
Sounds like UK problem to me. No one can be expected to know or abide laws of another country. In person or in the digital realm. If UK has some laws, then UK citizens should abide them, not the rest of the world. In other words, say betting is illegal in UK and I as a UK citizen go and make a bet via website that is run by a business in Panama. The Panamanian company should not concern itself with anything but rather it is me whom is breaking the law.
> No one can be expected to know or abide laws of another country.
If this is your view, do not travel or do business in other countries. It's simple.
Or post on the web in case it annoys some country.
>This is demonstrably false.
By testing from.. a single VPN IP?
And as noted in other comments here he doesn't seem to understand how geo ip databases are maintained. I sure won't be asking this guy to represent me anytime soon.
He is not claiming being blocked from one IP proves the geoblock is complete, he is claiming it shows that the geoblock in place is also active for the mirror site.
>What appears to have happened is that SaSu had a site mirror and that someone figured out a way to hit the mirror – which was also subject to the geoblock, something which took me under a minute to personally confirm – without using a VPN.
And also:
> If I had to guess, it’s that some NGO found some UK-based IP addresses which weren’t captured by the block because they weren’t properly geolocated.
Ofcom's clarified contention is that the geoblock is unreliable, while the lawyer seems to be rebutting the original statements that they interpreted Ofcom as claiming no geoblocking was active ('remains accessible to UK users', 'was directly available to people with UK IP addresses (with and without a VPN)').
The combative stance that he's taking really doesn't do him any favors in resolving the issue.
Lawyer: "I've confirmed that at least one UK IP address is blocked."
Regulators: "We've confirmed that at least one UK IP address is not blocked."
In what world is the correct response "Dear regulators, you're incompetent. Pound sand." instead of "Can you share the IP address you used so my client can address this in their geoblock?"
> In what world is the correct response
Any world in which US citizens in the US aren’t subject to UK laws in any case.
> In what world is the correct response "Dear regulators, you're incompetent. Pound sand." instead of "Can you share the IP address you used so my client can address this in their geoblock?"
That would imply that the client actually would like to be contacted every time Ofcom found a leak in the geoblock. Not a good idea imho.
It sounds like they would welcome that, e.g. in the update to the post
>They’re definitely not treating it like a public safety matter, where they know how to reach us and know that I generally respond within the hour.
They don't agree that it is a public safety matter, or at least they've clearly taken the position that they don't care about that kind of public safety.
He's just pointing out that Ofcom's behavior is inconsistent with Ofcom sincerely believing it's a public safety matter either.
I this is exactly how you should respond to outrageous demands.
The UK should pound sand.
I get that it's satisfying to tell them to go away because they're being unreasonable. But what's the legal strategy here? Piss off the regulators such that they really won't drop this case, and give them fodder to be able to paint the lawyer and his client as uncooperative?
Is the strategy really just "get new federal laws passed so UK can't shove these regulations down our throats"? Is that going to happen on a timeline that makes sense for this specific case?
He says on his site that he wants the US to pass a “shield law,” I guess the idea must be to pass a law that explicitly says we don’t extradite for this, pass along the fines, or whatever.
It seems like inside the US, this must be constitutionally protected speech anyway. I’m not 100% sure, but it would seem quite weird if the US could enter a treaty that requires us to enforce the laws of other countries in a way that is against our constitution. Of course the constitution doesn’t apply to the UK (something people just love to point out in these discussions), but it does apply to the US, which would be the one actually doing the enforcing, right?
Anyway, bumping something all the way up to the Supreme Court is a pain in the ass, so it may make sense to just pass a law to make it explicit.
The British legal system is pretty inefficient. I'd probably just say sorry we'll block harder. That'll probably delay things for years, by which time there may be a different government, or a US shield law.
The absolute confidence Ofcom has in its ability to impose laws on US citizens is kind of strange. I'm waiting for the other shoe to drop. Maybe in 2028 we get a president who is willing to let US citizens be extradited based on laws like this.
EU and/or Britain has been telegraphing they want to have some limited jurisdiction over the United States for a few years now. GDPR also claims to be able to charge you for a crime even if you've never been to Europe (FWIW its mostly aimed at large corporations and I don't believe I've heard of them using it for anything other than civil fines but on paper they claim to have that authority even outside of their own borders) and during the big riots in UK last year there were law enforcement agencies threatening to prosecute Americans for inciting the riots remotely over the internet (once again they didn't actually do it but they do claim to have that authority and have threatened to use it).
