Array
(
    [content] => 
    [params] => Array
        (
            [0] => /forum/index.php?threads/commerce-department%E2%80%99s-role-in-protecting-critical-technology-with-the-under-secretary-alan-estevez.21876/
        )

    [addOns] => Array
        (
            [DL6/MLTP] => 13
            [Hampel/TimeZoneDebug] => 1000070
            [SV/ChangePostDate] => 2010200
            [SemiWiki/Newsletter] => 1000010
            [SemiWiki/WPMenu] => 1000010
            [SemiWiki/XPressExtend] => 1000010
            [ThemeHouse/XLink] => 1000970
            [ThemeHouse/XPress] => 1010570
            [XF] => 2021770
            [XFI] => 1050270
        )

    [wordpress] => /var/www/html
)

Commerce Department’s Role in Protecting Critical Technology with the Under Secretary Alan Estevez

XYang2023

Well-known member
On December 2, 2024, the U.S. Department of Commerce’s Bureau of Industry and Security (BIS) released a highly anticipated update to the Biden-Harris Administration’s AI and semiconductor export controls on China. These new policies and others are at the forefront of U.S. national security policy, with export controls emerging as a central component in the U.S. government’s efforts curb the People’s Republic of China’s use of critical and emerging technologies as part of its military modernization.On January 14, 2025, the CSIS Wadhwani AI Center is pleased to host Alan Estevez, Under Secretary of Commerce for Industry and Security and lead policymaker for U.S. export controls at the U.S. Department of Commerce. Mr. Estevez will join Wadhwani Center director Gregory C. Allen to unpack the recent export control updates and reflect on the Biden administration’s AI and semiconductor export control strategy as well as other developments in BIS from the past four years. This event will examine the importance of maintaining U.S. technological leadership, how BIS has built on earlier controls from the Biden and first Trump administrations, and the future of technology competition with China and other U.S. adversaries.

Mr. Estevez leads the Bureau of Industry and Security (BIS). BIS implements and enforces export controls on dual use critical technologies and investigates transactions involving tech supply chains which may pose a threat to U.S. national security. Prior to BIS, Mr. Estevez served for 36 years at the Department of Defense (DOD), including in two Senate-confirmed leadership positions. Most recently at the DOD, he served as Principal Deputy Under Secretary of Defense for Acquisition, Technology & Logistics, where he was responsible for developing, implementing, and managing acquisition, contracting, and logistics programs and policies that increased combat effectiveness, as well as the department’s efficiency and buying power.

 

Export Control Diffusion Confusion​

By Ken Glueck, Executive Vice President, Oracle—Jan 5, 2025
There is an old adage in Washington that a regulation’s harmfulness is directly proportional to the number of new acronyms created (warning, spoiler alert). By that standard, the Biden Administration’s “Export Control Framework for Artificial Intelligence Diffusion” will go down as one of the most destructive to ever hit the U.S. technology industry. A few weeks ago, we wrote about the so-called Diffusion Framework here. Had we known then what we know now, we might not have been so circumspect.

The Bureau of Industry and Security’s (“BIS”) proposed Interim Final Rule (“IFR”) is a highly complex and wildly overbroad attempt to regulate Artificial Intelligence and GPUs in the name of national security. For over half a century, bipartisan consensus has held that the best way to achieve U.S. technological leadership is to regulate technology with a light touch. As a result, American companies have continued to lead each successive generation of technology, from the personal computer to the Internet, to mobile, to the cloud, and now Artificial Intelligence.

We all agree on specific areas where the U.S. must control access to GPUs because of the technologies they enable. Two clear examples that must be controlled outside of the U.S. are (i) the use of AI to speed the modeling and developing of weapons of mass destruction and (ii) Frontier Model development with the potential to create Artificial General Intelligence “AGI.”

BIS could have fashioned a regulatory scheme specifically targeted at these and other high-risk uses and specified a set of restricted users of very high-volume GPUs. The Diffusion Framework misses this mark by a wide margin and chooses instead to disrupt U.S. leadership in cloud, chips, and AI. And what Congress accomplished by passing the CHIPS Act (a mere $280 billion) the Biden Administration takes away with the Diffusion Framework, because in one IFR it has managed to shrink the global chip market for U.S. firms by 80 percent and hand it to the Chinese.i

Today, and in the future, the most common use for AI and GPUs is to power new features within a larger cloud service or system.ii Enterprises are training AI models on their own data to enhance productivity and create differentiation. Whole industries are using AI to create entirely new offerings and efficiencies, like in healthcare, transportation or hospitality. AI is used to reduce fraud and increase compliance in industries like banking and insurance. Public sector entities are using AI to increase public safety. SaaS applications—like Customer Relationship Management, Supply Chain, Enterprise Resource Planning—use AI Agents to improve performance and productivity. Mobile applications use AI Agents for the same reasons. Search and recommender engines use AI to improve and better tailor results. And we can all agree that none of these workloads or uses of AI technology and the GPUs they rely on constitute national security concerns.

