| ▲ | flumpcakes a day ago |
| I think the premise of this is simple, and a lot of people seem to not be understanding this... The UK can make a law and apply it however they see fit. 4Chan is providing a service to UK people (a website you can access) and is not implementing the law. Ultimately the UK cannot enforce this law until money destined to/from 4Chan passes through the UK or people associated with the site visit UK territories. In practicality this law for the most part will just mean either websites block the UK or UK ISPs are forced to block websites. But this law was designed for the websites and platforms that will not be willing to do that as they make money off of UK citizens, such as Amazon/Facebook/Youtube/etc. If a website blocks UK users then the law doesn't apply as it is only concerned with protecting UK citizens. If a foreign company was shipping drugs or guns to UK children, or your choice of obvious contraband, then why wouldn't it have the power to hold that entity accountable? This is how it has always worked and I am not seeing why this is a problem just because it's in the digital space. |
|
| ▲ | estimator7292 a day ago | parent | next [-] |
| Putting the burden on site operators to geoblock UK users is not only placing an incredible burden on individual operators, it doesn't even work. It is not the responsibility of foreign companies to enforce or even acknowledged the UK's laws. If the UK has a problem, they have tools to solve it on their own soil. If they want to enforce their laws they need to pay for it. The UK is trying to bully and scare foreign website operators regardless of scale or type of business into paying to enforce UK laws outside of the UK. If they want a website blocked, the only way to make that work is to block it and pay for it themselves. |
| |
| ▲ | james_in_the_uk a day ago | parent | next [-] | | Relevant here is that 4Chan appears to explicitly target the UK users for commercial purposes, and potentially (via subcontract to Cloudflare) serves to UK customers from equipment located on UK soil. Whether one agrees with the policy aims of the OSA or not, there are some complex jurisdictional and enforceability issues at play here. Unfortunately it’s not as simple as you make out. | | |
| ▲ | inkyoto a day ago | parent [-] | | > […] and potentially (via subcontract to Cloudflare) serves to UK customers from equipment located on UK soil. Still, not quite. Servers in the UK ≠ targeting the UK – courts on both sides of the pond will ask whether the operator directed activity at the forum. Merely serving content from UK edge nodes because a CDN optimises latency is usually incidental and does not, by itself, show a «manifest intent» to engage with UK users. There is an established precedent in the US[0]. If a UK-established CDN processes personal data at UK nodes, the CDN itself may be subject to UK GDPR. That does not automatically drag a non-UK website operator into UK GDPR unless it offers services to or monitors people in the UK. Accessibility or passive CDN caching alone is insufficient. And modern UK statutes mirror this; for example, the Online Safety Act bites where a service has a significant number of UK users or targets the UK – not simply because a CDN happens to serve from UK equipment. From the horse's mouth: https://www.ofcom.org.uk/online-safety/illegal-and-harmful-c... Then there is a nuance – explictly configured Cloudflare (1) vs automatic «nearest-edge» (2) selection: 1. Explicit UK-favouring config (for example, rules that prioritise UK-only promotions, UK-specific routing or features tailored for UK users) is a relevant signal of targeting, especially when combined with other indications such as UK currency, UK-specific T&C's, UK marketing or support. In EU/UK consumer cases the test is whether the site is directed to the state – a holistic, fact-sensitive enquiry where no single factor is decisive. 2. Automatic «nearest-edge» selection provided by a CDN by default is a weak signal. It shows global optimisation, not purposeful availment of the UK market. US targeting cases say much the same: you need directed electronic activity with intent to interact in the forum; mere accessibility and generic infrastructure choices are not enough. [0] https://law.justia.com/cases/federal/appellate-courts/F3/293... | | |
| ▲ | james_in_the_uk a day ago | parent [-] | | We are essentially saying the same thing. 4chan targets UK users through advertising and equipment location. I am no fan of the OSA but this spat is also not showing 4chan or its fan-base to be particularly mature or legally savvy (quelle surprise). | | |
