Hacker Neue

Preferences
estimator7292 parent
Putting the burden on site operators to geoblock UK users is not only placing an incredible burden on individual operators, it doesn't even work.

It is not the responsibility of foreign companies to enforce or even acknowledged the UK's laws. If the UK has a problem, they have tools to solve it on their own soil. If they want to enforce their laws they need to pay for it.

The UK is trying to bully and scare foreign website operators regardless of scale or type of business into paying to enforce UK laws outside of the UK.

If they want a website blocked, the only way to make that work is to block it and pay for it themselves.

james_in_the_uk
Relevant here is that 4Chan appears to explicitly target the UK users for commercial purposes, and potentially (via subcontract to Cloudflare) serves to UK customers from equipment located on UK soil.

Whether one agrees with the policy aims of the OSA or not, there are some complex jurisdictional and enforceability issues at play here. Unfortunately it’s not as simple as you make out.

inkyoto
> […] and potentially (via subcontract to Cloudflare) serves to UK customers from equipment located on UK soil.

Still, not quite.

Servers in the UK ≠ targeting the UK – courts on both sides of the pond will ask whether the operator directed activity at the forum. Merely serving content from UK edge nodes because a CDN optimises latency is usually incidental and does not, by itself, show a «manifest intent» to engage with UK users. There is an established precedent in the US[0].

If a UK-established CDN processes personal data at UK nodes, the CDN itself may be subject to UK GDPR. That does not automatically drag a non-UK website operator into UK GDPR unless it offers services to or monitors people in the UK. Accessibility or passive CDN caching alone is insufficient. And modern UK statutes mirror this; for example, the Online Safety Act bites where a service has a significant number of UK users or targets the UK – not simply because a CDN happens to serve from UK equipment. From the horse's mouth: https://www.ofcom.org.uk/online-safety/illegal-and-harmful-c...

Then there is a nuance – explictly configured Cloudflare (1) vs automatic «nearest-edge» (2) selection:

1. Explicit UK-favouring config (for example, rules that prioritise UK-only promotions, UK-specific routing or features tailored for UK users) is a relevant signal of targeting, especially when combined with other indications such as UK currency, UK-specific T&C's, UK marketing or support. In EU/UK consumer cases the test is whether the site is directed to the state – a holistic, fact-sensitive enquiry where no single factor is decisive.

2. Automatic «nearest-edge» selection provided by a CDN by default is a weak signal. It shows global optimisation, not purposeful availment of the UK market. US targeting cases say much the same: you need directed electronic activity with intent to interact in the forum; mere accessibility and generic infrastructure choices are not enough.

[0] https://law.justia.com/cases/federal/appellate-courts/F3/293...

james_in_the_uk
We are essentially saying the same thing. 4chan targets UK users through advertising and equipment location.

I am no fan of the OSA but this spat is also not showing 4chan or its fan-base to be particularly mature or legally savvy (quelle surprise).

inkyoto
I was delineating a particular nuance – that the mere utilisation of Cloudflare does not, by itself, render 4Chan subject to the classification of «targeting UK users», save for the instance in which they issue a distinct monthly remittance to an entity denominated «Cloudflare UK» for the edge node services provided during the preceding period.

I.e., if a machine (the Cloudflare control plane) elects to route traffic through an edge node within the UK as an optimisation measure, such an act does not, in itself, constitute the possession of equipment within that jurisdiction — nor would it be readily ascertainable before a court of law.

Historically speaking, the Ofcom/UK approach is orthodox rather than novel. Ofcom’s sequence – information notices, process fines for non-response, then applications to court for service-restriction and access-restriction orders that bind UK intermediaries – is a modern, statute-bound version of a very old playbook. If a service has no UK presence and refuses to engage, the realistic endgame is to pressure UK-based points of access rather than to extract cash from an foreign entity.

What is new is the medium and the safeguards, not the underlying logic: regulate the domestic interface with out-of-jurisdiction speakers.

james_in_the_uk
Agreed.

I was merely citing use of Cloudflare as evidentiary, not determinative.

I am not so sure about the relevance of billing entity. I suspect that how Cloudflare chooses to bill is as much driven by tax (especially transfer pricing) as anything else. I also think there are as-yet-unanswered questions about the role of CDNs and similar “global” infrastructure providers, and the impact of using their services as subcontractors (cf intermediaries), in interpreting jurisdiction. These services are obviously different to the “traditional” autonomous systems (routed networks). I am not sure that the law has caught up with this yet. But that is a tangent.

Thanks for the thoughtful debate.

2 More Comments →
nprateem
I'd love some of what you're smoking.

I assume companies wouldn't need to comply with tax law either unless countries in which they operate pay them to pay their dues.

This item has no comments currently.