I appreciate that not all modern post 1776 democracies are the same, but in Australia, whose constitution was informed hugely by the US constitution, Federal communications law takes supremacy over states, and states laws cannot constrain trade between the states. There are exceptions, but you'd be in court. "trade" includes communications.
So ultimately, isn't this heading to the FCC, and a state-vs-federal law consideration?
-Not that it means a good outcome. With the current supreme court, who knows?
cobbzilla · 47m ago
> With the current supreme court, who knows?
In his concurring opinion, Justice Kavanaugh said it was likely unconstitutional (but apparently not obviously enough to enjoin it) [1]. So it's going into effect, then the lawsuit follows.
Similar laws in California, Arkansas and Ohio were all found unconstitutional, so I am hopeful. That said, these were all district court decisions, and all of them are being appealed. When they lose on appeal, they go to the Supreme Court for (hopefully) the final smack-down.
Interestingly, reading the summary MS HB1126 [2], this law is doing two things. It regulates companies and defines crimes.
States are allowed to set their own criminal codes. If Mississippi drops the mandate part and passes a new law that simply defines certain things as crimes with corresponding penalties, that law would probably be constitutional.
In theory, the US constitution forbids states from interfering with interstate commerce too.
cobbzilla · 41m ago
In theory yes, but in reality the "Dormant Commerce Clause" is weak protection.
We've let states set their own "internet services" taxes, making selling anything online in the US a regulatory nightmare. A third-party vendor to manage (and keep up with) the tax laws to stay compliant is basically required for anyone selling online, or risk the wrath of various state tax bodies.
ggm · 46m ago
<insert Yogi Berra quote about theory and practice here>
andybak · 7h ago
Between this and the UK Online Safety Bill, how are people meant to keep track?
Launch a small website and commit a felony in 7 states and 13 countries.
I wouldn't have known about the Mississippi bill unless I'd read this. How are we have to know?
Buttons840 · 1h ago
Hopefully data centers will be built in more free states. If I live in California, and run a server in California that responds to requests coming from an ISP in California, at what point do I become subject to Mississippi law that I never had a chance to vote for?
If anything, communications between Mississippi and California would be interstate commerce and would thus fall under federal legal jurisdiction.
vel0city · 43m ago
While I'm not trying to argue for or against any particular law in this comment, California is far from a "free state" in terms of internet laws.
If I run a server in Utah primarily for myself, and you as a Californian happen to stumble upon it, should I have to abide by California privacy laws?
zaptheimpaler · 6h ago
Any physical business has to deal with 100s of regulations too, it just means the same culture of making it extremely difficult and expensive to do anything at all is now coming to the online world as well, bit by bit.
A blog is speech, but I wouldn't say that deciding to operate a social media site is speech. That said, there are plenty of good reasons to oppose this law.
kragen · 3h ago
Speech isn't just shouting into the void; it's dialogue back and forth between two or more different people. Social media sites such as Hacker News and the WELL facilitate this, even when they aren't businesses, in much the same way as a dinner party or a church picnic does.
TGower · 3h ago
Sure, speech happens on and is facilitated by social media sites, but that doesn't imply that operating a social media site is a form of speech any more than operating a notebook factory is.
kragen · 2h ago
If having a dinner party at your house gets you busted by the police, you are not living in a liberal society. If notebook factories are under tight surveillance to ensure that their notebooks are serialized and tracked because bad people might use them to plot crimes, you are not living in a liberal society.
TGower · 2h ago
I agree, there are better grounds to oppose such measures than "this violates the notebook factory owner's freedom of speech" though.
kragen · 1h ago
No, it violates the potential notebook buyers' freedom of speech. The factory owner's freedoms don't come into it.
TGower · 1h ago
Sounds like we are in agreement then, the root of this was
>A blog is speech, but I wouldn't say that deciding to operate a social media site is speech.
kragen · 1h ago
I agree in that narrow sense—but shutting down social media sites denies the sites' users their human right of expression, as well as other basic human rights*. The fact that the site operator doesn't necessarily suffer this harm† seems like an irrelevant distraction, and I have no idea why you brought it up, or why you keep repeating it, if you agree that the site users are being illegitimately harmed.
______
* See UDHR articles 12, 18, 19, and 20. This is not an issue limited to the laws of one small country.
† Unless the site operators also use of the site, in which case they too do suffer it; this is in my experience virtually always the case with the noncommercial sites that it is most important to protect.
dragonwriter · 4h ago
A social media site is speech (and/or press, but they are grouped together in the first amendment because they are lenses on the same fundamental right not crisply distinguishable ones); now, its well recognized that commercial speech is still subject to some regulations as commerce, but it is not something separate from speech.
TGower · 4h ago
I would disagree, for example section 230 reads "No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider." The content of the site is obviously speech/press, but the decision to operate the site doesn't seem like it is. Very possible I'm mistaken and there is case law to the contrary though, it's a nuanced argument either way
dragonwriter · 4h ago
Not sure why you cite Section 230 as if it had anything to say about what is Constitutionally speech; other than inverting the relation between the Constitution and statute law, that is a pretty big misunderstanding of what Section 230 is (and the broader Communication Decency Act in which it was contained was) about.
TGower · 3h ago
> A social media site is speech (and/or press
I suppose this is what confused me then, as it seemed obvious that e.g. the Facebook reccomendation algorithm isn't speech, so if a social media site would be considered speech it would be due to the user content. Section 230 doesn't in any way supercede the constitution, but it does clarify which party is doing the speech and thus where the first ammendment would apply.
jcranmer · 6m ago
A lot of people want to conflate several things that shouldn't be conflated. To clarify:
* The First Amendment generally prohibits the government from enacting any laws or regulations that limit speech based on its content (anything you might reasonably call "moderation" would definitely fall into this category!).
* Private companies are not the government. Social media networks are therefore not obligated to follow the First Amendment. (Although there is a decent argument that Trump's social media network is a state actor here and is therefore constitutionally unable to, say, ban anybody from the network.)
* Recommendation algorithms of social media networks are protected speech of those companies. The government cannot generally enact a law that regulate these algorithms, and several courts have already struck down laws that attempted to do so.
* §230 means that user-generated speech is not treated as speech of these companies. This prevents you from winning a suit against them for hosting speech you think injures you (think things like defamation).
* §230 also eliminates the liability of these companies for their moderation or lack thereof.
There remains the interesting question as to whether or not companies can be held liable via their own speech that occurs as a result of the recommendation algorithms of user-generated content. This is somewhat difficult to see litigated because it seems everybody who tries to do a challenge case here instead tries to argue that §230 in its entirety is somehow wrong, and the court rather bluntly telling them that they're only interested in the narrow question doesn't seem to be able to get them to change tactics. (See e.g. the recent SCOTUS case which was thrown out essentially for this reason rather than deciding the question).
dragonwriter · 3h ago
> Section 230 doesn't in any way supercede the constitution, but it does clarify which party is doing the speech
No, it immunizes certain parties from being held automatically liable (without separate proof that they knew of the content, as applies to mere distributors [0]), the "publisher or speaker" standard being the standard for such liability (known as publisher liability.)
It doesn't "clarify" (or have any bearing on) where the First Amendment would apply. (In fact, its only relevant when the First Amendment protection doesn't apply, since otherwise there would be no liability to address.)
[0] subsequent case law has also held that Section 230 has the effect of also insulating the parties it covers against distributor liability where that would otherwise apply, as well, but the language of the law was deliberately targeted at the basis for publisher liability.
TGower · 3h ago
So they are not the speaker for the purposes of liability, but they are the speaker for the purposes of first ammendment protections? That doesn't make sense to me, but it certaintly wouldn't be the most confusing law on the books and you seem to be more informed on the topic than me. Do you have any insight on how that dynamic would apply to something like The Pirate Bay? Intuitively on that basis, users uploading content would be liable, but taking down the site would be a violation of the operator's first ammendment rights.
dragonwriter · 1m ago
> So they are not the speaker for the purposes of liability, but they are the speaker for the purposes of first ammendment protections?
People who are not “the speaker or publisher” for liability purposes have Constitutional first amendment free speech rights in their decision to interact with content, this includes distributors, consumers, people who otherwise have all the characteristics of a “speaker of publisher” but are statutorily relieved of liability as one so as to enable them to make certain editorial decisions over use generated content without instantly becoming fully liable for every bit of that content, etc., yeah.
And arguing the alternative is you making the exact inversion of statute and Constitution I predicted and which you denied, that is, thinking Section 230 could remove First Amendment coverage from something it would have covered without that enactment.
gr4vityWall · 5h ago
> Any physical business
Websites don't have to be a business or be related to one.
sixothree · 6h ago
Right. But if I open a physical business I only need to abide by the laws of that state. This is definitely an order of magnitude more regulation to deal with.