| ▲ | inkyoto a day ago | parent [-] | | I was delineating a particular nuance – that the mere utilisation of Cloudflare does not, by itself, render 4Chan subject to the classification of «targeting UK users», save for the instance in which they issue a distinct monthly remittance to an entity denominated «Cloudflare UK» for the edge node services provided during the preceding period. I.e., if a machine (the Cloudflare control plane) elects to route traffic through an edge node within the UK as an optimisation measure, such an act does not, in itself, constitute the possession of equipment within that jurisdiction — nor would it be readily ascertainable before a court of law. Historically speaking, the Ofcom/UK approach is orthodox rather than novel. Ofcom’s sequence – information notices, process fines for non-response, then applications to court for service-restriction and access-restriction orders that bind UK intermediaries – is a modern, statute-bound version of a very old playbook. If a service has no UK presence and refuses to engage, the realistic endgame is to pressure UK-based points of access rather than to extract cash from an foreign entity. What is new is the medium and the safeguards, not the underlying logic: regulate the domestic interface with out-of-jurisdiction speakers. | | |
| ▲ | james_in_the_uk a day ago | parent [-] | | Agreed. I was merely citing use of Cloudflare as evidentiary, not determinative. I am not so sure about the relevance of billing entity. I suspect that how Cloudflare chooses to bill is as much driven by tax (especially transfer pricing) as anything else. I also think there are as-yet-unanswered questions about the role of CDNs and similar “global” infrastructure providers, and the impact of using their services as subcontractors (cf intermediaries), in interpreting jurisdiction. These services are obviously different to the “traditional” autonomous systems (routed networks). I am not sure that the law has caught up with this yet. But that is a tangent. Thanks for the thoughtful debate. | | |
| ▲ | inkyoto a day ago | parent [-] | | Likewise, thank you for a meaningful and civilised discourse. To expand upon your observations regarding the role and the function of global infrastructure providers — what I find most disquieting is the manner in which the Internet has degenerated from a realm of open discourse, at times resembling the untamed frontier, into a labyrinthine construct of proliferating legislation and extrajudicial interference by a multitude of states. The result is a regulatory morass so burdensome that, in certain instances, it proves more expedient to disregard an entire jurisdiction than to endeavour compliance with its statutory dictates. Even when such legislative efforts are conceived without malice, their consequences are seldom benign — the attendant escalation in implementation costs can be considerable. By way of illustration, conformity with the EU’s GDPR must now be accounted for at the very architectural level of a solution, with financial implications that are far from negligible. | | |
|
|
|
|
| |
| ▲ | nprateem a day ago | parent | prev [-] | | I'd love some of what you're smoking. I assume companies wouldn't need to comply with tax law either unless countries in which they operate pay them to pay their dues. |
|
|
| ▲ | HDThoreaun a day ago | parent | prev | next [-] |
| > why wouldn't it have the power to hold that entity accountable? Literally because the entity is not under the jurisdiction of the UK. The UK can force domestic companies to block the website but they cant force the website itself to do anything. The claims of fines against 4chan are therefore nonsensical. Probably just part of the legal proceedings prior to blocking the site I guess but still strange to see. |
| |
| ▲ | flumpcakes a day ago | parent | next [-] | | It does have 'jurisdiction' because it applies to the citizens: it is offering a service to UK citizens. If I had a website operated outside of the US, where you can download US citizens private medical records and phone conversations, I would be liable to breaking US law. If you do not want to be held accountable to a regions laws, then you do not offer a service to or deal with data that relates to that regions citizens. I don't think this is a hard concept to grasp. Jurisdiction does not imply enforceability. There are laws from your country that you can break while not even being in that country and be held accountable. | | |
| ▲ | trothamel a day ago | parent | next [-] | | Simply offering a service to UK citizens isn't enough to provide jurisdiction. If I run a lemonade stand, and a UK citizen walks up a pays a dollar for a glass of lemonade, then that doesn't give the UK jurisdiction over the lemonade stand. That's what's happening here - a webserver is operating entirely out of the UK, with no nexus. UK citizens send requests to it - just like all other countries citizens do, so either the website would be covered by all laws or just the places where it has nexus. This is especially true in the US, where speech is strongly protected - making Ofcom's assertion that its regulation overrides the first amendment especially egregious. The UK government's behavior here is a bit shameful. | | |