For a particular (suicide related) site I know that it was 'made known' to resi-ISPs here and as far as I know everyone with existing capability to do so blocked it (though for some smaller ISPs just at the DNS level, so essentially superficially). Though that was just on the honour/good will system, I don't think any had to be forced.
I think that essentially this is probably the best way to do it, IF we must go down this route (and I think in some cases we probably have to).
An italian woman should not post her Photos in instagram because afghanistan and iran? Something seems weird here
I don't understand this.
You're perfectly free to run these websites from the US. We just exercise our right to block these at our UK shores.
Where's the problem?
They're not blocking them, they're actively seeking fines, even after the site takes it upon themselves to block the UK.
Ah, now that's silly of our dear UK Govt. Bit of an overreach there, and oh definitely they'll get bitch slapped.
It would be a lot easier for the UK to just block any site they don't like. Especially when the concern is ostensibly to protect UK citizens from harm.
But Ofcom is in fact saying that you are _not_ free to run those websites from the UK and they expect _you_ to implement a perfect blockade of UK IP addresses. On the other hand, if Ofcom receive a tip-off from a random charity claiming they found a UK IP address which doesn't get blocked for 10 minutes or whatever the hell happened here then they will try to extrajudicially internationally fine you for it.
This post is really mixed up which, for a lawyer, is really disappointing to read.
He can’t seem to decide if Ofcom’s position is that the geo blocking was disabled or that it’s not sufficient. He seems to flip flop between the two positions throughout the post.
This is really strange because he cites Ofcom’s statement! How can he not know what they’re investigating after he’s been told!
In addition, he seems under the impression that Samaritans (a suicide prevention charity) are either a part of Ofcom or if they’re a pro censorship pressure group.
Lesser issues are that he doesn’t understand the government operates out of Whitehall, not Westminster (which is Parliament) and that Parliament can put pressure on government organisations but ultimately it’s independent so Parliament and the government can only ask Ofcom to investigate (outside of passing legislation).
I guess the case he’s making is that not even Ofcom knows, because it has nothing to do with the block itself. They want to make a scene, however possible.
You can’t infer that from the statement posted. In fact, all Ofcom have done is say they’re investigating. Do you expect a regulatory body to not investigate a report from a serious suicide prevention charity?
In addition, such an inference flies in the face of the fact that Ofcom have sent staff to conferences for pornographic websites to talk to them about compliance: https://www.theguardian.com/society/2025/sep/21/were-here-to...
Isn’t compliance just as easy as asking where the visitor is from (or more specifically if they are from or in the UK), perhaps even just once per IP they visit the site from? Yes, they may lie, but that’s their problem not the site operator’s.
There's no sign that Ofcom wouldn't want to treat user lies as the site's problem. I suspect they would.
> Ultimately, what Ofcom is doing here is the perfect modern-day lesson lesson for why the First Amendment exists in the first place
The First Amendment was created to protect against foreign governments impeding on your speech?
I feel like that's really missing the point of what this amendment is about, at a time when the First Amendment is at greatest threat from the current US government.
A quote from Preston Byrne today on X:
I do not give a single solitary fuck what any Briton thinks of any American exercising their constitutional rights
If the American is lawfully exercising their rights, and the Briton has a reason to censor them, the American is right and the Briton is wrong
No exceptions
This probably sounds "cool" and correct to his supporters but this gung-ho black-and-white approach is hiding an important nuance:
The framing above (UK undermining US law) can immediately be reversed. The UK has laws (that we may disagree with) that are being undermined by US actors.
That's the nature of the internet, and the reason this is a complicated issue to resolve, not helped by showboating lawyers.
> the American is right and X is wrong
Well colour me surprised by that opinion
It is getting really hard to follow their logic.
A some point, if you do not have any relationship with the UK, go as far as blocking its residents but they still want you to abide by their law, aren't they just declaring war on the entire world?
This is something very deranged that have become very common with the world "becoming smaller": somes will go on a rampage for something happening on the other side of the planet. At the same time they will pretend not to notice that their own house in on fire.
What they seem to be trying to do is declare war on individual sites, on behalf of activist lobbying, in the hopes that they can destroy those sites despite lacking jurisdiction over them.
> A some point, if you do not have any relationship with the UK, go as far as blocking its residents but they still want you to abide by their law
Ofcom appears to agree that geoblocking UK residents would satisfy the requirements of this law. They also however appear to believe the OPs clients are simply lying about actually geoblocking UK residents - and Ofcom appear's to be the quasi-judicial entity which decides (at least as a first step).