But yeah, this definitely sounds like a business opportunity for services or hosts.
bryant · 6h ago
Probably an area for Cloudflare to offer it as a service. Content type X, blocked in [locales]. Advertised as a liability mitigation.
stuartjohnson12 · 6h ago
Closely followed by the BETTERID act in response to sites using substandard identity providers, a set of stringent compliance requirements to ensure the compliant collection and storage of verification documentation requiring annual certification by an approved auditing agency who must provide evidence of controls in place to ensure [...]
Regulatory capture in real time!
gruez · 5h ago
>Regulatory capture in real time!
What would you have preferred? Of course you'd prefer if the law never existed in the first place, but I don't see having a third party auditor verify compliance is any worse than say, letting the government audit it. We don't think it's "regulatory capture" to let private firms audit companies' books, for instance.
sterlind · 3h ago
it's regulatory capture if there's an oligopoly of audit firms.
it's regulatory capture if a cartel of ID verification companies are lobbying for specific requirements that lock out upstart competitors.
contravariant · 6h ago
More to the point, why would anyone outside of Mississippi need to comply? What legal grounds do they have to dictate what other people do outside of their state?
dawnerd · 6h ago
I worry that as a mastodon server operator I could be found guilty of violating their state law and if one day I decide to visit or transit in the state I could be punished say by arrest.
Same goes for other countries as well. It’s insane.
sterlind · 3h ago
you could even be extradited to Mississippi by another state, depending on how friendly they are and how much they want you.
protocolture · 56m ago
Its things like this that make me want the internet excluded from all legal systems as extra territorial. There should be no laws governing the internet. Almost uniformly they are stupid. The most success law enforcement gets out of capturing pedos is setting up honeytraps anyway.
ethbr1 · 44m ago
"When catapults are outlawed, only outlaws will have catapults."
Welcome back to the 90s and the PGP, Clipper chip, warez, and DeCSS days.
At some point, they will have outlawed enough things that most people want, that most people will become outlaws.
ulrikrasmussen · 31m ago
Oh, the EU is also coming with an age verification requirement through the Digital Safety Act
Hamuko · 6h ago
Check your local laws and make sure never to travel outside your current state.
bee_rider · 6h ago
States should come together with their neighboring states to start passing identical model legislation for this sort of stuff, if we don’t have unity across the country. It could be easy and voluntary for the states to do.
The US doesn’t have 50 different cultures with totally different values, but probably has like… 7.
gapan · 5h ago
> States should come together with their neighboring states to start passing identical model legislation for this sort of stuff...
Yes! Make a union of states! How should we call that? States Union... Union of States... United States! Yeah, that should work.
mathiaspoint · 5h ago
The US would make a lot more sense if it split up between two or three different countries. There's a lot of stuff in US politics which people feel strongest about but are absolutely mutually exclusive.
I think it's going to happen one way or another and the most peaceful way to do it would be sooner rather than later.
bee_rider · 4h ago
Getting ~340M people to agree on anything is too hard, and now a good chunk of us seem to think the government can’t do anything productive at all. IMO, it would be nice to have an in between layer to do bigger things.
brewdad · 2h ago
Sure. But the idea was to have neighboring states pass matching laws. Oregon borders Washington. Washington borders Idaho. Idaho borders Montana…etc.
At some point it makes more sense to pass such a law at the federal level since we end up there eventually either way.
bee_rider · 2h ago
Ok, sorry for the poor writing. I mean states could form informal groups with likeminded states. So, the northeast could all pass the same law, the pacific coast, Texas and friends, wherever else.
Expecting laws to instead propagate from neighbor to neighbor as I accidentally suggested—this wasn’t what I meant to suggest, but in defense of the idea:
> At some point it makes more sense to pass such a law at the federal level since we end up there eventually either way.
I do think there still could be some value. Laws could propagate across states that are more receptive to them, and then people can see if they work or not. Porting Masshealth to the whole country at once seems to have been a little bumpy. If it has instead been rolled out to the rest of New England, NY, then down to Pennsylvania… might have gone a little smoother.
asa400 · 1h ago
> The US doesn’t have 50 different cultures with totally different values...
Indeed. It has far more than that. The US is astonishingly diverse.
lenerdenator · 6h ago
This sounds great, until those states hate each other and want to get one over on the other one, even if they're ideologically aligned.
Source: am from Kansas City.
Buttons840 · 1h ago
Yeah, increasing political tension--and not just any political tension, but political tension between states--doesn't seem good.
kennyloginz · 4h ago
This is true.
Source: am from St. Louis.
miki123211 · 6h ago
Is there even such a thing as a "Mississippi IP?"
I.E. Are US ISPs, particularly big ones like Comcast, required to geolocate ISPs to the state where the person is actually in? What about mobile ones?
Where I live (not US), it is extremely common to get an IP that Maxmind geolocates to a region far from where you actually live.
estimator7292 · 6h ago
You pretty much just plug the IP into a geolocating API and hope. There's nothing else to do. Any collateral damage is on the legislation, not any individual site or admin.
As you say, IP geolocation is unreliable. Unfortunately that's the only option. If it is technologically impossible to comply with the law, you just gotta do the best you can. If someone in MI gets a weird IP, there's absolutely nothing any third party can do. That's on the ISP for not allocating an appropriate IP or the legislators for being morons.
selimthegrim · 6h ago
MI is Michigan.
phinnaeus · 6h ago
Right, they might get an MS IP and be blocked :P
kube-system · 6h ago
GeoIP services are not 100% accurate, but that doesn't mean they're completely useless.
The law in question requires "commercially reasonable efforts"
Falkon1313 · 45m ago
I wonder what is a "commercially reasonable effort" for a non-commercial website to collect, accurately verify, and securely store everyone's identity, location, and age?
Personally I'd say none at all, unless the government itself provides it as a free service, takes on all the liability, and makes it simple to use.
It also defines personally identifiable information as including "pseudonymous information when the information is used by a controller or processor in conjunction with additional information that reasonably links the information to an identified or identifiable individual." But it doesn't specify what it means by 'controller' or 'processor' either.
If a hobbyist just sets up a forum site, with no payment processor and no identified or identifiable information required, it would seem reasonable that the law should not apply. But I'm not a lawyer.
Clearly, however, attempting to comply with the law just in case, by requiring ID, would however then make it applicable, since that is personally identifiable information.
beefnugs · 6h ago
Remember that massive surveillance capitalism apparatus that has been created for years? Now everyone must pay for it to legally comply with whatever arbitrary bullshit no matter how expensive the data becomes
kube-system · 6h ago
The most popular GeoIP database has a free tier that would easily work for this. And there are many other options.
tzs · 3h ago
> The most popular GeoIP database has a free tier that would easily work for this
The free tier does have limits on the number of API calls can you can make. But the good news is you don't have to use their API. You can download the database [1] and do all the lookups locally without having to worry about going over their API limits.
It consists of 10 CSV files and is about 45 MB compressed, 380 MB uncompressed. For just identifying US states from IP address you just need 3 of the CSV files: a 207 MB file of IPv4 address information, a 120 MB file for IPv6, and a 6.7 MB file that lets you lookup by an ID that you find in one of the first two the information about the IP address location including state.
It's easy to write a script to turn this into an SQL database that just contains IP ranges and the corresponding state and then use that with sqlite or whatever network database you use internally from any of your stuff that needs this information.
If you don't actually need Geo IP in general and are only adding it in order to block specific states you can easily omit IPs that are not mapped to those states which would make it pretty small. The database has 3.4 million IPv4 address ranges, but only 5 359 of them are listed as being in Mississippi. There are 1.8 million address ranges in the IPv6 file, and 3 946 of them are listed as being in Mississippi.
Here's how to get the Mississippi ranges from the command line, although this is kind of slow--the 3rd line took 7.5 minutes on my M2 Mac Studio and the 4th took almost 4 minutes. A proper script or program would be a lot faster.
Also a proper script or program would be able to look specifically at the correct field when matching the ID from the locations file to the IP range lines. The commands above just hope that things that look like location IDs don't occur in other fields in the IP range files.
Also there is no need to spend time parsing it yourself, there are plenty of existing libraries you can simply point at the file.
gruez · 5h ago
>Remember that massive surveillance capitalism apparatus that has been created for years? Now everyone must pay for it to legally comply with whatever arbitrary bullshit
Calling geoip databases "surveillance capitalism" seems like a stretch. It might be used by "surveillance capitalism", but you don't really have to surveil people to build a geoip database, only scrape RIR allocation records (all public, btw) and BGP routes, do ping tests, and parse geofeeds provided by providers. None of that is "surveillance capitalism" in any meaningful sense.
TGower · 4h ago
If selling the physical location information of users isn't surveillance capatalism, then the term doesn't mean anything. "We don't surveil people, we just try to find out where they live and sell that data"
gruez · 4h ago
If that's "surveillance capitalism", what's your opinion on databases that map phone numbers to locations? eg. when you get a phone call from 217-555-1234, and it shows "Springfield, IL"? Is that "surveillance capitalism"? That's basically all geoip databases are. Moreover there's plenty of non "surveillance capitalism" uses for geoip that make it questionable to call it "surveillance capitalism". Determining the region for a site, or automatically selecting the closest store, for instance. Before the advent of anycast CDNs, it was also basically the only way to route your visitors to the closest server.