| ▲ | NicuCalcea a day ago | parent | next [-] | | > If I run a lemonade stand, and a UK citizen walks up a pays a dollar for a glass of lemonade, then that doesn't give the UK jurisdiction over the lemonade stand. You are allowed to sell lemonade to British tourists. But if you're shipping lemonade to the UK, you are subject to UK lemonade regulations. That doesn't mean that the UK has jurisdiction over your business and can shut it down or anything like that, but if you travel to the UK or UK banks handle your transactions, they have the right to seize funds and shipments, close your accounts or detain you if you set foot in the UK. Your choice are: follow UK regulations; stop shipping lemonade to the UK; or continue as you were, never go to the UK, and know that the UK can always ban shipments from your stand. The US does the same thing all the time, and even worse[1]. Lots of piracy sites located in jurisdictions where US copyright laws don't apply are seized by US federal agencies and replaced with a notice about piracy. Those sites haven't broken any laws in the countries they're hosted in, they have no legal presence in the US, and yet the domains are banned/seized and administrators detained if they ever step foot on US soil. The UK is not threatening to seize anyone's site. [1] https://en.wikipedia.org/wiki/Operation_In_Our_Sites | | |
| ▲ | grayhatter 14 hours ago | parent | next [-] | | > But if you're shipping lemonade to the UK, you are subject to UK lemonade regulations. I was with you up until here. Shipping to a physical address, where if you don't specify the country name, it won't arrive. Is very different than shipping to an Internet address, which has no "reasonable" connection to a physical location. > Your choice are: follow UK regulations [give up the core gimmick of your entire site]; stop shipping lemonade to the UK [the shipping analogy really breaks here, how? and what about vpns? what if the other endpoint is in the UK but the address isn't?]; or continue as you were, never go to the UK, and know that the UK can always ban shipments from your stand. I don't disagree that [country] can make laws that make society worse... But I don't think it's reasonable to defend them as if these actions aren't egregious. There's the armchair arguments that I enjoy as a thought experiment, but it's still important to point out how antisocial this behavior is. > The US does the same thing all the time, and even worse [...] There's an argument to be made they're using a domain registratar in the US, which is subject to those laws (obviously). But what about [other disappointing behavior] because it's worse. Is exactly the example you're arguing against. Precedence of bad stuff is still bad, ideally everyone would point out it's bad, and suggest alternatives to the bad thing, no? | |
| ▲ | galangalalgol a day ago | parent | prev | next [-] | | Why is it the website operators job to figure out where people are from? It isn't even generally possible for them to do correctly. A better analogy would be that a british person hired someone who looked and sounded american to go to the us to buy some lemonade and have it shipped to the uk where having it breaks the law, and then blaming the lemonade stand. | | |
| ▲ | NicuCalcea 17 hours ago | parent | next [-] | | > Why is it the website operators job to figure out where people are from? Why not? It's their responsibility to comply with UK laws if they want to keep serving British customers and making money off of them. Just because the service is provided online doesn't mean it can go on unregulated. You're acting like this is something new that websites haven't had to do for decades. | | |
| ▲ | grayhatter 14 hours ago | parent [-] | | > > Why is it the website operators job to figure out where people are from? > Why not? Because laws vary from location to location, and it's an unreasonable for a [UK] agency to make demands from an exclusively [US] group under the assumption that they are aware of every possible law in existence. Someone in the [US] can't expect to have reasonable influence over the laws in the [UK] that they're now required to follow? That's a blatantly unfair system. That's why not. But actually why? You confidently assert that because it has happened before, that's the way it should always be! You're still trying to apply rules for jurisdiction, that don't map well to the Internet. If I was sending someone to the UK to buy and sell, I think your arguments would make sense. But that's not the analogy that applies here. The better analogy is, people from the UK are traveling across jurisdictional lines, and buying from my shop, based exclusively in my country. My country feels privacy and anonymity are important fundamental rights, and my business exists to that end. Here, instead of trying to control UK citizens, and making it illegal for them to travel to the US to do something they want to prevent, they instead are trying to force the US group to attempt to doxx every user and exclude some of them. That feels insane to me, what's your take on that examplev Also, I feel it's important to note, part of the reason they're using this specific tactic, is because they're aware how impossible and intractable their demands actually are. To call internet geolocation complex or error prone would be an understatement. So based exclusively that they're demanding someone other than them should tackle a near impossible task, should be enough of a reason to reject the demand. Legal or not, unreasonable demands deserve rejection. |
