US Policymakers Should Reject “Kill Switches” for AI
Two recent reports from different think tanks have called for AI chip manufacturers to integrate new technical measures on their processors to strengthen U.S. export controls of these products. Not only would these proposed “kill switches” potentially inflict considerable costs on U.S. chipmakers—thereby making their products less competitive and raising computing costs globally—but it would also raise concerns for both domestic and foreign users that the U.S. government could unilaterally shut down their computing clusters. U.S. policymakers would be outraged if foreign governments attempted to implement similar measures for products used in the United States, and thus they should soundly reject these proposals to avoid giving them even a veneer of legitimacy.
In the first report, RAND proposes the concept of “hardware-enabled governance mechanisms (HEMs).” Specifically, it outlines two types of HEMs, offline licensing and fixed set, both of which are meant to complement, and not replace, export controls.
Offline licensing would involve limiting the amount of processing a chip could perform per license. Once the chip completed a certain number of calculations, it would need a new license before it could perform more. This license would be provided either by the chipmaker or a third party, such as the U.S. government. This mechanism would be intended to prevent unauthorized users from making use of illicitly obtained chips. For example, if Nvidia sold 10,000 GPUs to a tech company in India, and this Indian company later sold those chips to a Chinese firm or provided computing resources to the Chinese military, Nvidia (or the U.S. government) could refuse to provide additional licenses, rendering the chips useless.
Fixed set would involve restricting communication between chips to either a set of preauthorized chips or to below a maximum threshold. The purpose of this mechanism would be to allow U.S. companies to export small computing clusters or devices containing advanced chips (e.g., gaming consoles) while limiting the ability of bad actors to aggregate multiple GPUs from these products to create powerful supercomputers. Compared to offline licensing, fixed set would be a much narrower intervention and significantly less controversial.
A separate report from the Center for New American Security (CNAS) similarly calls for “on-chip governance mechanisms.” CNAS posits, “What if updates to export regulations could be deployed through a simple software update, backed by secure hardware?” Similar to RAND’s proposed “offline licensing,” CNAS suggests using “operating licenses” that would require data centers to periodically renew license keys to keep their AI chips unlocked. CNAS also proposes using on-chip hardware modules to produce data that would allow a third party to verify “the quantity of computation or the dataset used in a particular training run.” The verification function would work in tandem with the operating licenses—operators using chips for unauthorized purposes or refusing to report information about their usage could find themselves cut off from license renewals.
These proposals echo other ideas and initiatives to significantly expand U.S. government control over computing resources to prevent countries of concern from training powerful AI models that present national security risks. For example, the Biden administration’s recent executive order on AI directed the Department of Commerce to create rules requiring U.S. cloud providers to report when foreign entities use their services to train large AI models. Similarly, California lawmakers have proposed legislation that would require data centers to monitor customers who could be training potentially dangerous AI models and implement measures to ensure they can shut them down.
The irony is that U.S. policymakers and pundits have serious concerns about the potential for foreign government control over technology in the United States. In addition to the ongoing debate about the Chinese-owned TikTok app running on mobile devices and bans on Chinese-made drones, in recent months the Biden administration has raised concerns about the potential for China to remotely access or disable connected vehicles on U.S. roads and shipping cranes at U.S. ports. Given U.S. objections in these cases, it is easy to see how other countries might react to proposals to have U.S. chipmakers embed mechanisms that would allow the U.S. government (or a U.S. chipmaker acting on their behalf) to shut down their computing capabilities. Even close U.S. allies might find that to be a bitter pillow to swallow.
U.S. export controls on AI chips are already a dubious policy as they are unlikely to hold back China’s progress in AI. China already has an existing stock of chips and is quickly pivoting to develop its own supply that is not reliant on U.S. companies. Moreover, these export restrictions will hurt U.S. companies over time by diverting revenue to foreign competitors that could otherwise go towards investments in domestic R&D. Adding on-chip governance measures to U.S. chips would not add values for customers and would instead further erode U.S. competitiveness.
The United States is not the 800-pound gorilla anymore, able to throw its weight around without consequences. Now it’s more like a 100-pound chimpanzee, scrapping for space just like everyone else. U.S. policymakers need to recognize that the era of unilateral dominance has passed, and a more nuanced approach is essential for navigating the complexities of the global digital economy.