TGower · 4h ago
Is there a single company out there making it's money selling access to an area code database? GeoIP databases are much higher resolution and use active scanning methods like ping timing. If a company was spam calling me to estimate distance based on call connection lag, yes that would be surveillance capitalism.
gruez · 3h ago
>Is there a single company out there making it's money selling access to an area code database?
So if someone is making money off of it it's suddenly "surveillance capitalism"? What makes it more or less "surveillance capitalism" compared to aws selling cloudfront to some ad company?
Moreover you can do better than area level code granularity. When landlines were more common and local number portability wasn't really a thing, can look at the CO number (second group) to figure out which town or neighborhood a phone number was from. Even if this was all information you could theoretically determine yourself, I'm sure there are companies that package up the data in a nice database for companies to use. In that case is that "surveillance capitalism"? Where's the "surveillance" aspect? It's not like you need to stalk anyone to figure out where a CO is located. That was just a property of the phone network.
>GeoIP databases are much higher resolution and use active scanning methods like ping timing. If a company was spam calling me to estimate distance based on call connection lag, yes that would be surveillance capitalism.
Why is the fact it's "active" or not a relevant factor in determining whether it's "surveillance capitalism" or not? Moreover spam calling people might be bad for other reasons, but it's not exactly "surveillance".
TGower · 3h ago
Surveillance definition "Systematic observation of places and people by visual, aural, electronic, photographic or other means." If you are pinging someone's IP to determine their physical location, you are engaged in a form of surveillance. If you have a copy of the table of area codes to city mapping, you are not engaged in surviellance. If you aren't trying to make money, you are not engaged in capitallism.
gruez · 2h ago
>Surveillance definition "Systematic observation of places and people by visual, aural, electronic, photographic or other means." If you are pinging someone's IP to determine their physical location, you are engaged in a form of surveillance.
Setting aside the problem with pinging home IPs (most home routers have ICMP echo requests disabled), your definition of "systematic observation" seems very flimsy. Is monitoring the global BGP routing table "systematic observation"? What about scraping RIR records? How is sending ICMP echo requests and observing the response times meaningfully similar to what google et al are doing? I doubt many people are upset about google "systematically observing"... the contents of books (for google books), or the layout of cities (for google maps, ignoring streetview). They're upset about google building dossiers on people. Observing the locations of groups of IP addresses (I'm not aware of any geoip products that can deanonymize specific IP addresses) seems very divorced from that, such that any attempts at equating the two because "systematic observation" is non-nonsensical.
TGower · 2h ago
It seems like you missed the specifier "of places and people". Books are not people or places, but an IP addresses at any point in time is tied to either a specific person or place.
> They're upset about google building dossiers on people.
Their location being in that dossier is part of what upsets people.
gruez · 2h ago
>but an IP addresses at any point in time is tied to either a specific person or place.
Except I'm not aware of any geoip databases that operate on a per-IP level. It's way too noisy, given that basically everyone uses dynamic IP addresses. At best you can figure out a given /24 is used by a given ISP to cover a certain neighborhood, not that 1.2.3.4 belongs is John Smith or 742 Evergreen Terrace.
TGower · 2h ago
Good to know, that does shift my opinion a bit. There is a spectrum from surveilling individuals to gathering population statistics. I'm not sure exactly where data that identifies a user to a group size of ~250 falls, especially given the geographic correlation, but it's definitely better.
cwbriscoe · 5h ago
I live in Vancouver, WA and my IP comes back to Portland, OR.
brewdad · 3h ago
Vancouver residents may as well be Oregonians anyway. Most of them are paying OR income tax. They do most of their shopping and entertainment in Oregon too.
cwbriscoe · 2h ago
I work for a Portland company at home in Vancouver so I get to skip their income tax. It's a 10-15 minute drive to the PDX area where there is a Best Buy, Ikea and other stores where I can easily skip sales if I want to.
tallytarik · 5h ago
ISPs have no obligation, although the ubiquity of sites and apps relying on IP geolocation mean that ISPs are incentivized to provide correct info these days.
I run a geolocation service, and over the years we've seen more and more ISPs providing official geofeeds. The majority of medium-large ISPs in the US now provide a geofeed, for example. But there's still an ongoing problem in geofeeds being up-to-date, and users being assigned to a correct 'pool' etc.
Mobile IPs are similar but are still certainly the most difficult (relative lack of geofeeds or other accurate data across providers)
dh2022 · 13m ago
How can any website determine the location of a user that uses a VM inside an Azure/AWS/GCP data enter? My VM inside Azure WestUS2 geolocates somewhere in WA state…
Ah! Thank you. I was wondering why mjg59 needed to geo-block people on his blog. I had no idea dreamwidth was a platform and he was only a user of that platform. I don't think I've ever seen anyone else's content on that site. Now I feel dumb because I've been calling him "dreamwidth" in my head for years.
Thanks, I could not get by their really bad captha
Saigonautica · 36m ago
While I realize I'm not entitled to read this website, I'd like to report it seems to be geoblocking me in Viet Nam. I get a 403 Forbidden.
I was totally ready to consider blocking US IP ranges too, if there was a good reason. I run a small business and 0% of my customers are overseas.
WUMBOWUMBO · 7h ago
Clueless human, but what stops a company from ignoring these laws from certain states? How is this enforceable if a company doesn't have any infrastructure within that state?
dragonwriter · 7h ago
> Clueless human, but what stops a company from ignoring these laws from certain states?
The threat of lawsuits.
> How is this enforceable if a company doesn't have any infrastructure within that state?
If you are intentionally doing business in a US state, and either you or your assets are within the reach of courts in the US, you can probably be sued under the state's laws, either in the state's courts or in federal courts, and there is a reasonable chance that if the law is valid at all, it will be applied to your provision of your service to people in that state. Likewise, you have a risk from criminal laws of the state if you are personally within reach of any US law enforcement, through intrastate extradition (which, while there is occasional high-profile resistance, is generally Constitutionally mandatory and can be compelled by the federal courts.)
That's why services taking reasonable steps to cut off customers accessing their service from the states whose laws they don't want to deal with is a common response.
BobaFloutist · 4h ago
That sounds a lot like regulating cross-state commerce, which is traditionally the purview of the federal government. Not that I have any real faith in this particular federal government or Supreme Court jealously protecting federal supremacy in this particular case.
0cf8612b2e1e · 7h ago
Now I am curious as well. Are there…extradition treaties between states?
umanwizard · 7h ago
The treaty in question is the Constitution. All states must grant extradition to any other state.
It would be pretty crazy if you could kill someone in Arizona and then just walk over the border to California and not be able to be prosecuted…
"The Zone of Death is the 50-square-mile (130 km2) area in the Idaho section of Yellowstone National Park in which, as a result of the Vicinage Clause in the Constitution of the United States, a person may be able to theoretically avoid conviction for any major crime, up to and including murder"
gjm11 · 7h ago
That's a separate thing -- it's not about being in a different state from where the crime was committed, it's about (supposedly) it being procedurally impossible to give you the jury trial you have to have, because literally no one lives in the relevant district.
dragonwriter · 6h ago
No, because no one lives in the relevant combination of state and district, hence why only portion of the District of Wyoming that is actually in the State of Idaho is affected.
lazide · 7h ago
Which really just means of anyone tried to exploit the loophole and wasn’t politically untouchable cough, everyone would just ignore the problem and assign them to some nearby district or whatever.
yardstick · 6h ago
Seems like the solution is to bus in new residents if such a trial was needed.
>New York governor rejects Louisiana's extradition request for doctor in abortion pill case
cough
stronglikedan · 7h ago
Exactly. We don't have a problem with too few laws and regulations. We have a problem with enforcement and accountability.
bee_rider · 6h ago
It seems like a problem of states trying to pass laws that control things outside their borders. The jurisdiction of Louisiana courts is Louisiana.
I mean it would be absurd if an anti-death-sentence state started trying to extradite the executioners working in pro-death-sentence states for murder, right?
svieira · 6h ago
If the executioner did their work in the anti-death-sentence state it wouldn't seem to be absurd, no. E. g. if they had pulled the cord that activated the electric chair remotely from a pro-death-sentence state (tele-execution ... sounds very BlackMirror).
bee_rider · 6h ago
I’d expect that to result in a very confusing court case. Fortunately, despite all the other messes going on, we haven’t tried anything that silly.
0cf8612b2e1e · 6h ago
Murder is a crime in all states. If the two states disagree on if a crime occurred, does the requesting state get to impose its laws on everyone?
dragonwriter · 6h ago
> Murder is a crime in all states.
