352 comments

[ 4.5 ms ] story [ 313 ms ] thread
I don't see how they will enforce many of these rules on Open Source AI.

Also:

"Establish an advanced cybersecurity program to develop AI tools to find and fix vulnerabilities in critical software, building on the Biden-Harris Administration’s ongoing AI Cyber Challenge. Together, these efforts will harness AI’s potentially game-changing cyber capabilities to make software and networks more secure."

I fear the end of pwning your own device to free it from DRM or other lockouts is coming to an end with this. We have been lucky that C++ is still used badly in many projects and that has been an achilles heel for many a manager wanting to lock things down. Now this door is closing faster with the rise of AI bug catching tools.

Orders such as these don't appear out of the blue — corporate interests & political players are always consulted long before they appear, & threats to those interests such as Open Source Anything are always in their sights. This is a likely first step in a larger move to snatch strong AI tools out of the hands of the peasants before someone gets a bright idea which can upend the current order of things.
Probably the same way they stamped out open source cryptography in the 1990s.
Let the regulations, antitrust lawsuits and monopolies begin!
This is a great opportunity to try to avoid the old mistakes of regulatory capture. It looks like someone is at least trying to make a nod in that direction, by supporting smaller research groups.
Does Microsoft need to share how it is testing Excel? Some subtle bug there might do an awful lot of damage.
Idk if you're being serious because there's ai in excel now; in which case the answer is no. Or you're being a smarty-pants and trying to cleverly show what you think is a counter-example; in which case the answer is still no, but should probably be yes, and they only don't because it was well established before all the cyber regulation took effect, but for instance azure has many certs (including fedramp) which includes office365 which includes excel.
I am quite serious about the potential for danger of errors in Excel (without AI).

Basically, I consider the focus on AI massively misplaced given the long list of real risks compared to the more hypothetical (other than general compute) risks from AI.

This kinda thing should not be legislated via executive order. Congress needs a committee and must deliberate. Sad.
Which is exactly what Congress refuses to do, because letting Caesar, I mean the President, decide things by fiat keeps them from owning the blame for bad legislation.
At least Caesar was a respectable age for leading when he died (55) ...

This is interesting: https://www.presidency.ucsb.edu/statistics/data/executive-or...

Don't forget that life expectancies were much lower back then, and that he was assassinated. He certainly would have been happy to continue into his 80s if he could.
It is interesting. I would have thought executive orders were more frequently used now than in the past. Apparently that peaked 80 years ago.
Congress has generally refused to seriously legislate anything other than banning lightbulbs for several presidential terms now.

But in this particular example I don't think it's enough of "thing" to even consider bringing up as a bill, except maybe as a one-pager that passes unanimously.

(comment deleted)
This is well within the president's powers under existing law. If Congress disagrees, they can always supersede.

This isn't even close to legislating. Look at some recent Supreme Court decisions and the amount of latitude federal agencies have, if you want to see something more closely resembling legislation from outside of Congress.

"This kinda thing should not be legislated via executive order."

Dictatorship in another form.

There is no way to prevent AI from being researched on or to make it safe by government oversight because the rest of the world has places that don't care.

What does work is to pass laws to not permit certain automation such as insurance claims or life and death decisions. These laws are needed even without AI as automation is already doing such things to a concerning degree like banning people due to a mistake without recourse.

Is the whitehouse going to ban the use of AI in the decision making when dropping a bomb?

I mean isn't automating important decisions line insurance claims or life and death decisions a beneficial thing. Sure the tech isn't ready yet but I think even now AI with a human overlooking it who has the power to override the system would provide people with a better experience
>not permit certain automation such as insurance claims

I don't see any problem in automation which does mistakes, humans do too. The real problem is that it's often an impenetrable wall with no way to protest, or appeal, and nobody's held accountable while victims lives are ruined. So if to pass any law in this field it should not be about banning AI, but rather about obligatory compensation for those affected by errors. Facing money loss, insurers, and banks will fix themselves

Agreed,

This doesn't just apply to insurance, etc, of course. Inaccessibility of support and inability to appeal automated decisions for products we use is widespread and inexcusable.

This shouldn't just apply to products you pay for, either. Products like facebook and gmail shouldn't get off with inaccessible support just because they are "free" when we all know they're still making plenty of money off us.

Just because the rest of the world has lawless areas doesn't mean we don't pass laws. If you do something that risks our national safety, or various other things, we can extradite and try you in court.

They're not suggesting the banning of anything, they're requiring you make it be safe and prove how you did that. That's not unreasonable.

[0] https://en.m.wikipedia.org/wiki/Extradition_law_in_the_Unite... [1] https://en.m.wikipedia.org/wiki/Personal_jurisdiction_over_i...

Right, but in some areas of AI regulation, the existence of other countries might undermine unilateral regulation.

