Anna Sainsbury, CEO, chairman, and co-founder of GeoComply.Dina Goldstein/The Globe and Mail
When Anna Sainsbury and David Briggs first started dating in 2009, they bonded over a shared—if nerdy—fascination for consumer protection. They’d met in the gaming industry, where both of them worked as consultants: her for governments around the world, him for private enterprises in place like Vietnam and Macau.
Over dinner, they’d get into debates over the pros and cons of external regulation. Briggs, who’d previously worked for the British gaming giant Ladbrokes, believed that companies could be relied upon to police themselves: They knew their business, and they had a vested interest in safeguarding customer data, since a breach could tank their reputation. Sainsbury thought Briggs was being naïve. “There are all sorts of shady companies out there,” she’d say. “Somebody external needs to set the bar somewhere.”
Soon, the arguments over regulation turned into discussions of a possible business opportunity. The United States was about to legalize online gaming, a move that would bring it in line with France, Italy and the United Kingdom. At the time, Nevada, which had an exemption to federal gambling laws, was the only U.S. state to offer such services, albeit in the most limited way imaginable: You could place bets on a tablet owned by a casino, so long as you were inside the building itself. “The U.S. was leading the digital revolution across everything, from watching movies to buying stuff online,” says Briggs. “But when it came to gambling, it was like the internet didn’t exist.”
That situation was finally about to change. Unlike its European counterparts, though, the U.S. was going to enforce regulations stringently. In Europe, it was technically illegal to place an online bet outside of your country, but standards were lax. If you had a French IP address, you were assumed to be in France. And if you were really in Belgium using a VPN to obscure—or “spoof”—your location? Well, nobody was looking too closely.
The U.S. wasn’t going to make things so easy. State sovereignty would be sacrosanct, and online casinos would be expected to uphold the rules. If people placed out-of-state bets on a given platform, the platform operators—and the companies that processed the payments—would be held responsible. The CEOs could even wind up in jail.
But could casino operators really police such things? How could they ascertain an online user’s location with any kind of certainty? Sainsbury and Briggs reasoned that whoever answered those questions stood to make a lot of money. The couple married in 2010. Two years later, in Las Vegas, they founded GeoComply. Its business: helping companies uphold the law by locating internet users, not just in cyberspace but in physical space, too.
Today, GeoComply is headquartered in Vancouver, Sainsbury’s home city, where she and Briggs are raising their two kids. Sainsbury is CEO, and Briggs is director of special projects. He explains his role like this: “If Anna has a problem and she wants me on it, then I make myself available.” Right now he’s involved in searching for acquisitions, getting ready for a potential IPO and building out new verticals, among other things.
David Briggs, GeoComply's co-founder and director of special projects.Alana Paterson/The Globe and Mail
Growth has been brisk. GeoComply has ballooned to more than 550 employees in 10 cities. It has attracted hundreds of clients, including gaming giants like DraftKings, Caesars and BetMGM. Its investors include Blackstone, Atairos, Norwest Venture Partners and Arctos Partners, a private equity firm specializing in professional sports.
Compliance, it seems, isn’t just an industry for pointy-heads and squares; it’s a good place for growth-minded entrepreneurs. GeoComply is currently valued in the low billions, but that number could easily grow. The U.S. gaming industry alone represents a total accessible market of US$20 billion a year. And GeoComply is now moving into content streaming, crypto and fintech—industries with a combined market of US$80 billion. All of this is a big deal. But the company’s most significant achievement is changing how the internet works, for better or for worse.
In certain respects, the problem of crime is a problem of jurisdiction. Criminals are often mobile; crime fighters are often bounded to specific geographic locales. In the days of the Old West, bandits would abscond to Mexico or the wilds of Oklahoma, where U.S. law enforcement rarely ventured. The creation of the Interstate and Trans-Canada highway systems led to a new era of itinerant, fast-moving criminals, including the infamous “freeway killers” who haunted the motorways of Texas, Southern California and British Columbia. Criminologists have found that even prosaic offences like burglary tended to rise in tandem with the expansion of the highways. The possibility of a speedy getaway to a far-off locale makes crime an enticing prospect.
The advent of the internet further complicated matters. Suddenly, it became possible for criminals to put vast amounts of distance between themselves and their victims: Think of scam artists in New Dehli, Lagos or Laukkai who pursue marks on the other side of the world. Sometimes on the internet, the geography itself is the crime. When you place a bet at an online casino that isn’t licensed in your jurisdiction, you’re breaking the law by virtue of your location. Any U.S. casino operator that fails to stop you is breaking the law by virtue of its negligence.
GeoComply’s early clients were the major gaming companies in New Jersey, the first U.S. jurisdiction, after Nevada, to permit online gambling. Sainsbury and Briggs reasoned that, to provide a worthwhile service in the Garden State—a region where the four biggest cites are all practically within walking distance of the New York border—they’d have to offer extraordinary levels of location accuracy. “We immediately started thinking about the different waterfalls of data we’d need just to do our job,” says Sainsbury.
