Comment by kube-system

1 year ago

At a quick reading, it doesn't sound like those are requirements. It also doesn't look like any documentation is technically required. One of the methods permitted is "Verification through non-documentary methods".

7 comments

kube-system

monksy 1 year ago

Do you mind expanding on what "non-documentary methods" means?

kube-system 1 year ago
It is all defined in TFA:
https://www.federalregister.gov/documents/2024/01/29/2024-01...
The TL;DR is that it can be whatever the provider wants, as long as it:
* includes name, address, email, phone number, IP address, and payment information,
* is written down,
* gives them a "reasonable belief that it knows the true identity of each customer"
* and "a sound basis to verify the true identity of their customer and beneficial owners and reflect reasonable due diligence efforts".
- monksy 1 year ago
  
  > * gives them a "reasonable belief that it knows the true identity of each customer"
  > * and "a sound basis to verify the true identity of their customer and beneficial owners and reflect reasonable due diligence efforts".
  I'm reading in to that in a conservative manner where it's "internally justified" that going the full privacy abusive route is justified. "Reasonable due diligence" is respective to the organization that could be punished, not a public sense.
  Given that it's on the company's discretion of diligent checks, I can completely see that their more aggressive requirements of: "your biometrics, copies of your official documents, 20 years of criminal background checks, a polygraph, approval by the Democratic National Party for appropriate speech, history of pornography consumption" being the standard.
  We're not getting a solution from the government that's a secure "is this person a US citizen?"/"Valid for IaaS service?" data point. The business is receiving all of the data to ask that question and are not trustable entities.
  
  3 replies →