I can't imagine OP's response to Ofcom that "we aren't doing that, but we won't explain what we were doing when we created the domain you think we created to do that" was particularly convincing.
> aren't they just declaring war on the entire world?
No, that would only happen if they started attempting to enforce the law by going into "the entire world" by force. Just declaring that some foreign entity broke your laws and owes you money and maybe that you'll arrest them if they come to your country isn't an act of war. Acts of war look like drone striking alleged drug smugglers in some other countries territorial waters without that other countries permission.
> They also however appear to believe the OPs clients are simply lying about actually geoblocking UK residents
They don't seem to claim that. They claim the block is imperfect, and they demand perfection.
Since perfection is in fact impossible, that means there's no reasonable, actually available action you can take to keep them from fining you, or at least trying to.
No, I think they were pretty explicit
> In our email dated 13 October 2025, we explained that Ofcom would be taking steps to monitor the voluntary block of users with UK IP addresses implemented by sanctionedsuicide.site and sanctioned- suicide.net on 1 July 2025.
> Ofcom has become aware that the voluntary block in place on the above two websites restricting users with UK IP addresses from accessing these domains is no longer effective to restrict UK users from accessing the service or its content. In particular, we note that content from the service remains accessible to users with UK IP addresses at another domain, namely https://dignifiedexit.com.
This isn't a dispute about effectiveness, this a dispute about whether or not OP's client spun up another domain and didn't block UK users from it.
Of course not. But this is very useful to a) show they are enforcing this shiny new law and b) lay the legal groundwork that blocking it on their side (thruough UK ISPs) is warranted.
I'm in the USA - can't I just wipe my ass with this thing just like I would from a lawsuit from Zimbabwe?
Up to a certain point, yes - if you never leave the U.S. and don't anticipate that the U.S. government will at some point extradite you to the UK. And if you travel to other countries, one of those could decide to extradite you to the UK. That is less likely with a lawsuit from Zimbabwe than a lawsuit from the UK. In other words, it depends on how much international influence the country in question has.
Only if you're okay with never visiting or transiting through the UK, or any other country that would be willing to extradite you there, for the rest of your life.
>If we concede even a scintilla of our constitutional rights, we fail.
based.
as someone from a country that had reached the bottom of many slippery slopes in less than ten years, it's very disheartening to see the West following us.
It comes across as unhinged with the current regime daily infringing the [USA] Constitutional rights of USA citizens and the UK in not way seeking to inhibit those rights.
> the current regime daily infringing the [USA] Constitutional rights of USA citizens
That has been happening for decades at this point. That doesn't make today's violations ok, but neither are they something new. The people of the USA gave up on freedom after 9/11.
Slippery slopes have existed in all western parts of the world disguised as freedom since eternity. This isn’t something new.
As if I'm going to comply with any UK laws. They still have the delusion they're some sort of empire. Good luck suing my American company
When content involves self-harm or illegal activity, the discussion isn’t just about geolocation, it’s about platform responsibility, user safety, and effective remediation. Striking the balance between free expression and preventing real harm is why platforms use content policy teams, abuse reporting, and multidisciplinary responses (moderation + outreach + law enforcement where warranted).
Different countries may have different ideas about the balance you've mentioned. One country should not impose its version on another (with threats of jail time). This is what the discussion is about.
>>If any censorship demand gets through our border, we fail.
That means we defend every site, however small or controversial it may be, from foreign attempts to infringe on their constitutional rights. It means not giving up so much as an inch of ground without a major fight, if those are the instructions. It means we must not ever lose.
--
That is a powerful pro-bono defense message by the US person doing it.
Just like the Trump says climate crisis is a hoax and wins elections, can't somebody in the UK say Online Safety Act is nonsense and win election and repeal it?
My personal ranking of principles would never put me into the position to defend an organised group encouraging vulnerable people to successfully kill themselves. That's not a free speech issue, ever, it's clearly immoral. Your liberty should never allow malicious harm to others. I would lump these people into the same place we put child molesters and murderers.
> I would lump these people into the same place we put child molesters and murderers.
So would I, but freedom of speech doesn't have an exception for bad people, no matter how bad they are. Remember the Skokie affair, where a Jewish lawyer defended the Nazi Party's right to free speech? That's what really believing in free speech looks like.