| |
| ▲ | integralid a day ago | parent | prev [-] | | A good start would be to use geoip. It's not perfect, but it will almost certainly be enough to make UK happy (the same happens when detecting European for GDPR purposes). | | |
| ▲ | eptcyka a day ago | parent [-] | | Lmao, why would a web server operator need to care where their clients send requests from? Imagine if half the countries in the world required this, each with distinct requirements on how to handle traffic from their jurisdictions. Insane. Relieve us of the misery of acting as though OFCOM’s requests are reasonable- they are not. |
|
| |
| ▲ | justinclift a day ago | parent | prev [-] | | > The UK is not threatening to seize anyone's site. Yet? :) |
| |
| ▲ | bluGill a day ago | parent | prev | next [-] | | Countries claim juristiction for thing outside their borders all the time. however they place a much higher bar on what they claim. Lemonaid stands are likely safe, but even if it is legal where you live the US will claim pedopillia laws aganst you they can get you. part of the high bar is claiming juristriction requires sending your army. (Sanctions are often used too which might or might not work). That is why the threat is if the directors travel to the uk - that gives them sone power - but still expect US government to do 'things' if the arrest any US citizen on this. | |
| ▲ | flumpcakes a day ago | parent | prev [-] | | > If I run a lemonade stand, and a UK citizen walks up a pays a dollar for a glass of lemonade, then that doesn't give the UK jurisdiction over the lemonade stand. It does... to correct your example, the UK citizen is paying a dollar for the lemonade while in the UK. Are you saying that if I had a website hosted in Russia that pretended to be your bank and stole all your money from phishing that is perfectly legal? | | |
| ▲ | trothamel a day ago | parent | next [-] | | So, my original point was that a business is not under the jurisdiction of the UK just because it offers a service to UK citizen - I probably should have mentioned I'm not in the UK. Whether the website is illegal or not would depend on Russian law in your example. I'd also suspect that other laws might apply, like wire fraud. Some of those would likely be enforceable in other countries. | |
| ▲ | trhway a day ago | parent | prev [-] | | >Are you saying that if I had a website hosted in Russia that pretended to be your bank and stole all your money from phishing that is perfectly legal? Website hosted in US publishing truth about Ukraine war - even calling it a war is already a felony in Russia - is it legal or illegal? I'm personally against stealing money, and i'm for calling a war a war, yet how do we formally codify that into law - there are 200 countries and at any given moment, especially while online, you're probably violating some law of some country. Before internet globalization, the geography based jurisdiction was such an objective approach. Now it is more like "catch me if you can" which is obviously not a solid foundation to build on. Like that plane that had emergency landing in Minsk, and the Belorussian dissident flying on that plane was arrested by the Belorussian police. And many here on HN were critical of MBS when Khashoggi was killed in the Saudi embassy in Istanbul - what if our plane has to make an emergency landing in Riyadh ... | | |
| ▲ | flumpcakes a day ago | parent | next [-] | | > Website hosted in US publishing truth about Ukraine war - even calling it a war is already a felony in Russia - is it legal or illegal? That's illegal in Russia. Russia has fined Google more money than exists in the world. It doesn't mean anything, but you bet the CEO of Google isn't going to visit Russia. Russia can choose to block any websites that hurt their feelings. Much like the UK and 4Chan. > what if our plane has to make an emergency landing in Riyadh ... Then you hope to God that the people with the bone saws don't read hackernews. | |
| ▲ | tw04 a day ago | parent | prev [-] | | > Website hosted in US publishing truth about Ukraine war - even calling it a war is already a felony in Russia - is it legal or illegal? Try hosting one of those sites and then fly to Russia and let us know. I think you’ll find it’s quite illegal and will be enforced to the fullest extent of the law the second you enter their jurisdiction. It turns out it doesn’t actually matter whether you or I think the law in question is BS. We don’t run Russia or determine what laws they enact. |
