Megha Shrivastava
The ongoing technology war, which prominently featured the United States’ export controls against China’s semiconductor industry, has taken an intriguing twist. The competition involves the cloud platforms used for artificial intelligence (AI) modeling. China’s domestic capabilities in cloud technology lie far behind U.S. firms. Its rising computing power broadly relies on easy access to U.S. cloud companies. With that in mind, the Biden administration is considering whether reporting cloud users can resolve the problem of China developing AI using the United States’ cloud infrastructure.
In the latest salvo, the U.S. Department of Commerce (DoC) has proposed rules to regulate cloud service providers like Amazon Web Services (AWS), Microsoft Azure, and Google Cloud. These rules are targeted to ensure the monitoring and reporting of cloud usage and AI training by developers in countries that are not U.S. allies. The regulations are widely understood as indirectly targeting China, where many tech companies use U.S. cloud providers as Infrastructure as a Service (IaaS). The draft regulations would demand mandatory “Know Your Customer” (KYC) services, akin to the financial services industry, in the cloud industry. Public cloud service providers will be required to run a “Customer Identification Program,” obtain the same information from their foreign resellers in other countries, and report compliance to the DoC when large AI models are trained using their IaaS.
The proposed rules include an explicit measure for cloud providers to ensure compliance. The “special measures” provide the right to the cloud providers to restrict access to their IaaS by certain customers or actors, i.e., China. This can be enforced by U.S. companies when a significant number of foreign entities directly use or resell U.S. IaaS or when the cloud company can find a pattern that a particular company has been repeatedly using their IaaS for malicious purposes. The regulations also put a threshold of one year for such a restriction without an explicit revision.
There is no doubt that Washington is desperate to keep a leading edge in AI development, and deprive China of the necessary high-end technology and services to fuel its ambitious AI development drive. However, it is not clear whether the much-needed measures to regulate AI training can turn out to be effective in turning the tide in China’s AI development. First, the Department of Commerce did not clarify on what basis cloud providers must conduct their cloud reporting activities. The 2021 and 2023 AI-related executive orders provide certain definitions regarding potentially dangerous AI systems and modeling thresholds. However, it is unclear whether these definitions would apply to the recent regulations. As our understanding of AI capabilities evolves, it rather remains vague to delimit the measures through broad-based assumptions.
As private big-tech firms become a focal point in the ongoing tech war, the challenges related to failed compliance appear to be a persistent issue. U.S. cloud providers currently dominate the majority of the market share, and recent regulations, in the short term, are diminishing their competitiveness. This is due to concerns about privacy, storage, and the handling of data, which are critical for foreign firms. Even though the intention may be to strangle Chinese firms in the cloud competition, there is little incentive for European firms, for instance, to willingly share their data, especially when the market, in the recent wave of digitalization, is flooding with open-access software, algorithmic, and hardware models.
Looking at the efficacy and outcomes of the ongoing chip war, we can infer that Chinese firms have the capabilities to refurbish, reorient, and acquire technologies by clandestine means. Last year, when the United States updated its 2022 export control measures to restrict access to Graphic Processing Units (GPUs) in China, the noted results were unsatisfactory. Nvidia’s A100 and H100 AI-based GPUs were still accessible to Chinese firms. In fact, Chinese AI firms are also said to have repurposed Nvidia’s existing hardware models to train their AI models.
Thus, American regulators are having a tough time curtailing Chinese firms’ use of high-end AI infrastructure. Considering that it is possible, spoofing the identification processes, or at least acquiring access through the creation of shell firms, will not prove difficult. More likely, Chinese firms will quickly move to open-access learning models or buy algorithms from top AI companies from around the world. In this scenario, a question that lingers is: will American big tech companies be proactive in ensuring compliance, at the risk of losing their market competitiveness, or will the KYC procedures be limited to a pro forma tool to fulfill government compliance?
There is no doubt that to ensure the United States’ cloud security and to maintain an edge over China in cloud computing, it is vital to restrict the free flow of U.S. cloud technology to China. Though the proposed regulations are intended to hinder China in making cutting-edge progress in AI technology, it is also a possibility that Chinese firms create different pathways to the same result, especially considering the vagueness of the proposed rules. Since cloud technology is intangible in nature, there is a need to develop additional authority and a classified domain to furnish these rules. Furthermore, streamlining the previous executive orders on AI regulation with the newer rules is required to ensure clear guidelines for the cloud industry.
A renewed focus on the cloud industry surely indicates that AI diffusion, other than major frontier tech, is emerging as a battlefield in the evolving technology war. In the future, the importance of cloud technology and algorithms will emerge as an arena for geopolitical maneuvering. At the same time, since big tech is increasingly becoming a scapegoat in the great power tech rivalry, companies around the world still need to learn more to navigate between market competitiveness and national security considerations.
No comments:
Post a Comment