They had to be ready to go from day one. When the first online gambler logged on to a New Jersey gaming site to place a bet, that individual would be subject to GeoComply’s digital verification process. The company would analyze the many signals the user’s device gave off. IP addresses were only the starting point. GeoComply’s technology also relies on GPS; cell-tower triangulation, a system that estimates a person’s whereabouts based on their proximity to cellular towers; and WiFi positioning, whereby a user’s available WiFi networks are checked against both private and public location databases. GeoComply can even source data on barometric pressure or altitude in the user’s surrounding environment. (Yes, your phone picks up on that stuff, too.)
Hundreds of data points are cross-correlated to ensure a coherent picture. If the picture is incoherent—if your IP address and GPS signal put you in Delaware, a low-altitude state, but you’re at 6,000 feet above sea level—then you’re going to be blocked from placing a bet. In many cases, GeoComply can even spot evidence of location-spoofing software on your device. If you live in Pennsylvania but plan on placing a bet remotely via a friend’s laptop in New Jersey, GeoComply can identify the program that gives you access to your buddy’s computer.
New Jersey’s online gaming enterprise was slated to go live at 6 p.m. on Nov. 21, 2013, at which point operators across the state would be deluged with bets. The pressure on GeoComply was intense. Briggs, Sainsbury and a group of developers holed up in a rented house near Atlantic City, where they worked 18-hour days. At one point, Briggs accidently set fire to a barbecue outside the building, but the developers were so focused on their laptops that they didn’t notice the blaze outside.
GeoComply had been awarded the New Jersey contracts not because it was a legacy business—it certainly wasn’t that—but rather because it was the only game in town. “Technology like ours didn’t really exist,” says senior vice-president of compliance Lindsay Slader. “People thought, Either we hire a startup, or we’ve got nothing.” Everybody at GeoComply knew that if their servers crashed, New Jersey would grind to a halt mere seconds after starting up, in which case the company was probably toast. “The first minutes of the launch, we were still holding our breaths, wondering, Is this going to work? Are we going to pull this off?” Slader recalled in an online video commemorating the 10-year anniversary of the event.
Ultimately, the rollout went off without a hitch. New Jersey launched a new industry that, over the next decade, generated US$1 billion in tax revenue. In an instant, GeoComply went from scrappy startup to trusted brand.
The Globe and Mail
Following the New Jersey launch, people in the gaming industry predicted that many other U.S. states would soon have launches of their own. But the pace of change remained sluggish. Land-based casinos, wary of online competition, lobbied state regulators to slow-walk reform. GeoComply picked up contracts in Nevada and Delaware—by 2014, they were turning a profit by charging a fee for each location check—but then movement stalled, and the company started seeking clients in other industries.
Even when she was still in Las Vegas, Sainsbury was in regular contact with her Vancouver friends and colleagues, who often remarked during trips to the U.S. that Netflix was so much better there than it was back home. Sainsbury learned that it was commonplace for Canadians to use VPNs to access content from outside their country. Another business opportunity had presented itself. Soon, GeoComply was providing location-verification services for major streamers, including BBC iPlayer and Amazon Prime.
Then, in 2018, the U.S. Supreme Court ruled that the Professional and Amateur Sports Protection Act—a law that effectively prohibited sports betting across most of the country—was in violation of states’ rights and therefore unconstitutional. Sports betting had already become a multibillion-dollar industry thanks to the runaway success of Fantasy Sports, a skills-based game that existed in a legal grey area. As the 2010s drew to a close, consumer demand coupled with the end of legal prohibition brought a flurry of regulatory reform. Now 29 U.S. states—as well as seven Canadian provinces—allow online sports betting, and GeoComply has clients in almost all of them. Super Bowl Sunday in February has become the company’s biggest day of the year: Its technology validates the overwhelming majority of online Super Bowl bets.
Chad Hutchinson, a partner at the private equity firm Arctos, explains that he and his colleagues wanted to invest in GeoComply because of its impact on professional sports. As a minority owner in more than 20 teams—including the Houston Astros, the Chicago Cubs and the Golden State Warriors—Arctos supports initiatives that drive fan engagement. GeoComply’s work may seem peripheral to the business of swinging at fastballs or kicking for field goals, but the opposite is true. Compliance enables legal betting; betting leads to greater interest in sports; interest drives profitability. “We want to drive additional revenue for our teams,” says Hutchinson, “and by allowing teams to comply with the rules around sports betting, that’s exactly what GeoComply is doing.”