It’s of course reasonable to rank principles that way, and I’d probably agree with you, but it’s not true that it’s “not a free speech issue”. It is a free speech issue, you’re just saying you value other concerns above absolute free speech in certain cases.
'Absolute free speech' doesn't exist anywhere. Would you be arrested if you told national secrets? What would happen if you told everyone at work (unfounded) that your boss abuses their children?
> 'Absolute free speech' doesn't exist anywhere
You’re right, but I never claimed it did. Even the famously expansive US freedom of speech protection is not absolute.
> Would you be arrested if you told national secrets? What would happen if you told everyone at work (unfounded) that your boss abuses their children?
Yes you would be arrested, which is a freedom of speech issue, however banning this speech, despite harming freedom, is justified by other factors that are more important in these cases.
Why is it that every mention of the UK government I hear in the news, I think "wow, those guys are absolute scum!".
They should just hand it back to the king, the democracy experiment has failed there.
That's how filter bubbles and propaganda work.
Take this case: the law was enacted two years ago by a different government, the regulator follows the law as enacted, and yet no one cares about this little nuance.
In reality, it's a decent technocratic government trying to reverse a decade of mismanagement and fighting about five hundred fires at the same time. It's OK to good.
The party currently in power enthusiastically supported the OSA when it was enacted, and has been enthusiastic about implementing it. They're not just mechanically enforcing something that they inherited.
I agree with you on the decade of mismanagement and five hundred fires, but Labour (and the Lib Dems) supported this bill when it was being voted on.
Funny how that works, when the government I voted for is in, they're a good government and all problems are caused because the previous one was terrible.
Democracy: everyone's somehow smarter than everyone else.
We're aggressively blocking UK IPs before we even have our product ready, neither our website nor our software will work for visitors from the UK, our ToS will prohibit use of our software for UK residents, and we will not sell or offer the software in the UK. Ofcom would have to put a lot of effort to circumvent these measures to even know we exist.
In a nutshell, I'm moderately confident that this will suffice to keep Ofcom away.
So the story behind the title is that the UK gov claims that the IP block wasn't working? And the author agrees that IP blocks can't really work, even?
Separate from the free speech debate, the international law part of this seems pretty cut and dry. Here's the bolded parts:
Isn't that how laws work...? Like, it's illegal to be gay in some countries. Theoretically, those countries could open proceedings against every openly-gay person in the world, and try them in absentia. That would be evil and silly of course, but I don't understand what legal principle it would be violating?More pointedly: what is this lawyer actually "representing" these "clients" for? I don't see any mention of any US legal action, and presumably you need to be british to represent people in UK court. Isn't this just activism, not representation?
Let's say hosting a website for cat pictures is illegal in the UK, but I am based in the US (alas, I am not).
I put up my cat picture website but because the UK is a tiny and barely known country, I don't realise that this cat website would be breaching laws there.
My website gets popular and I receive a strongly worded legal letter from an entity in the UK claiming that they want to take me to court and fine me for providing this website to their citizens.
I am like: WTF? Just fucking block it from your perspective if you don't want your citizens to see it? And I seek legal advice from my lawyer who says: Well, they have no jurisdiction here, so you can ignore this letter, but if you want to minimise hassle, you could just geoblock the UK and hopefully they'll stop coming to you.
So I implement basic geoblocking, which works 99.99% of the time (at least when it comes to figuring out which country an IP is in).
The UK entity acknowledges this in a letter and tells me that this is a sufficient solution for now, but they'll keep watching me.
I go about my business, for some reason or another I make a mirror, which I also implement the geoblocking on, now proactively, because I don't want any more annoying letters from the UK.
Some time later, the UK entity sends another letter claiming they're continuing the proceedings because someone in the UK told them that they could still access my cat website and provided evidence. Within 10 minutes myself and my lawyer both use VPNs to verify the geoblock is still working, and we're confused.
We ask the UK entity WTF, and they say: We have evidence, the fact that it's clearly still working from _our_ perspective is irrelevant, I bet you just geoblocked our IP address.
What do you do in this case?
> I don't understand what legal principle it would be violating?
Jurisdiction? Don't you first have to commit the crime in the jurisdiction in question?
A government can claim jurisdiction over anything worldwide. A different government can disagree.
The two may negotiate over that, in which case common sense ideas like "they didn't do it in your territory" may make one side look foolish, which may in fact have a real influence over the outcome of the negotiations.
