in

Trump decrees American cloud providers need to maintain records on foreign clients

Trump signs an executive order earlier in his presidency.

On his way out the door, outgoing and twice-impeached United States President Donald Trump has signed an executive order mandating that American cloud companies need to maintain records on foreign clients to help US authorities track down people committing cyber crimes.

Among the information to be retained, American cloud providers are expected to keep names, physical and email addresses, national identification numbers, means and sources of payment which could be credit card or bank account details, phone numbers, and IP addresses used to access services each time services are accessed.

“Foreign actors use United States IaaS products for a variety of tasks in carrying out malicious cyber-enabled activities, which makes it extremely difficult for United States officials to track and obtain information through legal process before these foreign actors transition to replacement infrastructure and destroy evidence of their prior activities,” Trump wrote in a letter to House Speaker Nancy Pelosi and Vice President Mike Pence in his role as President of the Senate.

“Foreign resellers of United States IaaS products make it easier for foreign actors to access these products and evade detection.”

Although the executive order and letter use the infrastructure as a service (IaaS) term, the order explains the definition also includes other cloud services.

“The term [IaaS] means any product or service offered to a consumer, including complimentary or ‘trial’ offerings, that provides processing, storage, networks, or other fundamental computing resources, and with which the consumer is able to deploy and run software that is not predefined, including operating systems and applications,” it states.

“The consumer typically does not manage or control most of the underlying hardware but has control over the operating systems, storage, and any deployed applications. The term is inclusive of ‘managed’ products or services, in which the provider is responsible for some aspects of system configuration or maintenance, and ‘unmanaged’ products or services, in which the provider is only responsible for ensuring that the product is available to the consumer.

“The term is also inclusive of ‘virtualized’ products and services, in which the computing resources of a physical machine are split between virtualized computers accessible over the internet (eg, ‘virtual private servers’), and ‘dedicated’ products or services in which the total computing resources of a physical machine are provided to a single person (eg, ‘bare-metal’ servers).”

The order gives the Secretary of Commerce the ability to restrict access to US cloud services if a country is deemed to have “any significant number of foreign persons offering United States IaaS products that are used for malicious cyber-enabled activities” or limit the access of certain foreigners. This section and the record-keeping obligations will kick in after 180 days.

In 120 days, the US government will need to consult on how to increase information sharing among cloud providers themselves, as well as with the government, to “deter the abuse of US IaaS products”. After 240 days, a report and recommendations will be presented to the President.

Earlier on Tuesday, US Secretary of State Mike Pompeo tweeted that China has been engaged in genocide and crimes against humanity against its Uyghur population and other minorities.

“These acts are an affront to the Chinese people and to civilized nations everywhere. The People’s Republic of China and the CCP must be held to account,” he said.

On a very active day of posting on Twitter for Pompeo, only three hours earlier, the outgoing Secretary of State decried the idea of multiculturalism.

“Woke-ism, multiculturalism, all the -isms — they’re not who America is. They distort our glorious founding and what this country is all about. Our enemies stoke these divisions because they know they make us weaker,” he posted.

Without a sense of irony over the US Capitol riots, Pompeo said visa restrictions were being introduced for those that were “involved in election interference in Tanzania”.

“There are consequences for interfering in the democratic process,” he said.

The issue of Uyghur forced labour in the tech industry has been slowly bubbling away for some time.

At the time of writing, just under 13 hours were left until Trump and Pompeo leave office, to be replaced by the Biden administration.

Related Coverage


Source: Information Technologies - zdnet.com

OAIC wants stronger enforcement powers in Australia's revamped Privacy Act

Google says consent over every aspect of data processing would be burdensome