The sports-betting bonanza has catapulted GeoComply to unicorn status. It’s now leveraging its clout to move into other domains, including the crypto industry, whose leaders, in the wake of recent criminal trials and SEC investigations, may finally decide it’s time to grow up. “If crypto wants to clean up its act and prove that it’s compliant, it has to have money-laundering-prevention tools,” says Briggs. “The geolocation piece is important. If you’re a crypto exchange, how do you know someone’s not coming in and buying coins from Iran or North Korea?”
The firm is interested in banking and fintech, too. Briggs notes that Apple’s new iOS operating system includes stolen-device protection, a feature that prohibits people (likely thieves) from making changes to your phone if they’re situated outside a trusted location, like your workplace or home. Surely banks should have something similar. “GeoComply’s hypothesis is that, in the future, location will be the most trustworthy biometric,” says Briggs. “When you log into your banking account or use e-transfers, the bank should be getting proper location data—not just IP addresses—and using it to see that you are who you say you are. For us, this is a big opportunity.” GeoComply’s current financial-service clients include the payment provider Sightline Payments and the international crypto exchange Luno, and Briggs and Sainsbury hope to grow that roster exponentially.
As part of its corporate social responsibility initiatives, the company is helping investigators catch online sex offenders. When a social-media user posts suspicious content—attempts to solicit or sell sex with a minor, or to distribute child pornography—the platforms typically report the posts to an anti-child-exploitation group, such as the Child Rescue Coalition (CRC), which can alert local law enforcement. But these reports are of little utility unless the CRC can ascertain the location of the user in question. To that end, GeoComply leases its tech for free to CRC and similar non-profits.
Elizabeth Cronan, GeoComply’s VP of government relations, argues that this co-ordinated approach helps get around jurisdictional barriers to crime prevention. When a person attempts to solicit sex with a minor online, it is both everybody’s problem (insomuch as we all have a common interest in preventing such behaviour) and nobody’s problem in particular (since no single law-enforcement agency can be expected to monitor the entire internet).
With its technology, GeoComply is bridging the global realm of cyberspace with the jurisdictional realm of law enforcement. “We’re connecting the digital footprint of a bad actor to their actual physical location,” says Cronan.
To put it another way, GeoComply is bringing internet geography in line with the geography of the physical world. It’s placing borders on the internet. In doing so, it’s changing the way the internet itself works. And it’s undermining what was once a foundational dream of early internet pioneers: that cyberspace would be borderless, self-governing and beholden to no state authority.
In 1996, John Perry Barlow, the famed political activist and cyber-libertarian, published “The Declaration of the Independence of Cyberspace,” an internet manifesto. “Governments of the Industrial World,” he wrote, “you weary giants of flesh and steel, I come from Cyberspace, the new home of Mind. On behalf of the future, I ask you of the past to leave us alone.” Barlow’s vision was radical, with overtones of mysticism. “Cyberspace does not lie within your borders,” he added. “Do not think that you can build it, as though it were a public construction project. You cannot. It is an act of nature and it grows itself through our collective actions.”
Barlow’s vision hasn’t aged well. “Many of the agreements and regulatory rules we have in our society are geographically based,” says Michael Geist, a Canada Research Chair at the University of Ottawa and a specialist in digital privacy law. “Individual countries may seek to impose rules. Parties may seek to divide up the world to license their content. There’s myriad reasons why people online might want to use the same borders that exist offline.”
Sainsbury concurs. She finds Barlow’s vision to be not just utopian but risible. It fails to answer some key questions: What happens when you impose a borderless internet onto our decidedly bordered world? And in a future where anybody, at any moment, can escape into a digital domain where their actions are unaccountable, how might lawmakers enforce the rule of law? Can governments still have sovereignty over the people they were elected to serve?
These questions have become ever more relevant as the internet has become ever more enmeshed in our lives. The more we shop and bank online, the more we expect the same level of consumer protection that we currently enjoy in the brick-and-mortar world. And as crime—from illegal gambling and content theft, to bank fraud and sexual exploitation—increasingly migrates to the digital realm, we naturally want our governments to do something about it.
The debate over whether the internet should be borderless and anarchic, or bordered and policed, has raged on since Barlow’s manifesto, but Sainsbury believes her company is helping bring it to the only resolution that was ever tenable: The internet must be integrated into the structures of the offline world. That’s not the only longstanding argument she thinks has been settled in her favour.
Over a decade into the life of her company, Sainsbury feels she can safely claim victory in her disagreement with Briggs over the necessity of regulation. Would gambling operators across the U.S. really have employed GeoComply—taking a risk on pricey technology from an untested startup—if regulators hadn’t forced them to do so? Even Briggs acknowledges the answer is doubtful. “David and I have a successful company with the word ‘Comply’ right there in its name,” Sainsbury says. “It’s safe to say that I won our regulation debate.”
Your time is valuable. Have the Top Business Headlines newsletter conveniently delivered to your inbox in the morning or evening. Sign up today.