Not by the same definition, no, its not, though there is a crime called "murder" in all states, and there tends to be significant overlap in the definitions.
throwmeaway222 · 6h ago
So Murder is a crime in all states.
stonogo · 7h ago
Yeah, that would be crazy, but the point here is that the "crime" is not being committed in Mississippi at all.
fencepost · 6h ago
Even if there aren't (there are cases where individuals fight extradition to other states though I have no idea if that's ever effective, and questions of conflict between states has come up recently regarding interstate prescribing of abortion medications, etc. with some states explicitly stating that they will not cooperate with Texasistan), a civil judgement against an entity operating in one state could likely be enforced without even interacting with the state where that entity exists - e.g. if they're using a bank with a presence in MS, the state might be able to simply go after their accounts held with the national-scale bank.
ratelimitsteve · 6h ago
There are certainly extraditions between states, so whether there's a treaty is rather academic
next_xibalba · 6h ago
Apparently, U.S. statutory and case law establish that a business has an "economic nexus" in a state can be made subject to that state's laws. An economic nexus doesn't require a physical presence, just sufficient economic activity. Sufficient economic activity is usually defined, by each state, according to revenue or volume of transactions. Another test for an economic nexus is something called purposeful availment, which is whether a business is targeting the residents of a jurisdiction. So it seems like, "Are you intentionally selling to Missouri residents?"
To enforce all this, states can sue companies and they can take steps to ensure companies can't do business in their state (so like maybe force ISPs to block Dreamwidth?).
bcrosby95 · 7h ago
If they're able to elevate some of your charges to the federal level you're fucked. IANAL though so I don't know if/how that would happen.
dragonwriter · 6h ago
You can't "elevate" state criminal charges to federal charges, though the state can simply seek your extradition (which, if the receiving state resists, the federal courts can enforce, because it is a Constitutional obligation).
(It is possible for state charges existing to make other actions federal crimes, though, e.g., there is a federal crime of interstate travel to avoid prosecution, service of process, or appearance as a witness. But state charges themselves can't get "bumped up" to the federal level.)
hopelite · 6h ago
You can’t elevate something to federal charges that is not a federal crime, mostly committed across state lines (at least not in a just system); and the interstate commerce clause and possibly the free speech clause would likely be where that gets hung up.
There is a certain group in the USA that is working hard on undermining the rights of the people of America, the enemies, foreign and domestic, per se; and this is part of their plank to control speech through fear and total control and evisceration of anonymity.
I support controlling access to porn for children, especially since I know people who were harmed and groomed by it, but these types of laws are really just the typical liar’s wedge to get the poison pill of tracking and suppression in the door.
I hope some of the court cases can fix some of these treasonous and enemy acts by enemies within, but reality is that likely at the very least some aspects of these control mechanisms will remain intact.
If it really was about preventing harm against children, then they would have prevented children from accessing things, not adults. But that’s how you know it’s a perfidious lie.
This MS situation is just another step towards what they really want, total control over speech, thought, and what you are able to see and read.
This MS situation is just a kind of trial balloon, a probe of the American people and the Constitution and this thing we still call America even though enemies are within our walls dismantling everything.
As you may have read, in MS they are trying to require all social media companies to “…deanonymize and age-verify all users…” …… to protect the children, of course. So you, an adult, have to identify yourself online in the public square that is already censored and controlled and mapped, to the government so it can, e.g., see if you oppose or share information about the genocide it is supporting … to protect Mississippi children, of course.
VWWHFSfQ · 7h ago
> How is this enforceable if a company doesn't have any infrastructure within that state?
It's a good question. Maybe something with interstate commerce laws?
petcat · 7h ago
There used to be the "Oregon sales tax loophole" where residents of neighboring states (Washington, California, Idaho) would make large purchases (car) just over the border in Oregon where there was no sales tax.
That loophole got closed once inter-state data sharing became possible and Oregon merchants were required to start collecting those out-of-state taxes at the point of sale.
lotsofpulp · 5h ago
> That loophole got closed once inter-state data sharing became possible and Oregon merchants were required to start collecting those out-of-state taxes at the point of sale.
Oregon merchants are not required to collect sales tax for any other jurisdictions outside of Oregon. And they don’t, any non Oregonian can go to any merchant in Oregon right now, and you will be charged the same as any other customer who lives in Oregon.
Also, it was never a loophole to buy things in Oregon to evade sales tax. All states with sales tax require their residents to remit use tax for any items brought into the state to make up the difference for any sales tax that would have been paid had it been purchased in their home state.
chrismcb · 7h ago
That wasn't a loophole. It was just a bunch of people evading taxes.
petcat · 6h ago
> people evading taxes
Avoiding taxes. It's different. It was always perfectly legal to travel to another state to buy something expensive and bring it back home. No crimes were committed.
It was a loophole that you could buy in Oregon specifically to avoid $1,000s in sales taxes.
dragonwriter · 6h ago
> It was always perfectly legal to travel to another state to buy something expensive and bring it back home.
It was legal to do that. If it was purchased out of state with the intent of bringing it back home, then (assuming the home state was California) California use taxes were always owed on it. Other states with sales taxes also tend to have similarly-structured use taxes with rates similar to the sales tax rates.
They were legally avoiding sales taxes, but also illegally evading use taxes, and, moreover, there is very little reason for the former if you aren't also doing the latter, unless you just have some moral objection to your taxes being taken at the point of sale and the paperwork and remittance to the government being done by the retailer instead of being a burden you deal with yourself.
int_19h · 4h ago
It was the same for WA, so you're right, this was always (illegal) tax evasion, not mere avoidance.
AFAIK it's not that Oregon changed anything, either. It's that Washington passed additional laws that require out-of-state merchants to collect the tax when selling to customers in WA, and said out-of-state merchants complied.
VWWHFSfQ · 6h ago
I think the point was that interstate data sharing closed the loophole on evading use-taxes. Now states report to each other about large purchases. It's no longer possible to buy a car or tractor in Oregon and never report the unpaid sales tax back to Washington or California. They will know.
dragonwriter · 6h ago
I was addressing the debate that that prompted over whether the situation before that was tax evasion or mere tax avoidance, but yes, the point about interstate data sharing is what that tangent spun off from several posts upthread.
kube-system · 6h ago
If you do not pay sales tax on items bought in neighboring states, you typically owe your state use tax on those items. Many people simply did not report these purchases however, and this is evasion.
lotsofpulp · 5h ago
chrismcb is correct.
The situation petcat described is tax evasion (illegal, since use tax is due in lieu of paying sales tax at point of purchase, assuming item is brought back to home state).
Tax avoidance is simply minimizing tax liability, completely legal.
quickthrowman · 6h ago
You are correct, virtually every state has a law that says “If you buy something in another state and pay less sales tax than we charge, you owe us the sales tax we would’ve charged you.”
It’s called a ‘use tax’. In practice, nobody pays (personal) use tax, myself included.
So, all of those people going to Oregon to shop without sales tax and not paying use tax were technically breaking the law, not using a loophole. I’m not judging them, I don’t pay use tax either :)
hopelite · 6h ago
Do you insist on paying your home tax rate if you go somewhere else and buy food or products?
I’ve never understood people like you that say anything and everything to increase taxes.
How does it make any rational or logical sense that you should pay higher taxes for something?
So when you go to Delaware that has 0% sales taxes, you make sure to log everything and pay taxes to your home state upon return?
kube-system · 6h ago
> So when you go to Delaware that has 0% sales taxes, you make sure to log everything and pay taxes to your home state upon return?
If you don't, you are technically violating the law. All states with sales tax also have a use tax.
For example, if you are a resident of neighboring Maryland, this is the form you'd need to fill out for purchases you make in Delaware.
He's just stating the law. Eat a cookie and take a nap.
sch-sara · 5h ago
Surprising how quickly everyone is expected to comply with these laws - within a week you're supposed to block what could be a portion of your user base?
Most areas of governance usually give years of preparation ahead of anything actually being enforced. This is so short-sighted.
isk517 · 5h ago
> This is so short-sighted.
Might as well be the slogan of the current era
gruez · 5h ago
>Surprising how quickly everyone is expected to comply with these laws - within a week you're supposed to block what could be a portion of your user base?
But the law was signed over a year ago[1]? The recent development was that the injunction blocking the bill from being implemented got struck down. I'm not sure what you'd expected here, that the courts delay lifting the injunction because of the sites that didn't bother complying with the law, because they thought they'd prevail in court?
I don’t think it’s short sighted. They just don’t care.
apt-apt-apt-apt · 7h ago
If you're using a VPN while inside Missxi and access the site without age verification, would that cause the site to be in violation of the law?
mxuribe · 7h ago
IANAL but i don't think using a vpn matters...Because whether a user is using a vpn or otherwise or not, if the user is identified as from Mississippi, that would be the test for whether these guys would need to block or not. Like, if a user from Mississippi uses a vpn, and these guys don't know that and detect that this user's IP is from, say, Arkansas...how would they be held liable? Unless, i'm missing something, right?
superfrank · 5h ago
NAL, but yes, I believe that it would still be a violation of the law. That said, laws aren't applied by robots and it's likely they would be given leniency if they could show they actually tried to respect the law.