If they can't come to an agreement, then it may become a matter of whether the "offender" happens to travel somewhere where they can be grabbed. In the end, jurisdiction is about who has the power to enforce their laws. There's no universally-agreed-upon uber-legal system to make it otherwise.
Interesting that it's the existence of the suicide discussion forum that's too much to bare for the UK. Really drives home the point that in the state's eyes: your self, your body and ultimately your life, don't belong to you.
The state shouldn't intervene in suicide is quite a take.
Maybe you consider it "Gubbbermenntt overreach" but I kind of consider suicide prevention as a reasonable function of state.
Interesting to compare with the OpenAI story about the LLM offering moral support for someone seeking suicide.
Is it not possible that there is concern for individuals well beings in the midst of a mental health crisis?
It’s one thing to be talking about suicide or assisted suicide because you’ve decided it’s right for you and your situation.
It’s another to be dealing with depression from trauma, unable to get help and have no support system, and then be coerced by individuals on forums with ulterior motives.
I’m not saying I am in support of the UKs attempts, but it’s also not helpful to paint everything black and white on either side. Real solutions require dealing with the grays and the details.
edit: And for reference I have spoken to people in the later situations who have found all too many toxic individuals online who will say things like “you should definitely just kill yourself” in the midst of such situations, who after therapy consider those people to have been committing even more trauma (most likely because they get off on the control of another persons life, playing out murder fantasies etc, and who use the internets anonymity to further traumatize people at their most vulnerable)
> It’s one thing to be talking about suicide or assisted suicide because you’ve decided it’s right for you and your situation.
And that's what the site is for. They could improve by blocking all countries where there's free access to assisted suicide though.
> It’s another to be dealing with depression from trauma, unable to get help and have no support system, and then be coerced by individuals on forums with ulterior motives.
You've answered your own question. "And then" - exactly, THEN, not before. If they could get help, they would. But they can't so they end up there. If your alternative is that they should just suffer for years instead then I strongly disagree with this stance.
I remember one guy on a Polish forum announcing his plans which were stopped because someone called the police.. I kept checking his profile since then and it's clear that he continued to suffer and does to this day.. whoever thought that they "saved" him instead subjected him to literally years of suffering.
I doubt Ofcom are motivated by "concern for individuals well beings in the midst of a mental health crisis", but even then, it is clear in the context of the current discussion that they should be concerned with enforcing their legislation in their own country. The UK is free to build The Great Firewall of the United Kingdom and block half of the internet if their concern is so great.
What they cannot be allowed to do is tell organizations in other jurisdictions that they now suddenly fall under UK jurisdiction.
There are 195 countries in the world. If all of them followed a policy like UK's Ofcom, the internet would be gone in no time and world-wide user-to-user communication would become impossible for legal reasons. It's obviously not a sane position.
> I doubt Ofcom are motivated by "concern for individuals well beings in the midst of a mental health crisis"
Do you have evidence for that? Because when I search I do see them doing investigations concerned with abuse of people including mentioning coercive and controlling behaviors
https://www.ofcom.org.uk/online-safety/illegal-and-harmful-c...
> If all of them followed a policy like UK's Ofcom, the internet would be gone in no time and world-wide user-to-user communication would become impossible for legal reasons.
Sounds like a slippery slope fallacy to me. Again, not necessarily supporting the policy, but when such arguments are used against it, it’s not convincing.
Sure then I don’t comply, so what?
If the UK wants to go full totalitarian it’s alright, they can even consider me a criminal or ban me from entering the country.
I usually avoid traveling to countries doing non sense or that would arrest me for ideological reasons.
The UK would be no different.
But as far as I know, where I live, I am not under UK’s jurisdiction.
I honestly still cannot believe that a simple blogger needs to potentially comply with the regulations of some ~200 countries. What happens when the law of two countries conflicts? What if the UK say I need to verify everyone's age, but another country rules I cannot collect peoples IDs? Well I could geo fence the best I can and serve two different paths right? Nope, it seems not.
It's all total madness, and it's not just the UK there are even more crazy regulations coming from the EU. China, and others in Asia are well known for regulating too. A mess.
Why would I need to comply with foreign laws?
Oh god not another post attracting dozens of hypocrites: Americans decrying others about policing the world.
Like bees to honey
So the author repeats that the SaSu site was geoblocked but simultaneously note that all UK are idiots that don't realise a geoblock is imperfect and claim...
