I think that the biggest argument in favour is that it would remove anonymity on the internet, at least from governments, and that could enable law enforcement to more easily find people committing real crimes. CSAM, scams, etc.
I think the biggest argument against it is that this removes anonymity on the internet, at least from governments, and that would remove people's ability to freely voice their opinions without fears of repercussions (will the first amendment ever be modified? Will people who discuss what it's like to be an illegal immigrant/drug user/etc. be persecuted)? Also, it raises the question of what happens to users of VPN's, public internet, etc.
Does this actually remove anonymity on the internet?
It seems to de-anonymize a set of IaaS customers, sure; but that's not nearly the same thing as removing anonymity completely. I've only just scanned this but it seems at first glance to mean that a foreign company can't anonymously spin up an AWS instance, that's all. Am I reading this incorrectly?
A set? Only US customers are unaffected, i.e. 96% of the planet would no longer be able to use AWS (or anything similar based in the US, all the way down to simple web hosting or e-mail services) without going through KYC.
There are so many things that can fall under the IaaS bracket. Think anything 'cloud'. Maybe that's not how they'll apply it, but legally they are free to do so. It's a huge reach.
The only away for US citizens to prove that they are such would be for them to also submit their IDs. So it affects everyone.
Basically, it forces providers of a very wide variety of tech related services to collect identifying info on anyone who uses their services, and then store that info to either eventually be exposed in a breach, subpoenaed by the government, or sold to the highest bidder (might as well monetize it if you're forced to collect it )
This certainly makes it more hostile for an unsavory advocacy group to create a webpage and use the internet to organize a group to fight an anti-democratic bill.
> …directs the Secretary of Commerce (Secretary) to propose regulations requiring U.S. Infrastructure as a Service (IaaS) providers of IaaS products to verify the identity of their foreign customers… (from TFA)
This is about IaaS not “internet services”. It doesn’t remove anonymity from internet users, just foreign customers renting cloud servers and other infrastructure.
> This proposed definition adopts the E.O. 13984 definition for “Infrastructure as a Service product”, which is any product or service offered to a consumer, including complimentary or “trial” offerings, that provides processing, storage, networks, or other fundamental computing resources, and with which the consumer is able to deploy and run software that is not predefined, including operating systems and applications.
How would an ISP not be misconstrued as a "managed network"? Deploy/run software could just as easily be running some protocol over the network connection?
Sure, there are very few international ISPs which would be affected by this as physical infrastructure must be local to the user, but I wonder if this would be true always (e.g.: Starlink)
I can't see how an ISP (or VPN for that matter) would qualify for the second half "and with which the consumer is able to deploy and run software that is not predefined, including operating systems and applications."
This would apply to all hosting providers, which is bad enough.
- TCP is a spec delivered by a software implementation program. Maybe you disagree that TCP is being "deployed" as opposed to "used"?
- What about peer-to-peer hosted webpages? Certainly this is deployed software served over the internet connection?
The devil is in the details... details which are not specified in the order. It wouldn't be hard to imagine a lawyer arguing the finer details of "deployed" and "software" and falling on a definition which results in a less "open" Internet.
Also, I think of the meaning of "that is not predefined" is not at all clear. Predefined at what point in time?
I think the biggest argument against it is that this removes anonymity on the internet, at least from governments, and that would remove people's ability to freely voice their opinions without fears of repercussions (will the first amendment ever be modified? Will people who discuss what it's like to be an illegal immigrant/drug user/etc. be persecuted)? Also, it raises the question of what happens to users of VPN's, public internet, etc.