Substantial quantities of GPUs are common components of public cloud offerings all around the world. The Diffusion Framework even acknowledges the benefits of AI across industry and society, but then focuses on highly hypothetical dual-use concerns posed by unrestricted use of GPUs and worries about so-called “diversion” or “aggregation.” These concerns are unfounded, as GPU supply chains are tightly controlled, and when deployed most of these GPUs are “on rails”—meaning they are either architected, implemented, or supported in such a manner as to limit their uses elsewhere, including for malicious or concerning purposes.

Somehow, this one basic fact—AI as a feature of all public, commercial clouds—escaped those drafting the Diffusion Framework. Hundreds if not thousands of data centers around the world hosting commercial cloud services already deploy and use significant numbers of GPUs—yet in far fewer numbers than would even come close to creating national security concerns. These GPUs and the systems they are embedded within are deployed by U.S. cloud providers and are closely monitored because they generate revenue for the services they enable. Yet rather than apply surgical precision to regulate specific activities of concern, the Diffusion Framework drops the Mother of All Regulationsiii on the commercial cloud industry, regulating in one Interim Final Rule (“IFR”) nearly all commercial cloud computing globally for the first time in history.

With such a dramatic new set of regulations you might expect the Biden Administration undertook a lengthy consultation and public comment period. You would be wrong. There was no consultation or comment period. We digress, but just so we are clear, an Interim Final Rule is Washington’s oxymoronic version of the jumbo shrimp.iv It’s not interim at all. It’s every bit final. Industry is now facing a final rule, that is over 200 pages of unknown complexity and that is being rushed to press just 10 days before a new Administration is inaugurated.

Turning to what we know about the rule itself, the IFR turns decades of export control policy on its head. Rather than base controls around a simple set of restricted countries (i.e. D: 5 countries + Macau), or any other cognizable list, the Framework imposes a global license requirement (as in, everywhere) for AI technology and GPUs. This is without question a substantial deviation from the scoping of the threat in the February 5, 2024, Office of the Director of National Intelligence, Annual Threat Assessment of the U.S. Intelligence Community and the April 26, 2024, Department of Homeland Security Report on Reducing the Risks at the Intersection of Artificial Intelligence and Chemical, Biological, Radiological, and Nuclear Department, both cited in the draft IFR and neither referencing Portugal as a country of concern, for example. Nor did they cite Saudi Arabia or the UAE in the context of AI at all.

The Framework introduces so many new acronyms in what we may better call the Confusion Framework that it’s hard to keep them straight: AIA, ACM, LPP, DC VEU, UVEU, NVEU, TPP, ACA. Then the Framework identifies 20 AIA countries (Artificial Intelligence Authorization Countries) for modestly better regulatory treatment than the rest of the world, but at the same time creates a regulatory morass for cloud providers to even service some of our closest allies. In a single confusing action, the BIS retroactively regulates global cloud GPU deployments; shrinks the global market for U.S. cloud and chip suppliers; establishes volume restrictions; tells 20 countries they can be trusted only if they agree to new unilaterally imposed terms—including certification and semi-annual reporting requirements—and likely pushes the rest of the world to Chinese technology, which the CCP will be only too happy to leverage to catch up with the U.S.

Next, the Framework sets up UVEUs (Universal Validated End Users). These are apparently trusted ultimate consignees (i.e. U.S. cloud hyperscalers) that will enjoy faster access to provide GPUs worldwide. The problem with UVEUs is they come with strings attached … actually, the regulation shackles UVEUs to the BIS in perpetuity. The UVEU program is tethered to FedRAMP High (plus a series of NIST standards), a U.S. government-defined collection of information and physical security requirements “to account for the government’s most sensitive, unclassified data in cloud computing environments...”—not commercial industry data.v FedRAMP High requires annual third-party audits, specific staffing and access controls, and it includes data sovereignty requirements, mandating U.S. locations for storage of U.S. government data. The problem is that outside of the U.S. (and even for the overwhelming majority of data centers inside the U.S.), there is no reason for the thousands of existing commercial data centers to meet these requirements, and they currently do not. The UVEU process would fundamentally change the economics of data center deployment around the world. Having been through the FedRAMP High process, it is not for the faint of heart.

On the other end of the spectrum is another acronym, LPP (a license exception for Low Processing Performance). Under LPP, most countries outside of the favored club of 20 would be permitted low levels of GPUs governed by country-specific caps. The IFR introduces GPU caps aggregated for all exporters and re-exporters for countries under LPP that are well below what would be needed for even the most non-concerning cloud GPU workloads, rendering LPP almost meaningless. You might not understand how limiting the LPP exception is because it first requires a Total Processing Performance (“TPP”) to English conversion. Bottom line, it’s essentially a null set, so we are back to UVEU.

The overarching problem with the Diffusion Framework is that global commercial cloud has been built out continuously and globally over the past twenty years. Large investments have been made. Customer commitments have been made. Location decisions are driven by infrastructure, like power and bandwidth. Many critical questions seem to not be answered or even considered, prior to the issuance of an IFR. How does the rule reconcile sovereign clouds deployed around the world with the prior permission of the U.S. government? What about regulated customers, like banks, which deploy cloud in their own data centers? What about a national healthcare system? Does technology refresh count towards the country caps? What about data centers co-located and managed by others? Will existing data centers all have to meet the U.S. government-centric requirements of UVEU FedRAMP High?

