Comment by plus
1 year ago
I ask this 100% genuinely, since this isn't a subject I've ever given any mind to. Why should we oppose this? What are the potential negative outcomes if this goes through? Can you steelman the argument for why people support this, and explain why you find the arguments unconvincing?
I think that the biggest argument in favour is that it would remove anonymity on the internet, at least from governments, and that could enable law enforcement to more easily find people committing real crimes. CSAM, scams, etc.
I think the biggest argument against it is that this removes anonymity on the internet, at least from governments, and that would remove people's ability to freely voice their opinions without fears of repercussions (will the first amendment ever be modified? Will people who discuss what it's like to be an illegal immigrant/drug user/etc. be persecuted)? Also, it raises the question of what happens to users of VPN's, public internet, etc.
Does this actually remove anonymity on the internet?
It seems to de-anonymize a set of IaaS customers, sure; but that's not nearly the same thing as removing anonymity completely. I've only just scanned this but it seems at first glance to mean that a foreign company can't anonymously spin up an AWS instance, that's all. Am I reading this incorrectly?
It establishes the principle, so that later it can be expanded by degrees. The trick is to oppose the principle so that it can't be expanded later.
1 reply →
A set? Only US customers are unaffected, i.e. 96% of the planet would no longer be able to use AWS (or anything similar based in the US, all the way down to simple web hosting or e-mail services) without going through KYC.
There are so many things that can fall under the IaaS bracket. Think anything 'cloud'. Maybe that's not how they'll apply it, but legally they are free to do so. It's a huge reach.
The only away for US citizens to prove that they are such would be for them to also submit their IDs. So it affects everyone.
Basically, it forces providers of a very wide variety of tech related services to collect identifying info on anyone who uses their services, and then store that info to either eventually be exposed in a breach, subpoenaed by the government, or sold to the highest bidder (might as well monetize it if you're forced to collect it )
This certainly makes it more hostile for an unsavory advocacy group to create a webpage and use the internet to organize a group to fight an anti-democratic bill.
> …directs the Secretary of Commerce (Secretary) to propose regulations requiring U.S. Infrastructure as a Service (IaaS) providers of IaaS products to verify the identity of their foreign customers… (from TFA)
This is about IaaS not “internet services”. It doesn’t remove anonymity from internet users, just foreign customers renting cloud servers and other infrastructure.
It seems the definition of IaaS Products could very well extend to ISPs: https://www.federalregister.gov/d/2024-01580/p-46
> This proposed definition adopts the E.O. 13984 definition for “Infrastructure as a Service product”, which is any product or service offered to a consumer, including complimentary or “trial” offerings, that provides processing, storage, networks, or other fundamental computing resources, and with which the consumer is able to deploy and run software that is not predefined, including operating systems and applications.
How would an ISP not be misconstrued as a "managed network"? Deploy/run software could just as easily be running some protocol over the network connection?
Sure, there are very few international ISPs which would be affected by this as physical infrastructure must be local to the user, but I wonder if this would be true always (e.g.: Starlink)
3 replies →
how will US customers prove that they're not foreign customers?
It is great that you ask a question, because we live in a world with the freedom to opine on things. What could be considered a massive issue to me may not be a massive issue to another; and if we feel the world will be better by debating our positions, we have the right to do so.
Today, anonymity and pseudonymity exist and allow people to speak freely without risk of backlash for having a different opinion as often times the right opinion may differ with that of social consensus.
If KYC is introduced, the ability to maintain freedom of speech, online, will likely diminish.
This is of negative consequence to the people of the world.
Further, with internet 'forever data', LLM NLP and so forth, character profiles are too easy to develop for people which can cause further harm as we begin segregating based on said profiles.
I believe this KYC requirement can even extend to blockchain node operators and so forth as well.
These are just a few reasons but there are many more.
I'm not in favor of this rule, but it seems to me you are conflating several issues into one without showing the effect of the rule. Can you explain how the rule that would be implemented causes these effects? I do not see the connection here.
This doesn't seem to affect users of internet services, though. It's just IaaS, so things like AWS. With that limited scope, what is the adverse affect of KYC laws on freedom of speech?
It affects all web hosts, so if you want to lease a server in order to install Wordpress or Mastodon you would need to submit your identification to the provider.
1 reply →
How much longer before IaaS platforms require their customers to also have similar KYC policies in their ToS to be able to shift liability downward in case anything goes down?
1 reply →
One example I've seen is a less-than-savory company make a purposefully confusing KYC process after purchase of their service/product to prevent users from realizing they're being scammed and are kept in KYC hell hoping to get verified when they never will. Time to start an ISP...
Provides the prerequisites for an authoritarian regime when they inevitable coopt the internet
Well some authoritarian regime would otherwise just do it whenever it got started, and it would require maybe a week?
This would make it illegal to anonymously run your own Wordpress install or Mattermost/groupchat server, you would have to reveal your identity to the web host. Do you trust the powers-that-be to never use this information to find and punish dissidents?
I know for me I'll have to stop using the internet. I can't take any chances. I can't upload government Ids everywhere I go, especially if the systems are not accessible with screen readers.
It's on the parties sponsoring and proposing the law to rigorously explain the benefits (and to discuss any negatives). Maybe go ask them?
why recreate this important argument with coffee? The Berkman Center at Harvard or one hundred other places has decades of written policy work and case studies on these topics ..
I would also find a link to those arguments to be satisfactory.
I too would have asked the same question as GP, and also meant it genuinely. It feels like HN is a place where someone could summarise the (presumably strong) arguments against this? Or links to a good source as suggested by a sibling comment.