The US Department of Commerce is seeking to end the right of users of cloud services to remain anonymous.
The proposal first emerged in January, documents show, detailing new rules (National Emergency with Respect to Significant Malicious Cyber-Enabled Activities) for Infrastructure as a Service (IaaS) providers, which include Know Your Customer (KYC) regulation, which is normally used by banks and financial institutions.
But now, the US government is citing concerns over “malicious foreign actors” and their usage of these services as a reason to effectively end anonymity on the cloud, including when only signing up for a trial.
Another new proposal from the notice is to cut access to US cloud services to persons designated as “foreign adversaries.”
As is often the case, although the justification for such measures is a foreign threat, US citizens inevitably, given the nature of the infrastructure in question, get caught up as well. And, once again, to address a problem caused by a few users, everyone will be denied the right to anonymity.
That would these days be any government’s dream, it appears, while the industry itself, especially the biggest players like Amazon, can implement the identification feature with ease, at the same time gaining a valuable new source of personal data.
The only losers here appear to be users of IaaS platforms, who will have to allow tech giants yet another way of accessing their sensitive personal information and risk losing it through leaks.
Meanwhile, the actual malicious actors will hardly give up those services – leaked personal data that can be sold and bought illegally, including by those the proposal says it is targeting.
Until now, providers of cloud services felt no need to implement a KYC regime, instead allowing people to become users, or try their products, simply by providing an email, and a valid credit card in case they signed up for a plan.
As for what the proposal considers to be an IaaS, the list is long and includes services providing processing, storage, networks, content delivery networks (CDNs), virtual private servers (VPSs), proxies, domain name resolution services, and more.
Lawmakers have figured out they can circumvent 4A by forcing the private sector and external governments to do their surveillance. It worked for banking KYC and it worked for FATCA. The industry is apparently not worried at all about losing customers. And they won’t. To circumvent 4A, just outsource governance to a non-government entity.