The Framework completely misses the reality that the very large data centers—the ones with hundreds of thousands of GPUs capable of truly training frontier models that BIS allegedly wants to regulate—draw so much power you can see them from Mars. There’s no hiding in plain sight. GPUs cannot be secretly aggregated or diverted from U.S. cloud providers in such large quantities to be concerning without being caught. As a national security imperative, let’s understand what these very large implementations are, who controls them, and who the customers are. And then let’s focus the regulation on those limited areas of concern.

Finally, there’s when the IFR is supposed to go into effect—as of this writing, a mere 60 days after publication in the Federal Register. Let’s be clear. A rule of this consequence on that timetable will turn the U.S. cloud industry upside down.

We all agree on the need to protect national security from the very real threats from certain AI uses; however, this rule does more to achieve extreme regulatory overreach than protect U.S. interests and those of our partners and allies. It practically enshrines the law of intended consequences and will cost the U.S. critical technology leadership.

In one of the most bizarre, what’s up is down and down is up moments, the government proponents of this rule claim that they are protecting U.S. hyperscalers from global competition. Respectfully, apart from the previously articulated and agreed upon national security concerns, we don’t need a ride, we need government to get out of the way.

To retroactively and surreptitiously issue a final rule of this magnitude without industry consultation and only days before the change in Administration is highly consequential. For the first time, we are applying draconian new regulations to largely unregulated public, commercial cloud. We are stifling innovation and strangling emerging business models. Worse, without fully contemplating the rule’s effects, we are likely handing most of the global AI and GPU market to our Chinese competitors.
Let that sink in.

i https://www.wsj.com/politics/nation...98c2606?st=uw8Tfc&reflink=article_email_share
ii The Biden Administration even tracks examples of common uses of AI here: https://ai.gov/ai-use-cases/ and here: https://github.com/ombegov/2024-Federal-AI-Use-Case-Inventory
iii GBU-43/B Massive Ordnance Air Blast bomb. https://www.defense.gov/Multimedia/Photos/igphoto/2001732840/
ivYes, Reddit, we are taking a side. It’s an oxymoron.
v https://www.fedramp.gov/understanding-baselines-and-impact-levels/

 
Last edited by a moderator:
AI and the boom in clean-tech manufacturing are pushing America’s power grid to the brink. Utilities can’t keep up.

America Is Running Out of Power, Are Data Centers to Blame?

The Vogtle Electric Generating Plant in Georgia. Demand for industrial power is surging in the state, with the projection of electricity use for the next decade now 17 times what it was only recently.Arvin Temkar/AP

(Washington Post) -- Vast swaths of the United States are at risk of running short of power as electricity-hungry data centers and clean-technology factories proliferate around the country, leaving utilities and regulators grasping for credible plans to expand the nation’s creaking power grid.

In Georgia, demand for industrial power is surging to record highs, with the projection of electricity use for the next decade now 17 times what it was only recently. Arizona Public Service, the largest utility in that state, is also struggling to keep up, projecting it will be out of transmission capacity before the end of the decade absent major upgrades.

 
I think we have the solution to power problem. There are new, compact, and clean nuclear plant start-ups in process and other type of energy scaling up. It is like the old fabs versus the new clean ones. The old dirty nuclear plants versus the new clean ones. I have high hopes here in California and around the world. The world needs to stop burning fuel for energy so the planet can heal thyself.
 
I think we have the solution to power problem. There are new, compact, and clean nuclear plant start-ups in process and other type of energy scaling up. It is like the old fabs versus the new clean ones. The old dirty nuclear plants versus the new clean ones. I have high hopes here in California and around the world. The world needs to stop burning fuel for energy so the planet can heal thyself.
I think carbon emissions from AI are moving us further away from achieving net-zero goals.

Given that Trump favors fossil fuels, I am not sure how this will end. There is a high demand to build data centers in the US, and I guess they will just burn more fossil fuels since they are cheaper for electricity generation.
 
I think carbon emissions from AI are moving us further away from achieving net-zero goals.

Given that Trump favors fossil fuels, I am not sure how this will end. There is a high demand to build data centers in the US, and I guess they will just burn more fossil fuels since they are cheaper for electricity generation.

I think Trump favors a strong economy above all. How we get there is negotiable. A strong green power strategy can get us there, absolutely. We do not have to burn dinosaurs. But yes, AI is going to add significantly top the datacenter problem. Like crypto mining but a much larger footprint.
 
Another slap to the face to our intelligence.

Here is a piece of American critical technology over which USA exercises 100% legal jurisdiction. https://pulitzercenter.org/stories/...y-used-build-russian-weapons-used-war-ukraine . US issues an export license to supply the machine to an enemy country, during war against a treaty ally. The supply of 1 such machine decides whether Russia can, or cannot produce large crankshafts needed for tank, and ship engines and large steel mill compressors.

Yet they obsess over "critical" technology which only largely impacts bottom lines of large companies, and which they already know they have little to no effective legal mean of control of.
 
Back
Top