> You're calling a collection and storage of your personal information as "benign"?!
All major cloud services already collect this information. I filled in the bare minimum on AWS, and they've got my full name, address, phone number, email, and credit card details.
You should really read patio11's article on KYC [0]. A relevant paragraph:
> Many people believe that the law requires a bank to see your government-issued ID in person to open a bank account. Again, this is incorrect; the law very rarely requires any particular action. The most prescriptive the US gets is that the sort of KYC information required about a customer include their true identity, including a name (not, incidentally, their “true” name because governments actually have some glimmer of understanding that that is not a thing which exists), a residential address, their date of birth, and an identifying number.
Your biometrics and gov ID data don't have to be collected or stored by the provider.
They can be used during the identity check and deleted right after, without ever entering the provider's infrastructure (assuming they are using a trusted 3rd party).
At a quick reading, it doesn't sound like those are requirements. It also doesn't look like any documentation is technically required. One of the methods permitted is "Verification through non-documentary methods".
The TL;DR is that the must collect name, address, email, phone number, IP address, and payment information and use that information for "verifying the identity of each foreign customer to the extent it enables the U.S. IaaS provider or foreign reseller of U.S. IaaS products to form a reasonable belief that it knows the true identity of each customer."
AWS already has all of this information on my account.
> You're calling a collection and storage of your personal information as "benign"?!
All major cloud services already collect this information. I filled in the bare minimum on AWS, and they've got my full name, address, phone number, email, and credit card details.
They collect biometric data (selfie) plus a copy of your drivers license? That's a big part of KYC/AML.
That's a huge difference from address, email, CC number.
You should really read patio11's article on KYC [0]. A relevant paragraph:
> Many people believe that the law requires a bank to see your government-issued ID in person to open a bank account. Again, this is incorrect; the law very rarely requires any particular action. The most prescriptive the US gets is that the sort of KYC information required about a customer include their true identity, including a name (not, incidentally, their “true” name because governments actually have some glimmer of understanding that that is not a thing which exists), a residential address, their date of birth, and an identifying number.
[0] https://www.bitsaboutmoney.com/archive/kyc-and-aml-beyond-th...
1 reply →
Your biometrics and gov ID data don't have to be collected or stored by the provider.
They can be used during the identity check and deleted right after, without ever entering the provider's infrastructure (assuming they are using a trusted 3rd party).
1 reply →
At a quick reading, it doesn't sound like those are requirements. It also doesn't look like any documentation is technically required. One of the methods permitted is "Verification through non-documentary methods".
7 replies →
> propose regulations requiring U.S. Infrastructure as a Service (IaaS) providers of IaaS products to verify the identity of their foreign customers,
Sounds like solid policy to me.
And how do you know that one customer is a foreign one and one is not?
That is outlined in §7.302
The TL;DR is that the must collect name, address, email, phone number, IP address, and payment information and use that information for "verifying the identity of each foreign customer to the extent it enables the U.S. IaaS provider or foreign reseller of U.S. IaaS products to form a reasonable belief that it knows the true identity of each customer."
AWS already has all of this information on my account.
2 replies →
Same way banks do. Documentation.