If they make an honest attempt to comply and a small number of people using VPNs slip through the cracks, if they're ever reported, they'll likely be given a slap on the wrist at most. If they ignore the law or do some obvious half assed attempt to comply and thousands of Mississippi users are still using their site and they get reported, it's far less likely that a judge will be lenient.
wonderwonder · 7h ago
Seems to work without issue in states that require age verification for pornography sites. Would assume a site like pornhub has spent money on lawyers
hopelite · 6h ago
I don’t see how, but the people trying to implement total control of speech, thought, and communication in America are a diabolical and crafty bunch that will likely try putting someone through the wringer for that one day.
The end game here is total control and awareness of who is saying what at any time, in order to allow those messages to be thwarted.
Thanks, Section 3 is much clearer than the Wikipedia wording.
sebastiennight · 6h ago
Yeah the Wikipedia explanation has faulty grammar. I couldn't figure it out either.
My understanding is that this is similar to the law the UK passed recently except instead of verifying age of users for "adult" content, every platform needs to verify (and log) age of all users for all content?
It can't possibly be that ridiculous.
mostlysimilar · 5h ago
It's Mississippi. Least educated state in the US. Not surprising the elected officials didn't think this one through.
kube-system · 6h ago
The law mentions that it does not apply to job application websites.
That's probably what the wikipedia author meant to say
throwmeaway222 · 6h ago
so does that mean all of linkedin is exempt?
does that also mean that all social media platforms will start a small jobs board?
kube-system · 6h ago
Yes to your first question, and no to the second question... the law says it must "primarily function" in that respect.
Putting a small jobs board on instagram would not make instagram "primarily function" as a job application website. LinkedIn is primarily a professional networking website - it qualifies.
Bender · 1d ago
Might it be sufficient to dynamically block anyone that has a registered home address in Mississippi for their payment method? Most ISP's span multiple states.
Google have additional information about IP addresses that updates dynamically based on cell phone, wifi and other magic usage so maybe ask them if they have some javascript that queries their site for more specific city/state details. Also call Pornhub and ask how they were blocking specific states to meet legal requirements.
Falkon1313 · 25m ago
Unlikely. You wouldn't have a payment method address for any free/non-paid/gifted account.
jayknight · 7h ago
For the Bluesky ban, I'm not in Mississippi, but whatever IP Geolocation service they're use thinks I my home internet is in Mississippi. It's doubtless that lots of people inside Mississippi but near borders aren't being blocked, because that's just not a thing that's really possible.
groby_b · 7h ago
If I were in Dreamwidth's shoes, I'd be very much concerned with minimizing legal exposure, not number of users excluded. At 10k/user*day, it's a reasonable choice to block as broadly as makes sense.
Tough for the neighbors, but nitpicking "resident" is not a good choice here.
andybak · 6h ago
From my perspective that means "the entire US". I don't live there and I have no idea how to not break this law.
firesteelrain · 1h ago
Stupid question - can’t these websites use a service like id.me and not store anything?
627467 · 4h ago
Same with UK's OSA: don't most governments already have the tools to block domains based on operator compliance with laws? What's wrong with that approach that leads to this kind of universal jurisdiction approach?
I leave my home computer network open to the public and now suddenly I'm liable to some random jurisdiction around the world because someone in that location decides to call my computer?
China's GFW seems benign in comparison
omarspira · 6h ago
As an aside, it would be curious if deepening political polarization creates a trend of blocking IPs from specific states or regions for whatever reason... perhaps in such a scenario there would be interesting relations or comparisons between the digital and physical divides...
mystraline · 6h ago
Well, we can blame the voters of Mississippi for their ass-backware representatives, who they evidently like, for these ignorant laws.
Cut the ignoramuses from the US internet until they can learn to be decent people. Serves them right, and well, legally.
How is this vaguely sufficient to meet the legal requirements of the law? They know geo-blocking is insufficient.
d4mi3n · 7h ago
IANAL, but there’s a question of reasonable burden. Not sure if that applies here, but it’s not unreasonable to say you simply don’t want to do business in a state where the regulations are cost prohibitive. Given they make a reasonable effort to not provide a service to MI, it’s not really on them to police people trying to circumvent a state’s local laws.
Pornhub and BlueSky have done similar in response to this legislation in Texas. Wikipedia and a few other sites blocked the UK to avoid being burdened by their Safety act. Pretty much every streaming platform implements regional geo blocking for licensing reasons.
I’ll be curious to see how things shake out in the long run given the current political climate.
Timwi · 6h ago
For the record, Wikipedia has not (yet) blocked the UK. They are awaiting official classification by Ofcom of the Wikipedia website. However, the uncertainty is definitely vexing, and the direction this is going is truly worrying.
d4mi3n · 5h ago
Good callout! Sadly, I’m unable to update my comment to correct. This whole area of law seems to be busy lately.
madeofpalk · 6h ago
> Wikipedia and a few other sites blocked the UK
No? Wikipedia is not blocked in the UK.
mxuribe · 7h ago
IANAL, but if the actual legislation did not either recommend or dictate which method would be either good or even considered valid for purposes of enactment of the law, would it then be subject to interpretation?
Also, for the enforcement agency who is/will be tasked with checking things out here...do they know whether geo-blocking is valid method or not? Its a silly law, don't get me wrong...but if its enforcement validation mechanisms are not up to snuff, i wonder how things will play out - both here in dreamwidth's case and other folks in a similar boat?
kube-system · 5h ago
Is it insufficient? The law says they need to take commercially reasonable efforts to verify people's age in Mississippi. Geoblocking is a pretty commercially reasonable effort to identify who lives in Mississippi, and they don't provide service to those people.
dragonwriter · 6h ago
> How is this vaguely sufficient to meet the legal requirements of the law?
It may not be, if the law can be applied to them.
OTOH, may be sufficient to make it illegal to apply the law to them in the first place. US states do not have unlimited jurisdiction to regulate conduct occurring outside of their borders, but they do have more ability to regulate conduct of entities intentionally doing business within their borders.
causality0 · 1h ago
An adult contracts with the ISP. The ISP provides unfiltered internet access to the adult. It is the adult who then chooses to provide access to adult, social, or otherwise-restricted websites to children. I don't see how this isn't obvious to any court.
Havoc · 4h ago
I guess the uk isn’t the only place with lawmakers that have no grasp on technical matters but yolo it anyway
thelastgallon · 6h ago
>Unfortunately, the penalties for failing to comply with the Mississippi law are incredibly steep: fines of $10,000 per user from Mississippi who we don't have identity documents verifying age for, per incident -- which means every time someone from Mississippi loaded Dreamwidth, we'd potentially owe Mississippi $10,000. Even a single $10,000 fine would be rough for us, but the per-user, per-incident nature of the actual fine structure is an existential threat.
Reminds me of Silicon Valley. PiperChat has grossly violated COPPA as there was no parental consent form on the app leading to a 21 billion dollar fine: https://www.youtube.com/watch?v=N3zU7sV4bJE
kstrauser · 6h ago
Since some idiotic courts have ruled a website’s Terms of Service to be legally binding, why can’t I just say no one from Mississippi is allowed to access my site and be done with it?
I’m not being glib. Honestly, why can’t I? There’s precedent for saying that’s unauthorized access, so the feds (not the state; “Interstate Commerce Clause” and all that) should prosecute the visitor for violating my ToS.
superfrank · 6h ago
For the same reason a bars don't just ask people to sign a document saying they're 21 in lieu of an ID.
The laws are written in a way where the responsibility for enforcement falls on the operator of the business. In both cases, the business doesn't actually have to verify anything if they don't want to, but if it's found that they're allowing violations to happen, they will be held legally responsible.
kube-system · 5h ago
You can't contract away something that the law requires of you.
dragonwriter · 5h ago
> Since some idiotic courts have ruled a website’s Terms of Service to be legally binding, why can’t I just say no one from Mississippi is allowed to access my site and be done with it?
That would allow you, perhaps, to sue people from MS that used your site for violating the ToS (though, "some idiotic courts have ruled" does not mean "the courts which actually create binding precedent over those that would adjudicate your case have ruled...", so, be careful even there.) But that doesn't actually mean that, if someone from MS used your site and you took no further steps to prevent it you would not be liable to the extent that you did not comply with the age verification law.
> There’s precedent for saying that’s unauthorized access, so the feds (not the state; “Interstate Commerce Clause” and all that) should prosecute the visitor for violating my ToS.
Most things in interstate commerce, except where the feds have specifically excluded the states, are both federal and state jurisdiction, but neither the feds nor the state are obligated, even if applicable law exists which allows them to, to prosecute anyone for violating your ToS. You can (civilly) attempt to do so if you are bothered by it.
valbaca · 6h ago
sounds similar to how many remote job applications skirt around posting the actual salary range by not allowing residents of NY, etc. to apply
TrnsltLife · 5h ago
Why geoblock Mississippi but scramble to comply with California right to delete. Political favorites? Easier to implement? Something else?
