Comment by toss1

On top of that, it is to identify FOREIGN users

>>"require U.S. IaaS providers to verify the identity of foreign users of U.S. IaaS products, ... which calls for the Department to require U.S. IaaS providers to ensure that their foreign resellers verify the identity of foreign users. E.O. 14110 also provides the Department with authority to require U.S. IaaS providers submit a report to the Department whenever a foreign person transacts with them to train a large AI model with potential capabilities that could be used in malicious cyber-enabled activity."

We damn well SHOULD be identifying foreign users of our services, particularly those which have high-powered potential to cause harm.

This knee-jerk [govt identifying anybody is bad] response prevalent here deeply undermines the cause of actually maintaining privacy. There are actually very bad actors out there, and if we fail to identify and contain them, things will be far worse. The reality is that some measures must be taken — let's focus on containing the real threats, not cry foul at every shadow of a hint that we might approach a slippery slope.