No Internet regulation can hold extraterritorially. You leave out the obvious and most important case: the country where the Web site or whatever is located enforcing its own laws. Which is actually how all law has mostly worked from day one.

> Openly selling stolen personal credentials or botnet usage? Piracy? Reselling personal information without disclosure?

If you find a jurisdiction where those are all legal, then I guess you just have to block your citizens from reaching it, or punish them if they do. Not particularly tricky.

Internet but not for any other commerce. If you sell products to someone in the EU, you are liable to EU laws about that product category and commercial activity. The internet is the only exception, and that has caused a lot of problems.

IP block is the currently the only reasonable way to apply laws to internet based commerce. It has its flaws in accuracy; but ISPs could easily create a system to make them more reliable for IP lookup. Arguing that websites cannot be regulated outside of country of origin is an insane position to take with even the minimal level of hypothetical reasoning of what that would imply.

UKs laws are dumb, but they should be free to enforce them for websites operating in the UK. And websites should be able to leave the UK to avoid complying. This is a reasonable compromise that is already how both US and EU internet laws operate.

I don't know the state of play now, and I do know that things have gotten more that way over time. But the traditional approach to international product sales is that the importer is responsible. That originally meant the person who physically brought it into the country. As common carriers became more common, it meant the person who ordered the thing. That's occasionally been leavened by some consideration of whether the seller specifically targeted customers in the receiving country. And nowadays there's more of a tendency to start "blaming" sellers in some cases, probably because nowadays "importing" something is often a retail order from a specific consumer, as opposed to somebody bringing in a shipping container on spec to resell. Maybe some of those changes are appropriate, but it's just not true that physical goods have always been treated the way you want Web sites treated here, or even that they're mostly treated that way now.

> IP block is the currently the only reasonable way to apply laws to internet based commerce.

"IP block" works in both directions.

If you want to keep something out of your country, you should be responsible for blocking it, not the other way around. That's not necessarily easy, but it's less costly in total than demanding that every Web site enforce every country's regulation... and it has the advantage of putting the cost of a regulation on the people imposing it, which is where it belongs.

> It has its flaws in accuracy; but ISPs could easily create a system to make them more reliable for IP lookup.

From your use of the word "easily", I conclude that you personally would not be among those responsible for making that work.

> Arguing that websites cannot be regulated outside of country of origin is an insane position to take with even the minimal level of hypothetical reasoning of what that would imply.

First, you can in fact "regulate" by blocking, without trying to extend the reach of your laws outside of your border. Your claim that a regulator is left totally powerless is just false.

Second, in practice, that "hypothetical" is pretty close to what we have now, and even closer to what we had 10 years ago. The world did not end.

> UKs laws are dumb, but they should be free to enforce them for websites operating in the UK

Sure, as long as we recognize that "operating in the UK" properly means "is physically located in or controlled from the UK" and not "happens to be accessible to people in the UK". The latter definition would indeed be insane.

It can, but instead of forcing other people to follow your laws, you have to block your country's residents from accessing the sites that break your laws.

I'm not saying I love this method either (China is famously very good at it, and I don't think their methods foster a healthy society), but I believe it should be the only lever you have. Forcing people outside your jurisdiction to follow your laws is a violation of another country's sovereignty.

As an aside, should I take pains to ensure any website I operate follows the laws of North Korea? Iran? China? Russia? Should we be complacent and accepting if HN were to be targeted by any of those governments because people here have undoubtedly said unflattering things about the leaders of those countries?

Of course not. But even though we're talking about a "friend"-type country here, it's not any different.

It would need to be set up by an extremely powerful country, either the US or an alliance of smaller countries through international treaty.

It would work as follows:

There'd be a "naughty list." Anybody on the list would be arrested upon entering a participating country. This would include past or current company employees (if employed after the listing date). Companies from participating countries would be prohibited from interacting with listed organizations in any way, under treat of sanctions. This would include VPN, cloud and hosting companies, ISPs, domain registrars, email hosts, payment processors and ad networks. This would provide basic site blocking.

Foreign companies wouldn't be subject to the sanctions, but participating countries would also put them on the list.

