Dave Martin, Senior Manager Cyber Security, Logica Business Consulting
We all use the worldwide web from home, office and from our smartphones. These devices allow access to information worldwide from virtually anywhere and at any time.
Recently I’ve been thinking about my own personal usage of the internet and how it’s affected when I’m travelling abroad. I still use my personal email and access personal documents regardless of where I am in the world. I still buy goods from the likes of Amazon and through eBay, but I’ve started thinking about the how truly worldwide the web is and how it differs depending on where I am in the world and how sites and legislation vary.
For example, I frequently take business trips to Scandinavia. Being British, I do still like to keep up-to-date with the news back in the UK. I can happily fire up the BBC iPlayer on my laptop and listen to Radio 4 in the morning and PM in the evening. I can even access comedy on Radio 4 Extra, but then the limits start to hit. Although I can download a programme, via iPlayer, from BBC1 and, providing I start watching it before I leave the UK (so that the digital rights are sorted out) I can watch it in Oslo; however I can’t download the programme in Oslo…
I haven’t changed.
My PC hasn’t changed.
I’m still a UK taxpayer, paying for the BBC; that hasn’t changed. All that has changed is that I’m outside the UK. Likewise, if I access the BBC website in the UK, it’s advert free; when abroad, there are adverts. It must be that my position is being tracked and used to change my view of the web based on where I am.
I can understand the reasoning behind all of the above as it’s designed to ensure that those who pay for the BBC in the UK aren’t also paying for other parts of the world where the BBC might want to sell its programmes to subsidise new productions.
Realising that my position in the world changes my view of the web, I’ve started thinking about how my location also affects the legal aspects of my usage. For example, if I’m in the United States and start accessing personal information on a server in the UK, am I now guilty of exporting personal information outside the EEA in contravention of the UK Data Protection Act? What about emails sent to me containing personal information that I now read outside the UK? Some of these I will have deliberately ‘pulled’ by accessing a web-based email service, but what if they’ve been ‘pushed’ to me on my smartphone? When I set up the rules for email downloads I couldn’t guess at all the information that people might send to me.
Likewise, when undertaking security reviews abroad, it often comes as a big surprise that someone in, say, India (who has never left India in their lives), could have committed a penal offence in the UK by attempting to perform an unauthorised action on a computer system in the UK. This is because, amongst other rules within the UK Computer Misuse Act, if you try to perform an unauthorised action on a computer in the UK, regardless of where you are in the world, you have committed an offence in the UK.
If this comes as a surprise to people abroad, I can’t possibly guess how many foreign laws I might be breaking just by accessing websites when I’m abroad. It’s well known that China will block my access to many sites to ensure that I only see an approved view of the world. But what if I manage to find a way of accessing these sites when in China, have I committed any offence in China? I don’t know. I can use common sense, but this is going to be no guarantee that I’m totally innocent under all foreign laws.
So what is my view of the ‘worldwide’ web now?
I probably don’t think of it as a single entity. More and more I have a mental picture of an ocean with island states within it, with the rules of communication between the islands varying depending on which island I am on. The laws affecting my usage depend on which island I’m on and which island the website is on (do I even know which island the website is on? Often I can only guess).
So, for my next trip abroad, as well as packing my smartphone, I think it might also be an idea to pack my favourite lawyer, just to be on the safe side and, in case you are wondering, my wife is that lawyer!
Thanks a million and please keep up the quite informative stuff.