Jacob Feldgoise and Hanna Dohmen at the Center for Security and Emerging Technology (CSET) at Georgetown University offer the following response to the Bureau of Industry and Security’s (BIS) Notice of Proposed Rulemaking (NPRM): Taking Additional Steps To Address the National Emergency With Respect to Significant Malicious Cyber-Enabled Activities (89 FR 5698).
Despite its limitations, the proposed customer identification requirement is an important step to addressing a pressing national security risk. However, we recommend that BIS does not implement the AI model monitoring provisions until BIS has convinced allies to implement complementary rules in their own jurisdictions. Furthermore, with respect to the AI model monitoring provisions, we urge BIS to provide a clearer articulation of the risks it aims to address.
Recommendations
In our response, we first identify a gap in BIS’s articulation of the threat models and objectives underlying its proposed rules. We recommend BIS provide a clearer articulation of the “AI monitoring” objective. This would help BIS communicate its policy to industry and allied governments more clearly and effectively.
Second, we recommend that BIS at this time proceeds solely with rulemaking for the customer identification requirements it has proposed for IaaS providers. Developing effective regulation for IaaS customer identification programs (CIPs) will help U.S. providers identify potentially malicious actors. BIS should iterate on the rule with consultation from U.S. IaaS providers to ensure the requirements create CIPs that are effective at identity verification and do not impose a costly burden on providers.
Third, to monitor the development of “large AI model[s] with potential capabilities that could be used in malicious cyber-enabled activity” (cyber-relevant AI models) on IaaS providers, BIS will need to determine whether the model has “potential capabilities” that could be used in malicious cyber-enabled activity as well as what constitutes a “large” AI model. For the latter, we recommend that BIS set and adjust a compute threshold.
Fourth, we recommend BIS work with allies to harmonize customer identification requirements and future AI model reporting requirements. Only requiring U.S. IaaS providers to conduct customer identification will not achieve the broader goal of reducing the ability of malicious actors to use global IaaS products to carry out illicit cyber activities and attacks, as non-U.S. IaaS providers do not fall under BIS’s jurisdiction. Additionally, placing AI model reporting requirements solely on U.S. IaaS providers risks incentivizing AI developers—both good and bad actors—to seek services from non-U.S. IaaS providers.