New “Know Your Customer” proposal would strip Americans of their right to use cloud services anonymously
A disturbing new proposal by the U.S. Department of Commerce could strip cloud services users of their right to anonymity.
The new rules, known as National Emergency with Respect to Significant Malicious Cyber Enabled Activities, would apply to providers of infrastructure as a service (IaaS).
The government is using alleged concerns about “malicious foreign actors” as an excuse to
take away cloud anonymity for all users, even people who are simply signing up for a trial of services.
The proposal would also stop people who have been deemed “foreign adversaries” from accessing American cloud services. However, like many other measures that the government claims are aimed at foreign threats, American citizens will likely be impacted.
Of course, it wouldn't be surprising if that is exactly what the government is trying to do considering its penchant for invading Americans' privacy.
It is worth noting that many major cloud service providers, such as Amazon, would have no trouble whatsoever implementing an identification procedure, which would also provide them with a potentially lucrative source of personal data. It would effectively be yet another way that Big Tech companies could access people's sensitive personal information. This also means that the information would be vulnerable to leaks and hacking.
At the same time, it would not do much to stop legitimate malicious actors as they could simply buy and use leaked personal data belonging to people who are not on watch lists – ordinary American citizens who are just living their lives.
The Know Your Customer regulations already apply to banks and financial institutions and are aimed at preventing money laundering and other financial crimes. However, there hasn't been a need for such measures on cloud services. Providers often let people try cloud services by supplying an e-mail address, with some also requiring a valid credit card when signing up for a trial in case the user goes on to sign up for a paid plan when their trial ends.
As is the case with many of these privacy-invading laws, the definition of IaaS is quite broad, aimed at capturing as many people under its purview as possible. All companies that provide processing, networks, storage, virtual private servers, domain name resolution services, proxies, content delivery networks and other services would be subjected to the regulations.
Some of the information these providers and resellers would be required to collect include people’s names, physical and email addresses, IP addresses, phone numbers and payment methods.
Those who fail to comply would face heavy criminal and civil penalties. There are numerous violations attached to the regulations, such as failing to submit reports, making misleading statements and providing services to a foreign individual without full compliance.
Government keeps finding new ways to spy on Americans
The government is increasingly encroaching on people’s privacy, with the Senate passing a controversial reauthorization last month of Section 702 of the Foreign Intelligence Surveillance Act in a move that Senator Ron Wyden characterized as “one of the most dramatic and terrifying expansions of government surveillance authority in history.”
Like the IaaS proposal, it was originally set up to allow for surveillance of non-U.S. citizens abroad but ended up being used to facilitate
warrantless access to the phone calls, text messages and private emails of Americans. It gives the government the power to compel Americans who maintain, install or repair servers, routers phones or anything else that stores and transmits communications to
spy on behalf of the government.
NSA whistleblower Edward Snowden warned on X: "The House has voted to approve unconstitutional, warrantless searches of Americans' communications. Now the Senate has too — late on Friday, after the media had gone home. Only the President can stop it from becoming law, and he won't — because he's the one that asked for it."
Sources for this article include:
ReclaimTheNet.org
TheDissenter.org