|
|
| |
| ▲ | stickfigure a day ago | parent | prev [-] | | Someone has to be willing to extradite. I'm sure China, Russia, and Iran would love to prosecute all those pesky political dissidents abroad. I'll be pretty shocked if someone ever gets extradited out of the US for not showing a cookie banner. | | |
| ▲ | flumpcakes a day ago | parent [-] | | I agree and in the majority of the cases 'enforcement' is usually just a block at the ISP level. |
|
| |
| ▲ | estimator7292 a day ago | parent | prev | next [-] | | "Offering to" is a nonsense term. The website exists on the open internet regardless of jurisdictional borders. A UK citizen must actively go to the website, initiating a connection from within the UK and requesting data from an IP address that may or may not have some kind of relationship with geography. 4Chan isn't popping up unbidden on people's phones. Wither a UK citizen chooses to visit a website is no business of the website operator. To say that 4Chan is somehow responsible for the actions of unknowably many private citizens is absurd. If the UK wants to enforce internet censorship within their borders, that's their own business. Putting pressure on wholly independent foreign businesses for the crime of existing is not reasonable. This is just as bad as US credit card companies censoring adult material from the entire global online economy. They're trying to censor large parts of the global internet for everyone, not just their citizens. If they cared about UK citizens so much, they'd do something like proactively blocking noncompliant websites to force them to immediately either comply or fuck off. They should be trying to protect their citizens instead of trying to bully foreign companies they have no jurisdiction over. It's their responsibility to enforce their laws, not the US courts. | |
| ▲ | wisty a day ago | parent | prev | next [-] | | Jurisdiction only applies within a sovereign country. If there's some dispute that crosses national lines, you don't call the International Bureau of Investigations to send International Agents in to drag the perp before the Planetary Supreme Court. | |
| ▲ | nprateem a day ago | parent | prev [-] | | Yeah this line of thinking worked really well for Assange |
|
|
| ▲ | knorker a day ago | parent | prev [-] |
| > why wouldn't it have the power to hold that entity accountable? If I transmit insults of dear leader Kim Jung Un on amateur radio, then those radio waves will reach DPRK. I likely would be breaking DPRK law. Why wouldn't they have the power? Same reason my decree that guns are now banned in the US is not even refuted, but ignored. 4chan has no obligation or even reason to even respond to the UK except as entertainment (this reply was entertaining), and to send a message to the US that (in its opinion) the US government cooperating with the UK on this would be illegal by US law, the only law that matters to the US legal system. Other countries laws only matter insofar as they are allowed by US law. Foreign laws will not get US constitution bypass unless the US constitution itself allows it. It's as if DPRK demanded to have a US citizen extradited in order to be executed for blasphemy. All that US citizen cares about is to give a heads up to the US that "if these people come knocking, tell them to go fuck themselves". What is the UK government going to do, send bobbies over to attack 4chan owners with nerve gas on US soil? What's the alternative? I'm sure there are countries where it's illegal for women to show their faces on TV. Why wouldn't that country have the power to hold any website where women's faces are shown accountable? On a more depressing note, as is super clear in the US lately, crime is perfectly legal, if your friend (or POTUS you bribed) orders you to not be prosecuted. Or pardons you for being a drug kingpin and mobster ordering murders of innocent people (Ross Ulbricht). Power ultimately comes from the exercise of violence. The UK cannot exercise state violence on US soil. That's a US monopoly under very harsh penalty. On US soil only US law (or in the case of Trump, lawlessness) can de facto be exercised. Also, from their reply: > The infinite character of that power was most famously summed up by English lawyer Sir Ivor Jennings, who once said that “if Parliament enacts that smoking in the streets of Paris is an offence, then it is an offence”. This line is taught to every first-year English law student. Why should parisians care? Why would France cooperate with enforcing such laws? If POTUS orders that taking $50k in cash as a bribe is not to be prosecuted, then you won't be prosecuted. |
| |
| ▲ | flumpcakes a day ago | parent | next [-] | | I think you are confusing breaking a law, and enforceability. I agree with the gist of your argument though, the UK cannot _force_ a US only company, but it doesn't change the fact it is breaking UK law. > I likely would be breaking DPRK law. Why wouldn't they have the power? They do as a sovereign nation. But what most people seem to be missing is that you're not going to DPRK and the US Government doesn't care so you can go about your life breaking DPRK law as much as you want. | | |
