Internet service provider Axxess has just announced a new service it’s offering for free to its DSL subscribers. And it’s very promising. It’s called Global Axxess, and what it basically does is allow you to use services which are geographically locked by making your browser appear as if you’re living overseas. Many South Africans already use similar services like UnoTelly, but that’s an extra R500-R750* a month on top of your regular ADSL charges.

Right now, Global Axxess only unlocks US services like Netflix and Hulu, but European servers are planned – which could mean the likes of BBC iPlayer too.

The big question is whether offering this service and using it is a crime?

As you know, DNS is an important part of the Internet’s addressing system. It underpins domain names and maps them to servers located on the Web through their IP addresses. If you want to visit, say, htxt.co.za, your browser will contact a DNS server and ask where the browser can connect to view the site. The DNS server will probably tell your browser to connect to a web server located at the IP address 41.76.106.51. This process is called DNS resolution. Your ISP usually allocates DNS server settings to you automatically but you can change which DNS servers your devices connect to by default.

Axxess’ DNS Suite enables Axxess subscribers to manage their DNS settings and choose alternatives. It looks like a pretty powerful service and the Family Axxess aspect of DNS Suite includes content blocking options to protect your family from adult content, gambling sites and so on. Global Axxess extends DNS Suite to somehow mask your actual location and give the impression to websites you are visiting that you are located elsewhere. The result is that services that moderate access to their content based on your geographical location (for example, Netflix) will probably think you are in the USA and grant you access.

There are a couple challenges, though. The first is that Global Axxess (BETA) doesn’t help you legitimise your otherwise illegitimate Netflix access, which we’ve written about here (or similar). The second challenge is that using Global Axxess (BETA) may be a criminal offence in terms of the South African Electronic Communications and Transactions Act.

Chapter 13 of the ECT Act deals with Cyber Crime and it begins with a definition of the word “access”:

“access” includes the actions of a person who, after taking note of any data, becomes aware of the fact that he or she is not authorised to access that data and still continues to access that data.

Section 86 is titled “Unauthorised access to, interception of or interference with data” includes two important sections:

(3) A person who unlawfully produces, sells, offers to sell, procures for use, designs, adapts for use, distributes or possesses any device, including a computer program or a component, which is designed primarily to overcome security measures for the protection of data, or performs any of those acts with regard to a password, access code or any other similar kind of data with the intent to unlawfully utilise such item to contravene this section, is guilty of an offence.

(4) A person who utilises any device or computer program mentioned in subsection (3) in order to unlawfully overcome security measures designed to protect such data of access thereto, is guilty of an offence.

The key phrase in section 86(2) is “which is designed primarily to overcome security measures for the protection of data” because these geographical restrictions on access to services like Netflix are a technical means of enforcing content licensing restrictions. We have to ask two questions to satisfy this test:

  1. Is Global Axxess (BETA) “designed primarily” to overcome these protections?
  2. Are the technical measures used to impose territorial restrictions on access to, for example, Netflix content “security measures for the protection of data”?

If the answers to both of these questions were successfully argued to be “yes” in a court, then Axxess would likely be found to have committed a criminal offence in terms of section 86(3) and Axxess DNS users may commit an offence in terms of section 86(4) when they use the service.

[Photo credit: Photo credit: Datacenter work by Leonardo Rizzi, licensed CC BY-SA 2.0]

Paul Jacobson is a digital risk and privacy specialist. His focus areas are digital risk assessment and gap analysis as well as privacy and data processing risks. You can also find him on Twitter at @pauljacobson or on webtechlaw.com.

*Apologies, I got added a zero to the dollar conversion for Unotelly for for no reason than it’s a Friday – Ed