Why is a company or person that doesn’t exist physically in Utah at all responsible for adhering to Utah’s laws? Should be their government’s responsibility to block sites, not the site’s responsibility to block Utah.
Jurisdiction follows impact, not geography. If a service ‘does business with’ Utah residents then Utah has legal standing to regulate that interaction.
Utah can charge me with whatever the fuck they want. If I’m not in Utah or doing business with Utah and ignore them what are they doing to do about it?
If China decides my posts are a crime because one of their citizens might see it I am in no way obligated to go to China to defend myself or pay their fines.
Can’t they argue they “did business with” someone in whatever jurisdiction the VPN IP address is located? And then the Utah resident moved whatever digital goods or content from that location into Utah? So it’s the Utah resident who brought the contraband into Utah, not the website?
Can’t they argue they “did business with” someone in whatever jurisdiction the VPN IP address is located?
Yes, that’s why VPNs work for evading geo-blocking.
This law creates a liability trap by explicitly saying that they cannot claim ignorance and are liable as as long as the State can prove that the user was physically located in the EU.
The only way to effectively comply with the law is to implement universal age verification of all users, regardless of location. This is the actual goal, the law in this article is specifically designed to remove the VPN dodge.
I don’t see how they are going to prove that though. The website is going to say they sent the packets to someone in Russia (or wherever the vpn is.) My point is, I don’t even see how they can selectively enforce this.
I don’t see how they are going to prove that though. The website is going to say they sent the packets to someone in Russia (or wherever the vpn is.)
They don’t have to.
What the law does is remove the ability for the company to apply the defense ‘I knew they were located in Russia’.
The State only has to prove two elements 1. The person was physically in Utah and 2. That they did business.
This law makes it so that there is no ‘I didn’t know’ defense.
My point is, I don’t even see how they can selectively enforce this.
A State investigator makes an account, uses a VPN, and ‘does business with’ the site.
When they bring the case to court. The site is guilty because they can prove that the investigator was in Utah and that they did business with the site.
States love to do this, they remove the mens rea (guilty mind) element so that you’re guilty regardless of your knowledge or intent.
If someone comes from Utah to my state and then I break one of Utah’s laws against them, does that mean I’m subject to Utah’s laws? They aren’t doing business in Utah. People in Utah are doing business with them.
I don’t have any way to prevent access to my site based on what laws you’re subject to. Nor do I have any desire to learn 52 states worth of individual laws that may or may not apply to me. I didn’t wire your computer up to the internet, you did that.
Nor do I have any desire to learn 52 states worth of individual laws that may or may not apply to me. I didn’t wire your computer up to the internet, you did that.
I would advise not running an online business then, because the law around jurisdiction and the Internet is well settled.
Geofencing is not trivial, cheap, or even reliable. Are there any cases of sites being legally required to geofence or do they all do it to preemptively avoid legal issues? I’ve only ever seen the latter.
I’m not trying to argue what is or isn’t the current state of law around this; I’m pointing out the absurdity of enforcing it this way and the strange way it’s being used to backdoor state laws into federal ones. This is extremely stupid from a technical, and legislative standpoint.
The goal here is to force sites to do age verification.
Creating absurd laws where the only possible way to not be held liable is to implement the age verification requirements regardless of the apparent source of the traffic is the tactic that they’ve chosen.
The same reason that sites like Anna’s Archive and The Pirate Bay exist.
State and Federal laws don’t apply to other countries without an explicit treaty or agreement where a country agrees to enforce those laws on behalf of the other.
Utah could issue fines for a foreign company but they would have no way to collect because the company doesn’t own any assets in any location that would be required to follow a court order to seize their assets.
So, what you’re saying is this law will encourage setting up shop somewhere without reciprocal agreements, which will encourage countries to lapse said agreements, weakening US soft power yet more.
Sounds like a win.
Shame so many of the world’s governments have a hard on for de-anonymizing the internet though.
The EU is doing ID verification too, it’s essentially bifurcating the Internet into the new ‘We know exactly who you are’ Internet and the old, possibly soon to be outlawed, wild wild west Internet that we’re on today where you can remain pseudoanonymous.
Yup, and something of value (especially to free speech) is being lost. My hope is “The Net interprets censorship as damage and routes around it.” - John Gilmore, still applies when enough governments go at it.
Why is a company or person that doesn’t exist physically in Utah at all responsible for adhering to Utah’s laws?
This line of thinking is dangerous as it allows companies to disregard any sane legislation as long as their servers are located in a “safe” place. A large portion of websites accessible from Canada are served from US servers, for example. American companies ignoring Canadian laws because they don’t have Canadian-based servers would be a nightmare
If a company makes any money off users in a geographic area (which includes ad view revenue), they have to follow the rules there which is a GOOD thing - even if it’s ridiculous in this case
Also endorsing governments selectively blocking websites is just bad for obvious reasons
Allowing individual states the ability to dictate laws for the entire country is even more dangerous, for the non-hypothetical reasons we are currently experiencing.
And what you’re describing is exactly what happens with international websites. Its why you can go find tons of websites with open media piracy being hosted in Russia. Are parties in Russia now subject to US laws?
