Jurisdiction follows impact, not geography. If a service ‘does business with’ Utah residents then Utah has legal standing to regulate that interaction.
Utah can charge me with whatever the fuck they want. If I’m not in Utah or doing business with Utah and ignore them what are they doing to do about it?
If China decides my posts are a crime because one of their citizens might see it I am in no way obligated to go to China to defend myself or pay their fines.
Can’t they argue they “did business with” someone in whatever jurisdiction the VPN IP address is located? And then the Utah resident moved whatever digital goods or content from that location into Utah? So it’s the Utah resident who brought the contraband into Utah, not the website?
Can’t they argue they “did business with” someone in whatever jurisdiction the VPN IP address is located?
Yes, that’s why VPNs work for evading geo-blocking.
This law creates a liability trap by explicitly saying that they cannot claim ignorance and are liable as as long as the State can prove that the user was physically located in the EU.
The only way to effectively comply with the law is to implement universal age verification of all users, regardless of location. This is the actual goal, the law in this article is specifically designed to remove the VPN dodge.
I don’t see how they are going to prove that though. The website is going to say they sent the packets to someone in Russia (or wherever the vpn is.) My point is, I don’t even see how they can selectively enforce this.
I don’t see how they are going to prove that though. The website is going to say they sent the packets to someone in Russia (or wherever the vpn is.)
They don’t have to.
What the law does is remove the ability for the company to apply the defense ‘I knew they were located in Russia’.
The State only has to prove two elements 1. The person was physically in Utah and 2. That they did business.
This law makes it so that there is no ‘I didn’t know’ defense.
My point is, I don’t even see how they can selectively enforce this.
A State investigator makes an account, uses a VPN, and ‘does business with’ the site.
When they bring the case to court. The site is guilty because they can prove that the investigator was in Utah and that they did business with the site.
States love to do this, they remove the mens rea (guilty mind) element so that you’re guilty regardless of your knowledge or intent.
If someone comes from Utah to my state and then I break one of Utah’s laws against them, does that mean I’m subject to Utah’s laws? They aren’t doing business in Utah. People in Utah are doing business with them.
I don’t have any way to prevent access to my site based on what laws you’re subject to. Nor do I have any desire to learn 52 states worth of individual laws that may or may not apply to me. I didn’t wire your computer up to the internet, you did that.
Nor do I have any desire to learn 52 states worth of individual laws that may or may not apply to me. I didn’t wire your computer up to the internet, you did that.
I would advise not running an online business then, because the law around jurisdiction and the Internet is well settled.
Geofencing is not trivial, cheap, or even reliable. Are there any cases of sites being legally required to geofence or do they all do it to preemptively avoid legal issues? I’ve only ever seen the latter.
I’m not trying to argue what is or isn’t the current state of law around this; I’m pointing out the absurdity of enforcing it this way and the strange way it’s being used to backdoor state laws into federal ones. This is extremely stupid from a technical, and legislative standpoint.
The goal here is to force sites to do age verification.
Creating absurd laws where the only possible way to not be held liable is to implement the age verification requirements regardless of the apparent source of the traffic is the tactic that they’ve chosen.
The same reason that sites like Anna’s Archive and The Pirate Bay exist.
State and Federal laws don’t apply to other countries without an explicit treaty or agreement where a country agrees to enforce those laws on behalf of the other.
Utah could issue fines for a foreign company but they would have no way to collect because the company doesn’t own any assets in any location that would be required to follow a court order to seize their assets.
So, what you’re saying is this law will encourage setting up shop somewhere without reciprocal agreements, which will encourage countries to lapse said agreements, weakening US soft power yet more.
Sounds like a win.
Shame so many of the world’s governments have a hard on for de-anonymizing the internet though.
The EU is doing ID verification too, it’s essentially bifurcating the Internet into the new ‘We know exactly who you are’ Internet and the old, possibly soon to be outlawed, wild wild west Internet that we’re on today where you can remain pseudoanonymous.
Yup, and something of value (especially to free speech) is being lost. My hope is “The Net interprets censorship as damage and routes around it.” - John Gilmore, still applies when enough governments go at it.