I am unaware of any prosecutions in this area.

https://ofac.treasury.gov/sanctions-programs-and-country-inf...

Good

You’re not going to extradite US site operators, period. Find another approach.

"If country B doesn’t like it, block the mail in question". Saying only the country of origin can regulate activity done in another country creates a legal worm-bucket with vast implications. It's also not how laws work currently in pretty much any other sector than the internet.

IP block should be sufficient to void the laws; That's how other EU laws work. If the UK wants more than than then they should just create a firewall. But saying the internet should be a fully unregulated hellscape is not a sensible position here.

That’s actually how it works? Unless you have an extradition agreement, or military overmatch, or you are willing to expend some diplomatic leverage, you are typically not getting a citizen out of a foreign country. The government complains about this all the time with goods from SE Asia, and sometimes they seize fake designer goods and make a lot of noise about it. But the people making the knockoffs just keep on making them, don’t they?

Not sure I see how your logic has led you there. If a company (regardless of where they are headquartered) is operating in your country, then you necessarily have some sort of jurisdiction over it:

- If they are using servers or domain names hosted in your country, you can seize them.

- If they are making use of your country's financial system, you can ban them from that system.

- If they are shipping physical products to your country's residents, you can intercept those packages at customs.

- If any employees (or, better, officers) of that company are physically present in your country, you can fine or arrest them if they don't comply.

- If you have an extradition treaty with the country where they're operating, you can ask that country for help. If they decline, that's unfortunate for you, but that's life.

And right, in the end, if there's no "presence" aside from people in your country accessing foreign websites, then you can (given the right legal mechanisms) order ISPs in your country to block those sites. I don't see why any foreign-operated website should have any obligation to examine your laws and pro-actively block your residents from their site if needed; if you want your laws enforced on your residents, then... enforce them on your residents.

> But saying the internet should be a fully unregulated hellscape is not a sensible position here.

While I do see a few low-effort comments to that effect, I don't think that's a common opinion here. I don't even think the person you're replying to holds that opinion.

But this is the real issue. To what extent is a company "operating in" a country where it has no staff and no physical presence?

The principle that someone should become subject to the laws of a country they've never visited and where they have no assets just because they communicated with someone else who does live in that country seems questionable. Even if money is sent by the person living in that country to someone based elsewhere it still seems questionable.

Taken to their logical conclusion these kinds of arguments would kill off a lot of the value of the modern Internet (assuming they could be practically enforced). Can you even write a blog post any more if it might be controversial in any country in the world? Do you have to pay if you show ads next to that blog post and someone from the Sovereign Republic Of East Nowhere visits - but the Sovereign Republic Of East Nowhere has a law prohibiting online advertising as a social harm and imposing a fine of 1000% of global revenues generated through ads? What happens when the laws of two different countries are in direct conflict and one requires you to include an official warning of some kind alongside certain information on your blog but the other one prohibits such statements unless you're formally qualified to give advice in the field?

If you want to interfere with international trade or international communications at all then it makes far more sense practically - and arguably both morally and legally as well - to legislate so that your own people in your own country who are subject to your own laws are the ones who must or must not act in a certain way. If there's some kind of regulation on physical goods then make the person importing those goods responsible for compliance. If you want to tax international transactions then make the person in your country who is participating in those transactions responsible for declaring and paying the tax. But realistically this leads to a lot of non-compliance because your citizens don't have to be experts in international tax law so you can collect your $1.53 when they bought a new T-shirt from some online store based in another country and had it shipped.

What the UK is doing is claiming, without having dealt with this via treaty that I am somehow responsible for keeping their citizens off my website. This is not something they can actually do. Now if they made a deal with my country that said that I had to in some way we'd be in a different universe. But currently they do not.

As I, and probably many others, see it. If they don't want UK citizens visiting 4chan or whereever they should control the flow of data through their borders better and punish their citizens for data smuggling if they vpn their way around it. It's no different than prohibited goods like automatic weapons. If I send someone in the UK a fully automatic ak-47 (which is legal in my juristiction) then I suspect UK customs will catch it at the border and possibly jail, or at least have a stern talking to the recipient.