| ▲ | senorrib a day ago | parent | next [-] | | They can’t possibly be breaking UK law because the service isn’t even being provided in the UK. UK users are accessing US servers to get service. | | |
| ▲ | flumpcakes a day ago | parent [-] | | > UK users are accessing US servers to get service. That's called offering the service to UK users. I don't host my blog in 165 times in each country in order to let people to access my content/services. | | |
| ▲ | tremon a day ago | parent | next [-] | | Is your claim that you have a multinational business, just because of a single webpage? Do you file sales tax reports in all 165 countries? | |
| ▲ | inkyoto a day ago | parent | prev [-] | | > > > UK users are accessing US servers to get service. > That's called offering the service to UK users. It is not – not under US law, not under common law (in the UK/Commonwealth). Under US law and in common law systems generally, a website being merely accessible from country XYZ does not, by itself, constitute «offering a service» into XYZ. Courts look for purposeful targeting of, or meaningful interaction with, users in that place. Mere accessibility is not enough. See [0] for a precedent. 1. The US approach in a nutshell. a) Personal-jurisdiction basics: a court needs «minimum contacts» that the website operator created with the forum. The US Supreme Court has previously stressed that the plaintiff’s location or where effects are felt is not enough if the defendant did not create forum contacts. b) The «Zippo sliding scale» test distinguishes passive sites from interactive, commercial ones. Passive presence online generally does not create jurisdiction. See [1] for a landmark opinion. c) The Fourth Circuit’s ALS Scan test says a state may exercise jurisdiction when the defendant directs electronic activity into the state, with a manifest intent to do business or interact there, and that activity gives rise to the claim. Simply putting content on the web is not enough. Again, see [0] for an established precedent. 2. The common law/European «targeting» idea a) UK and EU courts apply a similar targeting notion in various contexts. The CJEU in Pammer/Alpenhof held that a site must be directed to the consumer’s member state; mere accessibility is insufficient. UK cases on online IP use also examine whether activity is targeted at UK users. See [2] for an established precedent on the other side of the pond. b) Data-protection law is also explicit: the GDPR applies to non-EU operators when they offer goods or services to people in the EU or monitor them. Recital 23 and the EDPB’s guidelines list indicators such as using a local language or currency, shipping to the territory, local contact details, and targeted ads. Accessibility alone does not trigger the rule. To recap, if a US-hosted site simply serves content that UK users can reach, that alone does not mean the operator is «offering a service» to the UK or its citizens under US law or general common-law principles. Liability or regulatory reach typically turns on targeting and purposeful availment, not mere availability. Circle back to [0] for details again. [0] https://law.justia.com/cases/federal/appellate-courts/F3/293... [1] https://en.wikipedia.org/wiki/Zippo_Manufacturing_Co._v._Zip.... [2] https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A... |
|
| |
| ▲ | knorker a day ago | parent | prev | next [-] | | > I think you are confusing breaking a law, and enforceability. I'm not. My comment and other replies to you are telling you that YOU are. We're saying that your question doesn't make any sense. | |
| ▲ | sampli a day ago | parent | prev [-] | | nitpicking like this is asinine |
| |
| ▲ | tremon a day ago | parent | prev [-] | | It's as if DPRK demanded to have a US citizen extradited in order to be executed for blasphemy Not really. It's more like DPRK messaging a private US citizen directly, repeatedly and incessantly, that they will be executed for blasphemy. Ofcom is not using proper diplomatic channels here. Why should parisians care? Why would France cooperate with enforcing such laws? Everyone here seems convinced that Parisians should care about this, because the majority opinion seems to be that it's perfectly acceptable for the UK government to arrest Parisians for having ever smoked a cigarette in Paris, should they set foot on UK soil. I do not agree that this is a defensible application of law. | | |
| ▲ | bluGill a day ago | parent [-] | | The question is will France stand for arresting people for smoking in Paris if they travel to the UK. The gonernment of France can allow that or they can retaliate in various ways. Just a diplomatic message is likely enough to make the UK back down - but who knows maybe the two won't agree and go to war. |
|
|
