Encryption, spyware, and now Mythos: History shows why cyber export control doesn’t work

Last Friday, citing unspecified national security concerns, the White House ordered Anthropic to restrict exports of its powerful AI models Fable and Mythos to anyone outside the United States, as well as to foreigners in the country. Shortly afterwards, the AI ​​giant hastily pulled the plug on both models, which have now been unavailable to anyone for a week.

The episode is the first real test of whether the U.S. government can use export controls to curb border AI in the way it has tried, with wildly uneven results, to curb encryption and spyware before. And as dramatic as it may sound, how this impasse is resolved could determine not only Anthropic’s access to foreign markets, but also the rulebook that other AI labs will have to build around.

First some context. Since Anthropic Mythos launched in April, the company has marketed it as a kind of Doomsday cyber machine that could wreak havoc on the internet if released widely. Therefore, before the ban, only about 150 vetted companies and government organizations had access to it. The goal was to help defenders secure their software and services before the bad guys could achieve Mythos-like capabilities.

So what caused the ban? Allegedly two consecutive events. The first: Anthropic gave a South Korean telecom provider access to Mythos through its limited affiliate program, and U.S. officials became alarmed when they identified the company as one they suspected had ties to China. (The company, widely reported SK Telecom has refused any connection to China.) Also reportedly Amazon CEO Andy Jassy warned the board after Amazon’s own researchers, he said, found a way to bypass Fable 5’s security measures. Anthropic disputes the “jailbreak” label, calling it a limited, already resolved issue rather than a wholesale defeat of the model’s security measures.

The result was the same: the Commerce Department issued an export control directive and Anthropic had to scramble to immediately restrict access to its products — within about 90 minutes of being notified, by some accounts.

None of this is new, however. Governments have been trying to use export controls to limit the spread of what they consider dangerous cyber technology for decades, but their track record has been mediocre at best.

The US government was behind what is perhaps the most spectacular failure in the history of this approach in the early 1990s. At the time, computer scientists were developing encryption technologies to secure data as it traveled across the Internet. One such encryption product was called Pretty Good Privacy, or PGP, a popular software that could encrypt data and make it virtually impossible to decipher, even if it was intercepted while traveling over the Internet to its intended recipient.

The US government initially saw PGP as a dangerous weapon, fearing that it would prevent its intelligence agencies from snooping on emails while crossing their wires. To stop the distribution of PGP, the US Customs Service opened a criminal investigation against PGP creator Phil Zimmermann for allegedly violating arms export controls. He fought back by publishing PGP’s source code as a printed bookcreating what is today known as the ‘Crypto Wars’.

Zimmermann later won a key battle when the investigation was closed, paving the way for crucial end-to-end encryption algorithms like those used by billions of Signal and WhatsApp users.

Later, in early 2010, researchers began discovering Western spyware used against dissidents in the Middle East. In response, several governments agreed to expand the Wassenaar Packagean international treaty that restricts the export of dual-use software and technologies used in both civilian and military applications.

The idea was to classify surveillance and hacking software as dual-use, forcing spyware makers to obtain export licenses to sell their products abroad.

But Wassenaar has always had two inherent weaknesses. There are several countries that are not adhering to the agreement, including Israel, home to some of the most active spyware makers in the world.

The agreement also depends on countries applying it at their discretion to companies within their borders. For a time, the Italian government licensed one of the country’s then top spyware makers, Hacking Team, to export its tools around the world, despite the company’s track record of selling spyware to corporations. oppressive governments That used it to hack journalists and human rights activists.

Since then other to land in Europe have been lax with spyware makers like Italy. Despite numerous scandals, Europe, home to many makers of spyware and hacking tools, has done just that It has consistently failed to curb the export of spyware to authoritarian regimes. Critics say a recently renewed effort across the 27-member bloc to tackle the growing problem of spyware exports to authoritarian states “doesn’t go far enough.”

Several spyware makers, such as Intellexa, a sanctioned consortium of spyware companies, have simply moved their operations to countries with lax export controls. Other spyware makers tried to move their operations to Saudi Arabia for similar reasons.

There have been some victories. Germany-based spyware maker FinFisher Closed 2022 after a multi-year investigation into the company by German prosecutors allegedly selling spyware to Turkey without an export permit. Researchers previously discovered that it was FinFisher spyware deployed on the telephones from critics of the Turkish government.

At the time of writing, the standoff between Anthropic and the Trump administration continues. There is a reasonable chance that the administration will relax and lift the restriction in the interest of keeping U.S. AI companies globally competitive — a move that would amount to a tacit admission that AI labs elsewhere, including in China, are likely to achieve similar capabilities regardless of what the U.S. limits. Or U.S. AI companies could end up needing government approval before they can even serve foreign customers, a compliance burden that would invariably hurt their bottom line.

Given the past experiences that governments around the world have had with attempts to control the scope of software, it is unlikely that government-imposed export controls will be the right approach to deter malicious actors from abusing powerful dual-use cyber technologies.