LambdaComplex · 5h ago
Maybe already had the implementation ready because of EU regulations?
walls · 5h ago
'Why would you comply with the forth largest economy in the world, but not the second poorest state in the country?'
wat10000 · 4h ago
I wonder if these state laws are at some point going to collide with Apple’s Private Relay service. It’s included with an iCloud subscription, and very easy to turn on, so I imagine Apple has way, way more users than a typical VPN provider. And they make no effort to ensure your exit node is in the same state as you are. A most it will keep the same “general location,” and there’s an option to let it use anything in the same country and time zone.
Eventually we're going to end up with freedom loving states and puritanical nanny states.
int_19h · 4h ago
No, we're going to end up with a lot puritanical nanny states policing different things, depending on their flavor of authoritarianism.
amanaplanacanal · 17m ago
You think so? My state's supreme Court has interpreted our state constitution's freedom of expression clause even more broadly than the federal first amendment. It's hard to see how anything like that could survive judicial review here.
hopelite · 6h ago
I see the larger objective as total control over all speech, thought, and information in more circuitous and pernicious ways than something in one of the poster-boys of “tyranny”.
This is just the start and the trial balloons. The enemy within is a bit nervous about this attack on the most fundamental freedom that the Constitution is protecting, free speech, but they’re also very confident in themselves.
xyst · 4h ago
Project 2025 at work
trhway · 7h ago
it is just a new better Internet era - everybody to use VPN. Thanks to the conservatives for facilitating such a progress.
For example, these days in Russia awareness and usage of VPN is well beyond any normal country. With Facebook and IG for example blocked for Meta being officially branded an "extremist organization" (by the way Taliban was taken off that list recently, so what do you guys in Menlo Park are cooking what is worse than Taliban? May be some freedom of speech? :) people in Russia of all strata is still using it, now through VPN, many from mobile devices. The thing of note from USSR/Russia here is that habitual violation of unreasonable laws breeds wide disrespect for the system of law as a whole, and it i very hard to reverse the flow.
jmclnx · 6h ago
True, but the next thing, will VPNs be forced to age verify eventually ?
It is possible some US States and maybe the UK will end up like China.
trhway · 5h ago
>True, but the next thing, will VPNs be forced to age verify eventually ?
it is like age verifying current generic access to the Internet. Sure, we'll come to this too (the anti-utopias aren't fiction, it is future :), yet we still don't verify such a generic access because it isn't the time yet, the society isn't yet totalitarian enough.
As a preview - in Russia (i'm less familiar with China to comment on it) they do already attack VPN by making it illegal to advertise it, something like this.
int_19h · 4h ago
Russia is doing quite sophisticated technological enforcement, as well - even if you're running your own VPN server, you need something like V2Ray or Trojan to get through.
superkuh · 7h ago
Sometimes, often even, Dreamwidth can do the right thing like this. I fully support them in this fight and hope they win. But let's not pretend banning huge IP ranges for years at a time is new to them.
Dreamwidth has been at the forefront of banning large swaths of the internet. They started doing it years before anyone else. Before the for-profit corporate spidering of HTTP/S content even began causing issues. This is well trod territory and entirely familiar for them and their upstream network provider they like to blame their inability to fix it on.
kennywinker · 6h ago
For those of us unfamiliar with dreamwidth: huh??
tolerance · 5h ago
I think this has something to do with Cloudflare.
reader9274 · 6h ago
[flagged]
tomhow · 49m ago
> Stop crying about it
Please don't comment like this on HN. We need everyone to avoid ideological flamebait and unkind swipes. Please take a moment to read the guidelines and make an effort to observe them in future.
I appreciate that not all modern post 1776 democracies are the same, but in Australia, whose constitution was informed hugely by the US constitution, Federal communications law takes supremacy over states, and states laws cannot constrain trade between the states. There are exceptions, but you'd be in court. "trade" includes communications.
So ultimately, isn't this heading to the FCC, and a state-vs-federal law consideration?
-Not that it means a good outcome. With the current supreme court, who knows?
In his concurring opinion, Justice Kavanaugh said it was likely unconstitutional (but apparently not obviously enough to enjoin it) [1]. So it's going into effect, then the lawsuit follows.
Similar laws in California, Arkansas and Ohio were all found unconstitutional, so I am hopeful. That said, these were all district court decisions, and all of them are being appealed. When they lose on appeal, they go to the Supreme Court for (hopefully) the final smack-down.
Interestingly, reading the summary MS HB1126 [2], this law is doing two things. It regulates companies and defines crimes.
States are allowed to set their own criminal codes. If Mississippi drops the mandate part and passes a new law that simply defines certain things as crimes with corresponding penalties, that law would probably be constitutional.
[1] https://www.supremecourt.gov/opinions/24pdf/25a97_5h25.pdf
[2] https://legiscan.com/MS/bill/HB1126/2024
We've let states set their own "internet services" taxes, making selling anything online in the US a regulatory nightmare. A third-party vendor to manage (and keep up with) the tax laws to stay compliant is basically required for anyone selling online, or risk the wrath of various state tax bodies.
Launch a small website and commit a felony in 7 states and 13 countries.
I wouldn't have known about the Mississippi bill unless I'd read this. How are we have to know?
If anything, communications between Mississippi and California would be interstate commerce and would thus fall under federal legal jurisdiction.
If I run a server in Utah primarily for myself, and you as a Californian happen to stumble upon it, should I have to abide by California privacy laws?
>A blog is speech, but I wouldn't say that deciding to operate a social media site is speech.
______
* See UDHR articles 12, 18, 19, and 20. This is not an issue limited to the laws of one small country.
† Unless the site operators also use of the site, in which case they too do suffer it; this is in my experience virtually always the case with the noncommercial sites that it is most important to protect.
I suppose this is what confused me then, as it seemed obvious that e.g. the Facebook reccomendation algorithm isn't speech, so if a social media site would be considered speech it would be due to the user content. Section 230 doesn't in any way supercede the constitution, but it does clarify which party is doing the speech and thus where the first ammendment would apply.
* The First Amendment generally prohibits the government from enacting any laws or regulations that limit speech based on its content (anything you might reasonably call "moderation" would definitely fall into this category!).
* Private companies are not the government. Social media networks are therefore not obligated to follow the First Amendment. (Although there is a decent argument that Trump's social media network is a state actor here and is therefore constitutionally unable to, say, ban anybody from the network.)
* Recommendation algorithms of social media networks are protected speech of those companies. The government cannot generally enact a law that regulate these algorithms, and several courts have already struck down laws that attempted to do so.
* §230 means that user-generated speech is not treated as speech of these companies. This prevents you from winning a suit against them for hosting speech you think injures you (think things like defamation).
* §230 also eliminates the liability of these companies for their moderation or lack thereof.
There remains the interesting question as to whether or not companies can be held liable via their own speech that occurs as a result of the recommendation algorithms of user-generated content. This is somewhat difficult to see litigated because it seems everybody who tries to do a challenge case here instead tries to argue that §230 in its entirety is somehow wrong, and the court rather bluntly telling them that they're only interested in the narrow question doesn't seem to be able to get them to change tactics. (See e.g. the recent SCOTUS case which was thrown out essentially for this reason rather than deciding the question).
No, it immunizes certain parties from being held automatically liable (without separate proof that they knew of the content, as applies to mere distributors [0]), the "publisher or speaker" standard being the standard for such liability (known as publisher liability.)
It doesn't "clarify" (or have any bearing on) where the First Amendment would apply. (In fact, its only relevant when the First Amendment protection doesn't apply, since otherwise there would be no liability to address.)
[0] subsequent case law has also held that Section 230 has the effect of also insulating the parties it covers against distributor liability where that would otherwise apply, as well, but the language of the law was deliberately targeted at the basis for publisher liability.
People who are not “the speaker or publisher” for liability purposes have Constitutional first amendment free speech rights in their decision to interact with content, this includes distributors, consumers, people who otherwise have all the characteristics of a “speaker of publisher” but are statutorily relieved of liability as one so as to enable them to make certain editorial decisions over use generated content without instantly becoming fully liable for every bit of that content, etc., yeah.
And arguing the alternative is you making the exact inversion of statute and Constitution I predicted and which you denied, that is, thinking Section 230 could remove First Amendment coverage from something it would have covered without that enactment.
Websites don't have to be a business or be related to one.
But yeah, this definitely sounds like a business opportunity for services or hosts.
Regulatory capture in real time!
What would you have preferred? Of course you'd prefer if the law never existed in the first place, but I don't see having a third party auditor verify compliance is any worse than say, letting the government audit it. We don't think it's "regulatory capture" to let private firms audit companies' books, for instance.
it's regulatory capture if a cartel of ID verification companies are lobbying for specific requirements that lock out upstart competitors.
Same goes for other countries as well. It’s insane.
Welcome back to the 90s and the PGP, Clipper chip, warez, and DeCSS days.
At some point, they will have outlawed enough things that most people want, that most people will become outlaws.
The US doesn’t have 50 different cultures with totally different values, but probably has like… 7.
Yes! Make a union of states! How should we call that? States Union... Union of States... United States! Yeah, that should work.
I think it's going to happen one way or another and the most peaceful way to do it would be sooner rather than later.
