As we all get more concerned about privacy, content moderation, and intellectual property protection, we are making lots of new rules about what can and cannot be done online. These new rules apply only to specific countries. For example, the online privacy regulation known as GDPR enforces complex rules on data collected and distributed via the internet, but it applies only to European residents.
In practice, however, the internet does not have borders. Americans routinely access European internet servers, and vice-versa. If different rules apply to different visitors, what are your options? You can basically go in one of two directions: (1) treat all visitors the same, or (2) try to determine who is who and treat them accordingly.
Since the dawn of the internet, we have mostly treated all visitors the same: everyone sees roughly the same version of the internet as everyone else. That may change.
Option 1: Apply the strictest of laws and treat all visitors the same.
If the strictest standard works for all laws, then great, you can use that standard for everyone. For example, GDPR is currently the strictest online privacy regime and there’s nothing preventing its application to everyone. It may be easiest to use it everywhere, so long as incentives align.
This strictest-standard-for-all approach isn’t possible if local laws either conflict or are offensive to our democratic principles (e.g., censorship). For example, we don’t want China’s censorship rules applying to the Wall Street Journal.
Option 2: Try to determine who is who and treat them differently based on their location.
It is possible to determine, with pretty good accuracy, where someone is located based on their network IP address. This isn’t foolproof and it is in fact fairly easy to circumvent, but it works most of the time for most of the people. Thus, one option is to determine where your visitor is located and use a version of your site that applies to them. (Or just block access.) There are a few major issues with this approach:
- Fragmentation. If everyone is doing this, we have essentially created different versions of the internet for different people. The internet has been transformative precisely because it reduced the cost of sharing and access to information. Fragmentation will make certain types of information harder to find.
- Cost. It is much harder to build and maintain a service with different versions depending on where visitors are located.
- Ineffectiveness. It is relatively easy for an interested visitor to pretend to be outside their own jurisdiction in order to access the version they wish to see. For example, you can visit Canada’s version of Google right now by typing in google.ca. And geo-blocking based on IP addresses can be defeated easily with Virtual Private Networks (VPNs).
Different versions of the internet are already here. China is the best example. The country’s Great Firewall has been active since roughly 1998 and prevents most Chinese citizens from seeing the internet the same way the rest of us do.
The West seems to be continuing the slide towards internet fragmentation. When Spain decides that an individual has the right to be forgotten, does Google need to forget that information just on Spanish sites? Or on all EU sites? Or on all sites around the world? Does it need to take measures to actively block Spanish citizens from visiting the Canadian Google site?
So far the answer appears to be that information can be available outside the jurisdiction, but you still have to prevent local users from accessing it. And just like that a new filter bubble pops into existence, and the internet fragments a bit more.