Jurisdiction follows impact, not geography. If a service ‘does business with’ Utah residents then Utah has legal standing to regulate that interaction.
Utah can charge me with whatever the fuck they want. If I’m not in Utah or doing business with Utah and ignore them what are they doing to do about it?
If China decides my posts are a crime because one of their citizens might see it I am in no way obligated to go to China to defend myself or pay their fines.
Can’t they argue they “did business with” someone in whatever jurisdiction the VPN IP address is located? And then the Utah resident moved whatever digital goods or content from that location into Utah? So it’s the Utah resident who brought the contraband into Utah, not the website?
Yes, that’s why VPNs work for evading geo-blocking.
This law creates a liability trap by explicitly saying that they cannot claim ignorance and are liable as as long as the State can prove that the user was physically located in the EU.
The only way to effectively comply with the law is to implement universal age verification of all users, regardless of location. This is the actual goal, the law in this article is specifically designed to remove the VPN dodge.
I don’t see how they are going to prove that though. The website is going to say they sent the packets to someone in Russia (or wherever the vpn is.) My point is, I don’t even see how they can selectively enforce this.
They don’t have to.
What the law does is remove the ability for the company to apply the defense ‘I knew they were located in Russia’.
The State only has to prove two elements 1. The person was physically in Utah and 2. That they did business.
This law makes it so that there is no ‘I didn’t know’ defense.
A State investigator makes an account, uses a VPN, and ‘does business with’ the site.
When they bring the case to court. The site is guilty because they can prove that the investigator was in Utah and that they did business with the site.
States love to do this, they remove the mens rea (guilty mind) element so that you’re guilty regardless of your knowledge or intent.
If someone comes from Utah to my state and then I break one of Utah’s laws against them, does that mean I’m subject to Utah’s laws? They aren’t doing business in Utah. People in Utah are doing business with them.
I don’t have any way to prevent access to my site based on what laws you’re subject to. Nor do I have any desire to learn 52 states worth of individual laws that may or may not apply to me. I didn’t wire your computer up to the internet, you did that.
In the law, those are mutually exclusive. If either end of the transaction is in Utah, it is under Utah jurisdiction.
If you’re hosting an online business you do have the ability to block users based on location.
I would advise not running an online business then, because the law around jurisdiction and the Internet is well settled.
Geofencing is not trivial, cheap, or even reliable. Are there any cases of sites being legally required to geofence or do they all do it to preemptively avoid legal issues? I’ve only ever seen the latter.
I’m not trying to argue what is or isn’t the current state of law around this; I’m pointing out the absurdity of enforcing it this way and the strange way it’s being used to backdoor state laws into federal ones. This is extremely stupid from a technical, and legislative standpoint.
I agree that it is absurd.
The goal here is to force sites to do age verification.
Creating absurd laws where the only possible way to not be held liable is to implement the age verification requirements regardless of the apparent source of the traffic is the tactic that they’ve chosen.
Then why won’t the US let other countries do digital services taxes.
They can’t have it both ways.
The same reason that sites like Anna’s Archive and The Pirate Bay exist.
State and Federal laws don’t apply to other countries without an explicit treaty or agreement where a country agrees to enforce those laws on behalf of the other.
Utah could issue fines for a foreign company but they would have no way to collect because the company doesn’t own any assets in any location that would be required to follow a court order to seize their assets.
So, what you’re saying is this law will encourage setting up shop somewhere without reciprocal agreements, which will encourage countries to lapse said agreements, weakening US soft power yet more.
Sounds like a win.
Shame so many of the world’s governments have a hard on for de-anonymizing the internet though.
The EU is doing ID verification too, it’s essentially bifurcating the Internet into the new ‘We know exactly who you are’ Internet and the old, possibly soon to be outlawed, wild wild west Internet that we’re on today where you can remain pseudoanonymous.
Yup, and something of value (especially to free speech) is being lost. My hope is “The Net interprets censorship as damage and routes around it.” - John Gilmore, still applies when enough governments go at it.