>The UK regulator has now publicly confirmed that the “mirror” site for my client’s site is not accessible in the UK.
The writer then proceeds to describe the way in which the spinning up of a mirror lead to the site becoming available for people in the UK. And the author protests that:
>The reasons why SaSu had a mirror are SaSu’s alone/none of Ofcom’s fucking business; [...]
The way it is written makes for a string suspicion that SaSu thought they could obviate OSA with a cheeky mirror (standard fare for torrent sites - who also wish to bypass censorship - I gather) and got caught. I can't see why else the author would be so vociferous, nor how the mirror wouldn't block the very same UK addresses as the main-site except by design.
Suicide is illegal here (there is movement on this, thankfully). Helping people do illegal things, also illegal. Facilitating such help, also illegal. There seems no need to stoop to imagining some weird conspiracy or blaming a cabal of shadowy figures.
I guess you could think of it like we treat helping people kill themselves like USA treats UK people facilitating copyright infringement.
If SaSu is voluntarily implementing a UK geoblock instead of fighting Ofcom. Ofcom is claiming it's everyone on the planet's responsibility to implement their own geoblocks of the UK rather than for the UK to set up a GFW. If SaSu was trying to circumvent some UK originated blockade of their website, your comment would make sense, but they weren't.
Even if you hate how this guy writes, which I can agree is questionably professional at times. There's no real way to read this other than that Ofcom, instead of simply complaining that an IP wasn't geoblocked correctly, took the first opportunity they could find to restart their extraterritorial attack on SaSu. All that to avoid the presumably incredibly bad optics of implementing a GFW. Although honestly I would be the least surprised if the UK implemented a GFW soon.
It is so rare and nice to see such clear defense of free speech, with full admission that it is precisely the unpopular speech that needs it. The ACLU used to do this (https://en.wikipedia.org/wiki/National_Socialist_Party_of_Am...), but no longer does (https://nypost.com/2022/01/31/ex-aclu-head-ira-glasser-slams...). I am glad to see someone still does
Thank you
Lets all point and laugh
Don’t give a f*ck about the UKs laws. Don’t like it, the UK should block ME.
The UK should build a national 'firewall' and prosecute anyone who gets around it via vpn. I'm sure the citizenry will fucking love that and then they can proceed to repeal the law.
Public sentiment in the Uk is actually pretty supportive of this law. I wouldn't be surprised if the firewall did happen eventually, but with support from the public instead of outcry.
I do not have "UK trying to take back the US" on my bingo card... let's hope it doesn't actually escalate to that in the future.
He seems very confused about what First Amendment is about. How it would be even possible for UK government to violate it?
That’s because he’s barely a lawyer. He’s a blogger with a legal education. His legal practice is pro bono because nobody would pay for him to LARP as someone with credibility on the subject of free speech.
Edit: I appreciate the down votes but research him, he has never participated in a real case. He is not a practicing lawyer by any real measure.
This guy really is something. From asserting that hate speech is protected by the 1st amendment to suing Australia over Internet policies to suggesting the US dominate all Internet rules: https://tradersunion.com/news/tag/prestonjbyrne/
This seems to be correct from about 5 minutes of research.
If the British government can pressure international payment processors or service providers to cut off a website, they can pressure those websites to do stuff.
The USA has been doing this with VISA and MC since about forever.
Do you have a source for the USA pressuring VISA and MC?
This happened when the Dems were in power. Its part of the reason why they aren't in power anymore. Letting un-elected bank employees make these sorts of decisions isn't in anyone's best interest. The banks did not enjoy this situation at all and probably won't play ball next time they are asked. Banks hate to lose money and that's exactly what happened in this situation. First they had to turn down business, then they had to pay to defend themselves in a lawsuit.
Google "Operation Chokepoint".
https://news.bloomberglaw.com/us-law-week/visa-mastercard-wi...
Well technically, this is just a philosophical point, but the bill of rights is supposed to protect _natural_ rights that apply to everyone regardless of where they live. So in theory the UK can and does routinely violate peoples rights
By attempting to enforce legal judgments in absentia against people who live in the US, operate in the US, and block access from the UK; and then using those judgments to arrest that person as soon as they step anywhere the UK has real influence, or similarly seize their assets anywhere a judge has a sympathetic ear.
Of course it's not literally 'violating the First Amendment', but it sure seems like the kind of thing the writers of Constitution would have tried to protect against if they knew it could happen someday.