Comment by AdamH12113
1 year ago
For those who didn't know, KYC stands for "know your customer". It's a good idea to spell out abbreviations the first time they're used, especially since the abbreviation itself is not used in the linked article. It's also worth noting that the proposal is about US infrastructure as a service (IaaS) products specifically, not "internet services" in general.
In fairness, though, HN has a limit on title length, so I'm not sure it was all that possible in the headline here.
> We have 4 days to contest "Know Your Customer"
would have been a better title. The missing information is more easily guessed from skimming the article than the mystery acronym.
It also looks like it only applies to foreign peoples? That said, I don’t know how you select for only foreigners without collecting identity.
Yeah that's a clever way to avoid having the rules struck down as unconstitutional. In practice though to avoid liability and possibly jail time, providers will have to assume that every customer is a foreigner until they "prove" their US citizenship (by uploading the same ID and other documentation required by foreigners).
Resulting in AT&T 2.0 data breach. Already dealing with the consequences of our SSN#s being leaked in AT&T 1.0 breach.
1 reply →
It sseems unconstitutional to me. that's just me though.
1 reply →
The US government has shown over and over that these dragnet types of regulations are used to gobble up any information the TLAs want and hand wave it away as meta or "incidental" information "found in pursuit of foreign {$INVESTIGATION}"
In practice this often means requiring a photo ID scan.
It depends, but I'd say not usually. Many financial service applications, which have strict KYC requirements, just correlate different data sources to ensure everything matches up, and tries to determine some level of risk about the client making the application (i.e. match applicant name with DOB with SSN with known addresses, etc.) FWIW, given the huge number of data breaches I'm not sure why that info is sufficient, but it usually is. It's only when some backend risk engine determines "This data doesn't match up, or this client looks sketchy" is a photo ID requested.
KYC in the context of internet services stands for "violating the 4th Amendment".
I don't disagree with your premise that KYC enables governments to violate the 4th amendment, but in general, for certain industries this is just generally a really good idea. Banking is the first industry where I encountered KYC, and it strikes me as being obviously good there.
Isn't effectively the majority of what the Snowden leaks covered essentially violating the 4th amendment?
>Banking is the first industry where I encountered KYC, and it strikes me as being obviously good there.
This is not obvious to me as my experience has been largely negative post-KYC/9-11 vs pre-KYC/9-11. I am a legal law abiding citizen [and voter!] and it's just added extra hassle on various occasions and then the background anxiety of knowing an institution with crappy security track records hold a photocopy of my ID. And yet all the things KYC was supposed to prevent still continue unabated: money laundering, terrorist financing, identity theft, and financial fraud.
I'm curious to hear why you think it's obviously good and if you were using these services before KYC.
4 replies →
KYC basically means that the job of collecting evidence to prosecute potential (read: non-existent yet) crimes has fallen to yourself and your bank/cloud provider/etc., rather than forcing the government to collect evidence to prosecute a crime. Essentially an end-run around the 4th amendment and the whole idea of "innocent until proven guilty".
1 reply →
What is being proposed here will be used as a tool of fear by the government to suppress speech it doesn't like.
Comparing what one individual did in the past to a formal government policy doxxing away peoples' 4th amendment rights is a strawman argument.
4 replies →
Well yes, so does FISA.
Yes! If they put it into the entire internet infrastructure, it's considered a general warrant. Hmm... I thought we did away with those in 1789.
Thank God for the Constitution
synthesia requires KYC:" Your avatar can be created only with your explicit consent, following a thorough KYC-like procedure.
Yeah this is a very industry standard term in banking and anyone in that industry is going to immediately know what you are talking about, but outside of that industry, chances are high that a layman will not
Unfortunately, KYC has been bleeding into far more commercial interactions over time. I now deal with KYC multiple times per year in unrelated contexts and I don't work in finance. It has become quite intrusive.
In the past that would be true. But given most blockchain platforms require it, I imagine it is more widely known in the tech-savy hn-like realms?
Then again I worked on blockchain tech around half a decade ago, so I might be knowledge biased here?
Definitely biased. I had no idea what KYC means. I don't think typing it out fully once at the beginning is too much to ask, is it?
4 replies →
I posted my comment because the linked proposal itself never uses the abbreviation "KYC" and none of the early comments spelled it out, so if (like me) you didn't already know what it means a quick Ctrl-F wouldn't help.
The proposal seems to use the term Customer Identification Program (CIP) instead, mentioning KYC (spelled out) only once, in the introduction:
> Section 1 of E.O. 13984 requires the Secretary to propose, for notice and comment, regulations that mandate that U.S. IaaS providers verify the identity of foreign persons that sign up for or maintain accounts that access or utilize U.S. IaaS providers' IaaS products or services (Accounts or Account)—that is, a know-your-customer program or Customer Identification Program (CIP).
A very significant percentage of us (I suspect a large majority) haven't really bothered with blockchain tech. Blockchain tech doesn't solve any problems that most of us actually need solving.
KYC is that poorly known? I would have expected most white-collar professionals to have at least heard of it.
If someone knows about KYC because of their profession, they are quite literally the opposite of a layperson.
I thought it was a zipper manufacturer tbh
I've studied crypto currency. I know exactly what KYC means.
[flagged]
Except it’s goose that they’re cooking.
[dead]
Google is your friend