At some point it makes more sense to pass such a law at the federal level since we end up there eventually either way.
Expecting laws to instead propagate from neighbor to neighbor as I accidentally suggested—this wasn’t what I meant to suggest, but in defense of the idea:
> At some point it makes more sense to pass such a law at the federal level since we end up there eventually either way.
I do think there still could be some value. Laws could propagate across states that are more receptive to them, and then people can see if they work or not. Porting Masshealth to the whole country at once seems to have been a little bumpy. If it has instead been rolled out to the rest of New England, NY, then down to Pennsylvania… might have gone a little smoother.
Indeed. It has far more than that. The US is astonishingly diverse.
Source: am from Kansas City.
Source: am from St. Louis.
I.E. Are US ISPs, particularly big ones like Comcast, required to geolocate ISPs to the state where the person is actually in? What about mobile ones?
Where I live (not US), it is extremely common to get an IP that Maxmind geolocates to a region far from where you actually live.
As you say, IP geolocation is unreliable. Unfortunately that's the only option. If it is technologically impossible to comply with the law, you just gotta do the best you can. If someone in MI gets a weird IP, there's absolutely nothing any third party can do. That's on the ISP for not allocating an appropriate IP or the legislators for being morons.
The law in question requires "commercially reasonable efforts"
Personally I'd say none at all, unless the government itself provides it as a free service, takes on all the liability, and makes it simple to use.
It also defines personally identifiable information as including "pseudonymous information when the information is used by a controller or processor in conjunction with additional information that reasonably links the information to an identified or identifiable individual." But it doesn't specify what it means by 'controller' or 'processor' either.
If a hobbyist just sets up a forum site, with no payment processor and no identified or identifiable information required, it would seem reasonable that the law should not apply. But I'm not a lawyer.
Clearly, however, attempting to comply with the law just in case, by requiring ID, would however then make it applicable, since that is personally identifiable information.
The free tier does have limits on the number of API calls can you can make. But the good news is you don't have to use their API. You can download the database [1] and do all the lookups locally without having to worry about going over their API limits.
It consists of 10 CSV files and is about 45 MB compressed, 380 MB uncompressed. For just identifying US states from IP address you just need 3 of the CSV files: a 207 MB file of IPv4 address information, a 120 MB file for IPv6, and a 6.7 MB file that lets you lookup by an ID that you find in one of the first two the information about the IP address location including state.
It's easy to write a script to turn this into an SQL database that just contains IP ranges and the corresponding state and then use that with sqlite or whatever network database you use internally from any of your stuff that needs this information.
If you don't actually need Geo IP in general and are only adding it in order to block specific states you can easily omit IPs that are not mapped to those states which would make it pretty small. The database has 3.4 million IPv4 address ranges, but only 5 359 of them are listed as being in Mississippi. There are 1.8 million address ranges in the IPv6 file, and 3 946 of them are listed as being in Mississippi.
Here's how to get the Mississippi ranges from the command line, although this is kind of slow--the 3rd line took 7.5 minutes on my M2 Mac Studio and the 4th took almost 4 minutes. A proper script or program would be a lot faster.
Also a proper script or program would be able to look specifically at the correct field when matching the ID from the locations file to the IP range lines. The commands above just hope that things that look like location IDs don't occur in other fields in the IP range files.Also there is no need to spend time parsing it yourself, there are plenty of existing libraries you can simply point at the file.
Calling geoip databases "surveillance capitalism" seems like a stretch. It might be used by "surveillance capitalism", but you don't really have to surveil people to build a geoip database, only scrape RIR allocation records (all public, btw) and BGP routes, do ping tests, and parse geofeeds provided by providers. None of that is "surveillance capitalism" in any meaningful sense.
So if someone is making money off of it it's suddenly "surveillance capitalism"? What makes it more or less "surveillance capitalism" compared to aws selling cloudfront to some ad company?
Moreover you can do better than area level code granularity. When landlines were more common and local number portability wasn't really a thing, can look at the CO number (second group) to figure out which town or neighborhood a phone number was from. Even if this was all information you could theoretically determine yourself, I'm sure there are companies that package up the data in a nice database for companies to use. In that case is that "surveillance capitalism"? Where's the "surveillance" aspect? It's not like you need to stalk anyone to figure out where a CO is located. That was just a property of the phone network.
>GeoIP databases are much higher resolution and use active scanning methods like ping timing. If a company was spam calling me to estimate distance based on call connection lag, yes that would be surveillance capitalism.
Why is the fact it's "active" or not a relevant factor in determining whether it's "surveillance capitalism" or not? Moreover spam calling people might be bad for other reasons, but it's not exactly "surveillance".
Setting aside the problem with pinging home IPs (most home routers have ICMP echo requests disabled), your definition of "systematic observation" seems very flimsy. Is monitoring the global BGP routing table "systematic observation"? What about scraping RIR records? How is sending ICMP echo requests and observing the response times meaningfully similar to what google et al are doing? I doubt many people are upset about google "systematically observing"... the contents of books (for google books), or the layout of cities (for google maps, ignoring streetview). They're upset about google building dossiers on people. Observing the locations of groups of IP addresses (I'm not aware of any geoip products that can deanonymize specific IP addresses) seems very divorced from that, such that any attempts at equating the two because "systematic observation" is non-nonsensical.
> They're upset about google building dossiers on people.
Their location being in that dossier is part of what upsets people.
Except I'm not aware of any geoip databases that operate on a per-IP level. It's way too noisy, given that basically everyone uses dynamic IP addresses. At best you can figure out a given /24 is used by a given ISP to cover a certain neighborhood, not that 1.2.3.4 belongs is John Smith or 742 Evergreen Terrace.
I run a geolocation service, and over the years we've seen more and more ISPs providing official geofeeds. The majority of medium-large ISPs in the US now provide a geofeed, for example. But there's still an ongoing problem in geofeeds being up-to-date, and users being assigned to a correct 'pool' etc.
Mobile IPs are similar but are still certainly the most difficult (relative lack of geofeeds or other accurate data across providers)
https://news.ycombinator.com/item?id=44990886 ("Bluesky Goes Dark in Mississippi over Age Verification Law (wired.com)"—175 comments)
https://en.wikipedia.org/wiki/Dreamwidth
https://en.wikipedia.org/wiki/The_Walker_Montgomery_Protecti...
I was totally ready to consider blocking US IP ranges too, if there was a good reason. I run a small business and 0% of my customers are overseas.
The threat of lawsuits.
> How is this enforceable if a company doesn't have any infrastructure within that state?
If you are intentionally doing business in a US state, and either you or your assets are within the reach of courts in the US, you can probably be sued under the state's laws, either in the state's courts or in federal courts, and there is a reasonable chance that if the law is valid at all, it will be applied to your provision of your service to people in that state. Likewise, you have a risk from criminal laws of the state if you are personally within reach of any US law enforcement, through intrastate extradition (which, while there is occasional high-profile resistance, is generally Constitutionally mandatory and can be compelled by the federal courts.)
That's why services taking reasonable steps to cut off customers accessing their service from the states whose laws they don't want to deal with is a common response.
It would be pretty crazy if you could kill someone in Arizona and then just walk over the border to California and not be able to be prosecuted…
https://en.wikipedia.org/wiki/Zone_of_Death_(Yellowstone)
"The Zone of Death is the 50-square-mile (130 km2) area in the Idaho section of Yellowstone National Park in which, as a result of the Vicinage Clause in the Constitution of the United States, a person may be able to theoretically avoid conviction for any major crime, up to and including murder"
>New York governor rejects Louisiana's extradition request for doctor in abortion pill case
cough
I mean it would be absurd if an anti-death-sentence state started trying to extradite the executioners working in pro-death-sentence states for murder, right?
Not by the same definition, no, its not, though there is a crime called "murder" in all states, and there tends to be significant overlap in the definitions.
To enforce all this, states can sue companies and they can take steps to ensure companies can't do business in their state (so like maybe force ISPs to block Dreamwidth?).
(It is possible for state charges existing to make other actions federal crimes, though, e.g., there is a federal crime of interstate travel to avoid prosecution, service of process, or appearance as a witness. But state charges themselves can't get "bumped up" to the federal level.)
There is a certain group in the USA that is working hard on undermining the rights of the people of America, the enemies, foreign and domestic, per se; and this is part of their plank to control speech through fear and total control and evisceration of anonymity.
I support controlling access to porn for children, especially since I know people who were harmed and groomed by it, but these types of laws are really just the typical liar’s wedge to get the poison pill of tracking and suppression in the door.
I hope some of the court cases can fix some of these treasonous and enemy acts by enemies within, but reality is that likely at the very least some aspects of these control mechanisms will remain intact.
If it really was about preventing harm against children, then they would have prevented children from accessing things, not adults. But that’s how you know it’s a perfidious lie.
This MS situation is just another step towards what they really want, total control over speech, thought, and what you are able to see and read.
This MS situation is just a kind of trial balloon, a probe of the American people and the Constitution and this thing we still call America even though enemies are within our walls dismantling everything.
