The proposed rule requires all U.S. providers of U.S. IaaS products to create, implement, and maintain an appropriately tailored, written CIP—akin to the “know your customer” (“KYC”) information that banks maintain. The primary purpose of the CIP is to verify whether potential customers and beneficial owners are foreign or U.S. persons, and to verify the identities of potential foreign customers and their beneficial owners.
Forced KYC when motivated by hampering foreign enemies feels an awful lot like a new form of The Draft. If modern warfare is fought with information, how long before we recognize this kind of thing as an atrocity?
This also makes me question which is worse: price controls or customer controls?
262 sats \ 0 replies \ @freetx 4 Mar
The large cloud computing sites (AWS, GC, etc) already collect this info so will be no imposition to them.
However this will have the effect of pushing all "anonymous" services -- and certainly all VPN's -- out of US jurisdiction.
Why would they do this? Two main reasons spring to mind:
  1. Obviously this helps AWS, Google, etc.
  2. But more importantly, by pushing VPN's etc out of US jurisdiction, this opens them up to being "foreign entities" which makes it legal to use intelligence services against them. So once your VPN is located in a foreign country, they will be fair game to be infiltrated and targeted by snooping.
reply
120 sats \ 0 replies \ @davidw 4 Mar
Isn't it ironic that the CIP (Customer Identification Program) sounds an awful lot like the CCP.
reply
110 sats \ 1 reply \ @Scoresby 4 Mar
Sadly, I don't see how this goes anywhere else. KYC requirements are going to increase. You need it to bank, you need it to rent, you need it to open a business...cell phone and internet service are almost entirely kyc'd. What is going to provide (effective) pushback?
reply
34 sats \ 0 replies \ @kytt 4 Mar
You need it to bank - nope. You need it to open a business - nope. You need it for cell phone/internet - nope.
Pushback happens using their own rules. You can use a trust for all of those. You can also "open a business" by operating as yourself and paying "contractors" in cash. There is nothing against doing that.
reply
I interpret this that it may hamper U.S. citizens just as much, if not more, than it does foreign adversaries. With the Government able to know exactly what content & information U.S. citizens are consuming, they have more influence on them within their borders. But no doubt it'll be used for foreign influence, cutting-off digital services to anyone acting/behaving 'foreign' and A.I training too.

Identification Procedures
Providers should assume all potential customers and beneficial owners are non-U.S. persons until the aforementioned identifying information is collected and assessed.
If a provider verifies that “the potential customer and all beneficial owners are U.S. persons,” the provider need not engage in further verification procedures.
At minimum, U.S. IaaS providers must gather and retain specific identifying information from potential foreign customers and foreign beneficial owners:
  • Name;
  • Address;
  • Means and source of payment;
  • Email address;
  • Telephone number; and
  • “IP address(es) used for access or administration and the date and time of each such access or administrative action.”
reply
100 sats \ 0 replies \ @nicosey 4 Mar
unless we start a movement to stop this it will only get worse...
reply
44 sats \ 0 replies \ @jeff 4 Mar
Soon : All companies must KYC everybody.
reply
Homeless often cannot qualify for KYC. They lack mailing address, phone number and other essential requirements. Bitcoin maximalists claim 4 billion in the world are unbanked. They cannot meet KYC or bank account requirements. I'm not certain imposing new regulation works in the favor of banks or the state. Over the long run these restrictions might show a need for bitcoin and paper currency, to increasingly greater numbers of people who are unhappy with KYC overregulation.
reply
No KYC for campaign contributions
reply
P2P unaffected
#NeverOnAServer
reply
Overton’s window has been opened for this issue.
reply
Engaging in "malicious cyber-enabled activity" is already illegal. Maybe the cops should do their jobs rather than swallow the surveillance line? Also where are the studies showing CIP would've helped? Seems like whack-a-mole where adversaries will easily adapt and ultimately freedom takes a hit.
reply
0 sats \ 0 replies \ @OT 4 Mar
Has anyone ever sued the state for requiring KYC?
reply