How do you hug a cloud?

Years ago, I heard an enforcement official describe deemed exports like “hugging a cloud.”  As soon as you had your arms around a situation, it would dissipate – evaporating into mist, expanding, visibly there, but at the same time, somehow, not there.

Fast forward to today, and the same government agency is trying to get its arms around a range of new technologies and advancements.  The U.S. Commerce Department has proposed a rule which, if enacted, would create substantial new regulations for Infrastructure as a Service (IaaS) providers.  The rule also takes aim at foreign persons who might use these platforms to train large Artificial Intelligence (AI) models.  Once implemented, the rule could impose significant new processes, controls and reporting requirements for companies like Google, IBM, Microsoft, Amazon and hundreds (if not thousands) of related companies.

What is IaaS and why should we control it?

Because they know you need another acronym to remember, the computing world has created IaaS (aka, “Infrastructure as a Service”).  This is the grown-up version of its two younger siblings – Software as a Service (SaaS) and Platform as a Service (PaaS).  Simply put, when you log into your WebEx account, you’re using SaaS.  At the other end of the spectrum, IaaS is a highly-flexible, scalable solution for an enterprise – offering a range of servers, networks, hardware, software, storage and other computing services through virtualization.  (Think of a global company that runs all its computing through services like MS Azure or AWS.)

There are many benefits of IaaS, including:

• Easy deployment of new storage, processing and applications across an entire organization
• You have complete control of the infrastructure
• Scalable and use-based consumption models

So, why would the government want to control IaaS?  One of the main benefits of the service is that it allows customers to run software and store data without assuming the direct operating costs or maintenance of these servers.  At the same time, some foreign adversaries have used IaaS for things like:

• IP and sensitive data theft
• Covert espionage
• Threatening U.S. national security by targeting critical infrastructure

After engaging in these malicious acts, the foreign adversaries can quickly move to replacement infrastructure offered by U.S. IaaS providers and products – leaving almost no trace behind.  Further, many IaaS providers also offer AI capabilities.  These large AI models could potentially be used to develop and/or automate malicious activities.

Attempts to control these new technologies began under President Trump and have continued under President Biden – primarily through two Executive Orders.  The current proposed rule from the Commerce Department is in response to these orders.

How will we hug the “IaaS Cloud”?

The proposed new rule contains several provisions for U.S. IaaS companies.  Among them are:

• The development and implementation of a Customer Identification Program (CIP)
• Reporting requirements when a foreign customer uses IaaS products to perform certain activities;
• Ongoing monitoring of customers to identify suspected malicious activities;
• Requirements to ensure resellers of IaaS products also comply with these rules – including foreign resellers. (This is a big one in terms of implementation.  Just imagine how IBM or Amazon is going to police resellers of its products all around the world?)
• The ability for Commerce to assess/inspect IaaS providers, make recommendations, and if necessary, to prohibit some (or all) transactions until satisfactory changes are made.
• Some providers may be exempt from certain requirements if Commerce determines they have an established program – called an Abuse of IaaS Products Deterrence Program (ADP).

One specific thing to note regarding the CIP.  This is like any “Know Your Customer” guidance/program, although it formalizes the process and more clearly defines what must be done.  Some have compared it to the Anti-Money Laundering (AML) programs that banks and other financial institutions have implemented in recent years.

Under this proposed rule, a CIP would require IaaS providers to:

• Verify the identity of foreign person users for new or existing accounts (including what documents would suffice for this verification, and what will not);
• Verify resellers of IaaS products and services;
• Keep adequate records of all verifications / foreign users;
• Limit other third parties (unverified) from accessing the platforms;

Some commenters have suggested the CIP will not be sufficient because malicious actors are savvy enough to conceal their identity.  Most commenters have agreed the new rule would impose an increased compliance burden on their operation, and are in favor of exemptions from the rules if certain criteria are met (such as the adoption of an ADP).

The rule goes on to specify other requirements of a CIP, including definitions for what constitutes a “United States IaaS Provider.”

What about AI?  Can it be controlled?

As mentioned above, the new rule also imposes controls and requires IaaS providers to monitor activity for the training of large AI models.  But what does that mean?  Commerce gets specific here by describing a “dual-use foundation model” with the following definition:

The term “dual-use foundation model” means an AI model that is trained on broad data; generally uses self-supervision; contains at least tens of billions of parameters; is applicable across a wide range of contexts; and that exhibits, or could be easily modified to exhibit, high levels of performance at tasks that pose a serious risk to security, national economic security, national public health or safety, or any combination of those matters, such as by: (i) substantially lowering the barrier of entry for non-experts to design, synthesize, acquire, or use chemical, biological, radiological, or nuclear (CBRN) weapons; (ii) enabling powerful offensive cyber operations through automated vulnerability discovery and exploitation against a wide range of potential targets of cyber attacks; or (iii) permitting the evasion of human control or oversight through means of deception or obfuscation.

It’s important to note that, as of today, there exist no actual controls on AI itself.  Rather, the U.S. Government has proposed (or already implemented) a range of controls around AI and its uses.  These include but are not limited to:

• Development of AI-capable advanced computing chips
• The machines used to manufacture those chips
• The software and algorithms that run AI
• The front-end IC production
• Advanced computing
• Encryption controls related to the above
• The outputs AI can create (for example, as noted above, outputs that help with CBRN weapons development, cyber-attacks and other evasion/deception activities, among other things)
• Controls on who uses AI (and how they use it)
• Deemed exports and reexports of AI technology

This proposed new rule represents a significant first step for Commerce’s Bureau of Industry and Security (BIS) towards implementing the Executive Orders targeting IaaS and AI.  Comments and suggestions for the rule are open until April 24, 2004.  You can read the proposed new rule here.

The keyword here is “first step.”  This is an ongoing process, and there are almost sure to be more rules and controls to follow as BIS attempts to “hug the cloud.”  The big question now is will this be a bear hug?  Or more of a one-armed, to-the-side bro hug?  Perhaps just a gentle squeeze?  We will find out sooner than later.