More Authoritarianism, Please
"Taking Additional Steps To Address the National Emergency With Respect to Significant Malicious Cyber-Enabled Activities"
They say you never let a good crisis go to waste, and the “national emergency” of significant malicious cyber-enabled activities is no exception. The U.S. Department of Commerce's Bureau of Industry and Security has issued a proposed rule (the "Proposed Rule") that would impose significant diligence, reporting, and recordkeeping requirements on U.S. providers of Infrastructure as a Service (IaaS) and their foreign resellers. IaaS is generally considered to be a cloud computing model that provides users with remote access to servers, storage, networking, and virtualization (yes, that means VPN users).
The Proposed Rule would require U.S. IaaS providers to:
Implement and maintain a "Customer Identification Program", which must include detailed know-your-customer procedures for identifying and reporting foreign customers to Commerce; and
Report transactions involving foreign persons that "could result in the training of a large AI model with potential capabilities that could be used in malicious cyber-enabled activity."
BIS has requested public comment on "all aspects of the proposed rule" and specifically has requested comments on various topics. Comments are due by April 29, 2024, and may be submitted via the Federal eRulemaking Portal.
Penalties
Violations of the proposed regulations would result in a civil penalty not to exceed the greater of $250,000 per violation, or an amount that is twice the amount of the transaction that is the basis of the violation with respect to which the penalty is imposed. Criminal penalties may be imposed on a person who willfully attempts or conspires to violate the Proposed Rule, which may not exceed $1,000,000, and subject the individual to imprisonment for up to 20 years.
This is more authoritarian rulemaking, similar to what I have written on previous posts:
Here’s my response to this newest example of authoritarian overreach for our “safety”:
Subject: Response to NPRM Docket No. 240119-0020, RIN 0694-AJ35
I am writing to provide feedback on the Notice of Proposed Rulemaking (NPRM) issued by the Department of Commerce regarding Docket No. 240119-0020, as published in the Federal Register on January 29, 2024.
While I understand the importance of safeguarding U.S. infrastructure from malicious cyber activities, upon review of the proposed regulations to implement the Executive orders of January 19, 2021, and October 30, 2023, I have identified several areas where the proposed regulation conflicts with the United States Constitution.
Firstly, the requirement for U.S. Infrastructure as a Service (IaaS) providers to verify the identity of their foreign customers may pose constitutional concerns, particularly regarding the rights to privacy and due process since this burden is being placed on US companies to disclose this data and it may sometimes be difficult to clearly delineate a “foreign” customer. The Fourth Amendment protects individuals from unreasonable searches and seizures, which could potentially be violated by mandating extensive identity verification procedures without probable cause.
Furthermore, the Executive orders directing the Secretary to authorize special measures to deter foreign malicious cyber actors' use of U.S. IaaS products raise concerns about potential violations of the First Amendment. In conjunction with the Proposed Rule, Commerce would define a set of technical conditions that a large AI model must possess in order to have the potential capabilities that could be used in malicious cyber-enabled activity. These technical conditions would be a binding interpretation of what constitutes a "large AI model with potential capabilities that could be used in malicious cyber-enabled activity" for purpose of the Proposed Rule. Any measures that limit or regulate speech, even in the context of cybersecurity, must be carefully crafted to avoid infringing on the rights to free expression and association guaranteed by the Constitution.
Additionally, the requirement for providers of certain IaaS products to submit reports to the Secretary when engaging with foreign persons to train large Artificial Intelligence (AI) models raises concerns about the freedom of contract. The Fifth Amendment protects individuals and entities from being deprived of property without due process of law, and imposing reporting requirements on businesses without clear justification could be seen as an infringement on their rights.
In light of these constitutional concerns, I urge the Department of Commerce to reconsider the proposed regulations and ensure that any measures taken to address malicious cyber activities are in full compliance with the United States Constitution. It is crucial to strike a balance between national security interests and the protection of fundamental rights and liberties that are the foundation of our democracy.
Thank you for considering my comments on this important matter. Please do not hesitate to contact me if you require any further information.
If you are interested, consider adding a comment at the link shared above to the official document.
Not financial or legal advice, for entertainment only, do your own homework. I hope you find this post useful as you chart your personal financial course and Build a Bitcoin Fortress in 2024.
Thanks for supporting my work. Always remember: freedom, health and positivity!
Please also check out my Bitcoin Fortress Podcast on all your favorite streaming platforms. I do a weekly Bitcoin news update every week on current items of interest to the Bitcoin community, usually 30 to 60 minutes depending on the number of topics to cover. Please check it out if you haven’t already. Also now on Fountain, where you can earn Bitcoin just for listening to your favorite podcasts.
Follow me on Nostr:
npub122fpu8lwu2eu2zfmrymcfed9tfgeray5quj78jm6zavj78phnqdsu3v4h5
If you’re looking for more great Bitcoin signal, check out friend of the show Pleb Underground here.