Could they not also just selectively ban all Utah-based IPs?
People in Utah could still access with a VPN, but never would, because that would be against the law.
Why is a company or person that doesn’t exist physically in Utah at all responsible for adhering to Utah’s laws? Should be their government’s responsibility to block sites, not the site’s responsibility to block Utah.
Jurisdiction follows impact, not geography. If a service ‘does business with’ Utah residents then Utah has legal standing to regulate that interaction.
Utah can charge me with whatever the fuck they want. If I’m not in Utah or doing business with Utah and ignore them what are they doing to do about it?
If China decides my posts are a crime because one of their citizens might see it I am in no way obligated to go to China to defend myself or pay their fines.
Can’t they argue they “did business with” someone in whatever jurisdiction the VPN IP address is located? And then the Utah resident moved whatever digital goods or content from that location into Utah? So it’s the Utah resident who brought the contraband into Utah, not the website?
Yes, that’s why VPNs work for evading geo-blocking.
This law creates a liability trap by explicitly saying that they cannot claim ignorance and are liable as as long as the State can prove that the user was physically located in the EU.
The only way to effectively comply with the law is to implement universal age verification of all users, regardless of location. This is the actual goal, the law in this article is specifically designed to remove the VPN dodge.
I don’t see how they are going to prove that though. The website is going to say they sent the packets to someone in Russia (or wherever the vpn is.) My point is, I don’t even see how they can selectively enforce this.
They don’t have to.
What the law does is remove the ability for the company to apply the defense ‘I knew they were located in Russia’.
The State only has to prove two elements 1. The person was physically in Utah and 2. That they did business.
This law makes it so that there is no ‘I didn’t know’ defense.
A State investigator makes an account, uses a VPN, and ‘does business with’ the site.
When they bring the case to court. The site is guilty because they can prove that the investigator was in Utah and that they did business with the site.
States love to do this, they remove the mens rea (guilty mind) element so that you’re guilty regardless of your knowledge or intent.
If someone comes from Utah to my state and then I break one of Utah’s laws against them, does that mean I’m subject to Utah’s laws? They aren’t doing business in Utah. People in Utah are doing business with them.
I don’t have any way to prevent access to my site based on what laws you’re subject to. Nor do I have any desire to learn 52 states worth of individual laws that may or may not apply to me. I didn’t wire your computer up to the internet, you did that.
In the law, those are mutually exclusive. If either end of the transaction is in Utah, it is under Utah jurisdiction.
If you’re hosting an online business you do have the ability to block users based on location.
I would advise not running an online business then, because the law around jurisdiction and the Internet is well settled.
Geofencing is not trivial, cheap, or even reliable. Are there any cases of sites being legally required to geofence or do they all do it to preemptively avoid legal issues? I’ve only ever seen the latter.
I’m not trying to argue what is or isn’t the current state of law around this; I’m pointing out the absurdity of enforcing it this way and the strange way it’s being used to backdoor state laws into federal ones. This is extremely stupid from a technical, and legislative standpoint.
I agree that it is absurd.
The goal here is to force sites to do age verification.
Creating absurd laws where the only possible way to not be held liable is to implement the age verification requirements regardless of the apparent source of the traffic is the tactic that they’ve chosen.
Then why won’t the US let other countries do digital services taxes.
They can’t have it both ways.
The same reason that sites like Anna’s Archive and The Pirate Bay exist.
State and Federal laws don’t apply to other countries without an explicit treaty or agreement where a country agrees to enforce those laws on behalf of the other.
Utah could issue fines for a foreign company but they would have no way to collect because the company doesn’t own any assets in any location that would be required to follow a court order to seize their assets.
So, what you’re saying is this law will encourage setting up shop somewhere without reciprocal agreements, which will encourage countries to lapse said agreements, weakening US soft power yet more.
Sounds like a win.
Shame so many of the world’s governments have a hard on for de-anonymizing the internet though.
The EU is doing ID verification too, it’s essentially bifurcating the Internet into the new ‘We know exactly who you are’ Internet and the old, possibly soon to be outlawed, wild wild west Internet that we’re on today where you can remain pseudoanonymous.
Yup, and something of value (especially to free speech) is being lost. My hope is “The Net interprets censorship as damage and routes around it.” - John Gilmore, still applies when enough governments go at it.
This line of thinking is dangerous as it allows companies to disregard any sane legislation as long as their servers are located in a “safe” place. A large portion of websites accessible from Canada are served from US servers, for example. American companies ignoring Canadian laws because they don’t have Canadian-based servers would be a nightmare
If a company makes any money off users in a geographic area (which includes ad view revenue), they have to follow the rules there which is a GOOD thing - even if it’s ridiculous in this case
Also endorsing governments selectively blocking websites is just bad for obvious reasons
Allowing individual states the ability to dictate laws for the entire country is even more dangerous, for the non-hypothetical reasons we are currently experiencing.
And what you’re describing is exactly what happens with international websites. Its why you can go find tons of websites with open media piracy being hosted in Russia. Are parties in Russia now subject to US laws?
This would be easier than banning VPNs wholesale.
No. Because VPNs redirect traffic from the site to a third party to Utah, in order to disguise the location of the original request