[wisnoskij]

That sounds stupid. Iran is an official government agency, they can just ask twitter or some ally like UAE or China to hand over all the information in a form a lot easier for searching through than logging into their account.

[wpietri]

What evidence do you have that Twitter will comply with a request like that from Iran? Even when redirected via a government that doesn't have anything to do with the account?

[oneplane]

They have to follow the laws of the countries they operate in. Keep in mind that business operations and server locations (and incorporation locations) are not the same thing.

If you serve customers in another country, their laws apply. You can either follow the law or not serve in that country. This is pretty much how it has worked forever.

This is obviously not great if you have a set of less-restrictive and more-restrictive laws that contradict each other. And it's not great if values, politics and rights in general aren't compatible. As much as we can disagree with what mass-murdering authoritarian regimes are up to, unless we go to war (after we have already applied all the sanctions we can think of) there isn't much you can do about it.

[mindslight]

The paradigm you're describing is only a convenient fiction for countries that have made treaties with each other to create such environment. It's prevalence has more to do with the fact there's really only three and a half major sovereign bases of power in the world (soon to be two and a half), than the actual physical reality. The actual physical reality is that communication over borders doesn't violate the Schelling point of borders (ie it's not an act of war), hence Radio Free Europe etc.

Unless you can point to a treaty between the US and Iran that lets Iran sue US companies, or some other way that Iran can actually enforce a judgement on Twitter, then no, Twitter has no need to respect Iran's laws. About the only way I see is for Iran to firewall Twitter wholesale, but isn't the wholesale end-user Internet shutdown basically doing that?

[oneplane]

You don't need a lawsuit if you're Iran, you just use your APTs to perform cyberattacks on US-hospitals and send your Iranan secret agents to work at Twitter and do your bidding from the inside out. Both have happened and are happening.

This isn't really a "but it's the law!"-case, it's a country A wants something, and they might use whatever they have to get it. The US has sanctions, but Iran doesn't except maybe oil production, but there are other places where you can get oil. So if Iran has nothing they can deny anyone else, they resort to attacks.

So when Iran says "do this because it is our law", you might not do it because you are interested in their laws nor do you have to follow them (legally), but you might not want the expense of being targeted by them.

[mindslight]

Isn't that the exact opposite of what you said above? "If you serve customers in another country, their laws apply. You can either follow the law or not serve in that country." That would seem to imply some overarching legal enforcement regime, rather than law of the jungle.

As to the law of the jungle, if embedded Iranian agents have enough power to do anything to Twitter, then the right framing is that Twitter has a massive security problem. Also it would be foolish of Iran to burn such resources on damaging Twitter rather than continuing to silently exfiltrate data that interests them.

If Iran performs arbitrary attacks on hospitals in "retaliation" for Twitter's actions, then that still doesn't affect Twitter. And similarly, that's best framed as said hospitals having abysmal security, rather than focusing blame on Iran. The Internet is hostile noise.

[oneplane]

> That would seem to imply some overarching legal enforcement regime, rather than law of the jungle.

No, it implies that if you respect the laws of the countries the people you serve reside in, you can choose to follow the law by not serving them, and therefore not having to "do what they say", or serve them, but then by their laws "do what they say".

Regarding effects on Twitter: it costs them money. Their share prices drop and jo-jo a ton when stuff like this gets out. Legally, not much effects twitter, it's not a person after all, and legal departments weasel their way around plenty to make sure a company keeps existing and keeps making money. If it's cheaper to censor some random person on your private platform then compared against shoring up your cyber defences, that's an easy choice for the people in charge with somewhat cartoonish dollar signs in their eyes.

The reality is that nothing is truly isolated from side-effects and circumstances in the world. Even if there are no diplomatic ties, and no physical violence, it's all happening on the same globe with the same internet. So ignoring laws is not always the cheapest way to deal with countries, and not dealing with countries is generally not an option when you're connected online.

[potency]

So practically speaking, what will happen if Twitter ignores Iranian law and allows IPs from that country to use their platform anyway? I don't think the US govt will enforce Iranian law for them...

[orangepurple]

The consequence within Iran is Twitter will be sanctioned if they ever attempt to create and operate a legal entity there. So who cares, right?

[oneplane]

More like the IRG doing cybers on you. Iran doesn't have much leverage besides that.

As for who might care: twitter might. They may have to spend more money on defence, on screening people when hiring them, and on legal to make sure they aren't getting sued in the US for discrimination, data leaks or whatever else people might come up with if they keep (accidentally) hiring foreign intelligence officers without checking who they are.

[oneplane]

Attacks on their digital infrastructure, either remotely or by getting their agents hired.

[BrandoElFollito]

> They have to follow the laws of the countries they operate in. Keep in mind that business operations and server locations (and incorporation locations) are not the same thing. > If you serve customers in another country, their laws apply. You can either follow the law or not serve in that country. This is pretty much how it has worked forever.

You are right.

Now, Twitter is free to not follow this law and expect consequences: a law suit from Iran, or retaliation towards Twitter operations on Iranian ground.

[oneplane]

Or cyberattacks and getting their agents hired by twitter.

[wpietri]

So are you claiming that Twitter has an office in Iran? It's been some years since I worked for Twitter, but as far as I know they do not operate in Iran except to the extent which their services are available to anybody with an IP.

[pb7]

I don't think any company officially operates in Iran due to sanctions. In any case, Twitter isn't going to comply with a sanctioned country's requests, especially ones for censorship.

[oneplane]

Yet they did? Also might not be a case of "scary sanctions" but "don't want more cyberattacks".

[lupire]

Twitter hired KSA spies that helped kill Jamal Khashoggi. Twitter "compliance" is irrelevant because they have no internal data security.