As you may have read, in MS they are trying to require all social media companies to “…deanonymize and age-verify all users…” …… to protect the children, of course. So you, an adult, have to identify yourself online in the public square that is already censored and controlled and mapped, to the government so it can, e.g., see if you oppose or share information about the genocide it is supporting … to protect Mississippi children, of course.
It's a good question. Maybe something with interstate commerce laws?
That loophole got closed once inter-state data sharing became possible and Oregon merchants were required to start collecting those out-of-state taxes at the point of sale.
Oregon merchants are not required to collect sales tax for any other jurisdictions outside of Oregon. And they don’t, any non Oregonian can go to any merchant in Oregon right now, and you will be charged the same as any other customer who lives in Oregon.
Also, it was never a loophole to buy things in Oregon to evade sales tax. All states with sales tax require their residents to remit use tax for any items brought into the state to make up the difference for any sales tax that would have been paid had it been purchased in their home state.
Avoiding taxes. It's different. It was always perfectly legal to travel to another state to buy something expensive and bring it back home. No crimes were committed.
It was a loophole that you could buy in Oregon specifically to avoid $1,000s in sales taxes.
It was legal to do that. If it was purchased out of state with the intent of bringing it back home, then (assuming the home state was California) California use taxes were always owed on it. Other states with sales taxes also tend to have similarly-structured use taxes with rates similar to the sales tax rates.
They were legally avoiding sales taxes, but also illegally evading use taxes, and, moreover, there is very little reason for the former if you aren't also doing the latter, unless you just have some moral objection to your taxes being taken at the point of sale and the paperwork and remittance to the government being done by the retailer instead of being a burden you deal with yourself.
AFAIK it's not that Oregon changed anything, either. It's that Washington passed additional laws that require out-of-state merchants to collect the tax when selling to customers in WA, and said out-of-state merchants complied.
The situation petcat described is tax evasion (illegal, since use tax is due in lieu of paying sales tax at point of purchase, assuming item is brought back to home state).
Tax avoidance is simply minimizing tax liability, completely legal.
It’s called a ‘use tax’. In practice, nobody pays (personal) use tax, myself included.
Washington has a use tax: https://dor.wa.gov/taxes-rates/use-tax
California has a use tax: https://cdtfa.ca.gov/taxes-and-fees/use-tax/
Idaho has a use tax: https://tax.idaho.gov/taxes/sales-use/use-tax/online-guide/
So, all of those people going to Oregon to shop without sales tax and not paying use tax were technically breaking the law, not using a loophole. I’m not judging them, I don’t pay use tax either :)
I’ve never understood people like you that say anything and everything to increase taxes.
How does it make any rational or logical sense that you should pay higher taxes for something?
So when you go to Delaware that has 0% sales taxes, you make sure to log everything and pay taxes to your home state upon return?
If you don't, you are technically violating the law. All states with sales tax also have a use tax.
For example, if you are a resident of neighboring Maryland, this is the form you'd need to fill out for purchases you make in Delaware.
https://www.marylandcomptroller.gov/content/dam/mdcomp/tax/f...
Most areas of governance usually give years of preparation ahead of anything actually being enforced. This is so short-sighted.
Might as well be the slogan of the current era
But the law was signed over a year ago[1]? The recent development was that the injunction blocking the bill from being implemented got struck down. I'm not sure what you'd expected here, that the courts delay lifting the injunction because of the sites that didn't bother complying with the law, because they thought they'd prevail in court?
[1] https://legiscan.com/MS/bill/HB1126/2024
If they make an honest attempt to comply and a small number of people using VPNs slip through the cracks, if they're ever reported, they'll likely be given a slap on the wrist at most. If they ignore the law or do some obvious half assed attempt to comply and thousands of Mississippi users are still using their site and they get reported, it's far less likely that a judge will be lenient.
The end game here is total control and awareness of who is saying what at any time, in order to allow those messages to be thwarted.
> However, it doesn't apply to news sources, online games or the content that is be made is by the service itself or is an application website.
What is an "application website"? I can't seem to find how they're defining that.
My understanding is that this is similar to the law the UK passed recently except instead of verifying age of users for "adult" content, every platform needs to verify (and log) age of all users for all content?
It can't possibly be that ridiculous.
https://law.justia.com/codes/mississippi/title-45/chapter-38...
That's probably what the wikipedia author meant to say
does that also mean that all social media platforms will start a small jobs board?
Putting a small jobs board on instagram would not make instagram "primarily function" as a job application website. LinkedIn is primarily a professional networking website - it qualifies.
Google have additional information about IP addresses that updates dynamically based on cell phone, wifi and other magic usage so maybe ask them if they have some javascript that queries their site for more specific city/state details. Also call Pornhub and ask how they were blocking specific states to meet legal requirements.
Tough for the neighbors, but nitpicking "resident" is not a good choice here.
I leave my home computer network open to the public and now suddenly I'm liable to some random jurisdiction around the world because someone in that location decides to call my computer?
China's GFW seems benign in comparison
Cut the ignoramuses from the US internet until they can learn to be decent people. Serves them right, and well, legally.
very incurious/very unhacker
Pornhub and BlueSky have done similar in response to this legislation in Texas. Wikipedia and a few other sites blocked the UK to avoid being burdened by their Safety act. Pretty much every streaming platform implements regional geo blocking for licensing reasons.
I’ll be curious to see how things shake out in the long run given the current political climate.
No? Wikipedia is not blocked in the UK.
Also, for the enforcement agency who is/will be tasked with checking things out here...do they know whether geo-blocking is valid method or not? Its a silly law, don't get me wrong...but if its enforcement validation mechanisms are not up to snuff, i wonder how things will play out - both here in dreamwidth's case and other folks in a similar boat?
It may not be, if the law can be applied to them.
OTOH, may be sufficient to make it illegal to apply the law to them in the first place. US states do not have unlimited jurisdiction to regulate conduct occurring outside of their borders, but they do have more ability to regulate conduct of entities intentionally doing business within their borders.
Reminds me of Silicon Valley. PiperChat has grossly violated COPPA as there was no parental consent form on the app leading to a 21 billion dollar fine: https://www.youtube.com/watch?v=N3zU7sV4bJE
I’m not being glib. Honestly, why can’t I? There’s precedent for saying that’s unauthorized access, so the feds (not the state; “Interstate Commerce Clause” and all that) should prosecute the visitor for violating my ToS.
The laws are written in a way where the responsibility for enforcement falls on the operator of the business. In both cases, the business doesn't actually have to verify anything if they don't want to, but if it's found that they're allowing violations to happen, they will be held legally responsible.
That would allow you, perhaps, to sue people from MS that used your site for violating the ToS (though, "some idiotic courts have ruled" does not mean "the courts which actually create binding precedent over those that would adjudicate your case have ruled...", so, be careful even there.) But that doesn't actually mean that, if someone from MS used your site and you took no further steps to prevent it you would not be liable to the extent that you did not comply with the age verification law.
> There’s precedent for saying that’s unauthorized access, so the feds (not the state; “Interstate Commerce Clause” and all that) should prosecute the visitor for violating my ToS.
Most things in interstate commerce, except where the feds have specifically excluded the states, are both federal and state jurisdiction, but neither the feds nor the state are obligated, even if applicable law exists which allows them to, to prosecute anyone for violating your ToS. You can (civilly) attempt to do so if you are bothered by it.
https://www.wired.com/story/bluesky-goes-dark-in-mississippi...
This is just the start and the trial balloons. The enemy within is a bit nervous about this attack on the most fundamental freedom that the Constitution is protecting, free speech, but they’re also very confident in themselves.
For example, these days in Russia awareness and usage of VPN is well beyond any normal country. With Facebook and IG for example blocked for Meta being officially branded an "extremist organization" (by the way Taliban was taken off that list recently, so what do you guys in Menlo Park are cooking what is worse than Taliban? May be some freedom of speech? :) people in Russia of all strata is still using it, now through VPN, many from mobile devices. The thing of note from USSR/Russia here is that habitual violation of unreasonable laws breeds wide disrespect for the system of law as a whole, and it i very hard to reverse the flow.
It is possible some US States and maybe the UK will end up like China.
it is like age verifying current generic access to the Internet. Sure, we'll come to this too (the anti-utopias aren't fiction, it is future :), yet we still don't verify such a generic access because it isn't the time yet, the society isn't yet totalitarian enough.
As a preview - in Russia (i'm less familiar with China to comment on it) they do already attack VPN by making it illegal to advertise it, something like this.
Dreamwidth has been at the forefront of banning large swaths of the internet. They started doing it years before anyone else. Before the for-profit corporate spidering of HTTP/S content even began causing issues. This is well trod territory and entirely familiar for them and their upstream network provider they like to blame their inability to fix it on.
Please don't comment like this on HN. We need everyone to avoid ideological flamebait and unkind swipes. Please take a moment to read the guidelines and make an effort to observe them in future.
https://news.ycombinator.com/newsguidelines.html
Also "operate in or leave" doesn't make a lick of sense on THE INTERNET