15 comments

[ 0.25 ms ] story [ 34.0 ms ] thread
> Speaking of which, the memo implies that “significance” in this context is interpreted as being relative to the population of the UK, not relative to the user base of the service. We have seen risk assessments that take the other interpretation and consider their UK user base to be “significant” because it makes up a large portion of their overall user base, but the advice we received suggests we should not use this interpretation.

Interesting - this implies that the vast majority of niche communities are not considered to be in scope, so long as they're not on a service like Discord I guess.

Really grateful that a project like this took on the task to ask for legal advice, and extra kudos for actually releasing a statement based on their understanding of the legal advice. Hopefully will be useful to lots of similar organizations.

Libera.chat seems to say that even if Ofcom thinks they have a case, they don't as Libera's user base doesn't have enough UK users:

> The exact fraction of the UK’s online population that must use a given service to be considered “significant” is unknown, but based on our counsel’s observations of Ofcom’s previous regulatory actions, it appears to be much higher than our internal estimates of how large our UK user base is.

Related submission with 788 comments from ~1 week ago: "4Chan Lawyer publishes Ofcom correspondence" - https://news.ycombinator.com/item?id=45614148

For anyone who read the post title incorrectly, as I did initially:

Libera.chat: an IRC network

LibreChat: an open-source chat application that supports multiple AI models and provides a UI similar to ChatGPT

I was only familiar with the latter, which is a very cool and useful project. Currently reading up on the prior.

I was expecting/hoping that the legal advice was that an IRC network isn't subject to the law, but it seems like the only advice here was "you're based in Sweden and have only trivial ties to the UK, so the UK/Ofcom can't reasonably go after you".

That feels like a kinda "duh" thing? Even though the UK believes they can enforce this law abroad, if I were running a service outside of UK jurisdiction that would otherwise be subject to the Online Safety Act, I certainly wouldn't comply with it.

> TL;DR: the legal firm we’ve engaged has sent us a memo indicating that in their opinion we can reasonably argue we do not have sufficient links to the UK for the Online Safety Act to be applicable to us. They also believe we would be at low risk of attempted enforcement action even if Ofcom does consider us to be in-scope for the OSA. We will continue to ensure that this is the case by keeping internal estimates of our UK user base and by continuing with our current efforts to keep Libera.Chat reasonably safe. We have no plans to institute any ID requirements for the forseeable future.

Is it just me or is this not super confidence inspiring for what happens in the future? This just seems like an arbitrary time in future when they either have enough UK users or if Ofcom suddenly lowers or entirely removes the arbitrary "size" estimate, OSA will become applicable? As far as I can tell, we don't even know what this arbitrary "size" estimate is?

> end result is the same: a denial of service to people in the UK solely because of the country they live in.

This would also probably help sway the public opinion in the UL to stop electing representatives that come up with laws like this - so a win either way.

Not a lawyer but from depths of GDPR meetings and implementation work years ago, my understanding was if you do not have any exposure in a given jurisdiction (typically office or employees etc) then you can tell them to get lost.

UK should not be able to regulate nature of photons being sent from outside of their borders.

What am I missing?

I really don’t get it. Just blanket block all UK ips. All sites should be doing this—large or small. I’m going to on my small blog even.
> We have a few servers in the UK, but they can be migrated on short notice.

You should do that as soon as possible. You don't escape past "violations" by dealing with them when they are discovered. Plus the presence of servers in the UK is easily enough for Ofcom to go after you, even if they ultimately lose their case. There's no benefit to keeping those UK servers.

> we can reasonably argue we do not have sufficient links to the UK for the Online Safety Act to be applicable to us.

> keeping internal estimates of our UK user base

The fact that you know you have UK users is also almost certainly enough for Ofcom to go after you. Did 4chan have any stronger links to the UK? I don't think so.

I'm not saying they should give in and follow the OSA but I think they're being pretty naive about how reasonable Ofcom is.

What a waste of limited resources. What happened to the libre anti copyright hackers and piraters from the 90s? It's effete, getting a lawyer. Better to draw a picture of Steimer covered in feces and fax 10000 copies to parliament
There is an interesting sentence in the post that shows why you want to ask actual lawyers, even if the law actually meant what one would think based on a common-sense reading of the text (it often doesn't) and you could read it (you often can't, because you might not know about a second law that also applies):

> For the time being, services like ours do not appear to be Ofcom’s priority.

Lawyers don't just tell you how the law is interpreted, but also how it's applied in practice. Often, bad law is worked around by the legal system rather than fixing it, and while one could rightfully lament this, if your goal is to get something done rather than fix the country's legal system... ask a lawyer and you might find yourself unblocked, or be told about a way to avoid the issue, or at least have a better understanding how big the risk is in practice, allowing you to make an informed decision.

I'm pretty sure they can't visit the UK right ? As the UK has jurisdiction over them , if they are physically there.
Several comments here are interpreting this as the common "we just don't care about the UK's jurisdiction". That is not what Libera.chat is saying. They have staff in the UK, users in the UK, and are, in their interpretation, abiding by the terms of the OSA. Their interpretation is that the ID verification requirement doesn't apply to their service, for the reasons they outline in the article.
(comment deleted)