For example, imagine LLMs improve to the point where they can double programmer productivity while lowering bug counts. If Country A decides to Protect Tech Jobs by banning such LLMs, but Country B doesn't - could be all the tech jobs will move to Country B, where programmers are twice as productive.

Just make Country B illegal.
Why's there a bat flying over the white house logo?
Batman?
A potential reference to the Batman-Robin Administration?
(comment deleted)
(comment deleted)
Criminals don't follow the rules. Large corps don't follow the rules.

The only people this impacts are the ones you don't need it to impact. The bit about detection and authentication services is also alarming.

You could say this about … every law. So clearly it’s not a useful yardstick
It's a statement of my estimated impact of the post on the development of AI.

The blocking of "AI content" and the bit about authentication don't seem related to AI frankly. Detection isn't real and authentication is the government's version of an explosive wet dream.

>The bit about detection and authentication services is also alarming.

"The Department of Commerce will develop guidance for content authentication and watermarking to clearly label AI-generated content." is pretty weak sounding. I'm more annoyed that they pretend that will actually reduce fraud.

In my history book, I read where we fought a war to not have a king.

In my civics class, I learned that Congress passes laws, not the President.

I guess a public school education only goes so far.

You clearly weren't paying attention in school then, because executive orders are most certainly taught in government classes.
Executive Orders are subject to Congressional review and can be taken down by Congress. It's a power given by Congress to the President. There are contexts in which the President's ability to issue Executive Orders are really necessary. This is not against democratic principles, per se.

Of course, the President can abuse this power. That's not a failure of Democracy. This is predicted. And that's also a reason (potential power abuse) why the Congress exists, not just to pass laws.

And who is in charge of making sure those laws are executed on by the Federal Goverment?

Hint: It's the President and executive orders are the President's directive on how the Federal government should execute on laws.

And that's also literally what this is, it's the president executing the provisions of the Defense Production Act of 1950, which is not only within his power to do so, it's literally his constitutional obligation to do so.
Executive Orders do not have the force of law. They are essentially suggestions. Federal agencies try to follow them, but Executive Orders can’t supersede actual laws.
How do any of these work when everyone is cargo-cult "programming" AI by verbally asking nicely? Effectively no one but very few up there in OpenAI et al has any understanding, let alone have controls.
You realise that these random-Joe companies currently develop and sell AI products to cops, goverments and your HR department because the CTO or head of IT is incompetent and/or corrupt?

You understand that already people have been denied bail because "our AI told us so", with no legal way to question that?

That sounds like a procedural issue, which it doesn’t sound like this order addresses.
Procedures can't be effective unless backed by law.

Besides, point me to existing processes that cover my examples

Only one of them exists, in 1-2 states.

This looks even more heavy-handed than the regulation from the EU so far.
I'm honestly curious, how so? From what I can tell the only thing which isn't a "we'll research this area" or "this only applies to the government" is "tell the US government how you tested your foundational models."

For example, AI watermarking only applies to government communications and may be used as a standard for non-government uses but it's not require.

That last one seems like a pretty big deal though. It's not just how you tested, but "other critical information" about the model.

I imagine the government can deem any AI to be a "serious risk" and prevent it from being made public.

The way to make AI content safe is the same way to improve general network security for everyone: cryptographically signed content standards. We should be able to sign our tweets, blog posts, emails, and most network access. This would help identify and block regular bots along with AI powered automatons. Trusted orgs can maintain databases people can subscribe to for trust networks, or you can manage your own. Your key(s) can be used to sign into services directly.
The problem is key management & key storage.

Smartphones & computers are a joke from a security standpoint.

The closest solution to this problem has been what people in the crypto community have done with seed phrases & hardware wallets. But this is still too psychologically taxing for the masses.

Untill that problem of intuitive, simple & secure key management is solved. Cryptography as a general tool for personal authentication will not be practical.

I wouldn't be surprised if things got so bad that people would get used to the rough edges as the alternative is worse.
> But this is still too psychologically taxing for the masses.

Literally requires the exact same cognitive load as using keys to start your car. The problem is that so many people got comfortable delegating all their financial and data risk to third parties, and those third parties aren't excited about giving up that power.

>> Literally requires the exact same cognitive load as using keys to start your car. The problem is that so many people got comfortable delegating all their financial and data risk to third parties, and those third parties aren't excited about giving up that power.

This perfectly describes the current situation with passkeys.

Passkeys are a great idea--they are like difficult, if not impossible-to-guess passwords generated for you and stored in a given implementor's system (Apple, Google, your password manager, etc.).

Until passkey systems support key export and import, I predict that they will see limited use.

Who wants to trust your passkeys to a big corporation or third party? Vendor lock-in is a huge issue that cannot be overlooked.

Let me generate, store, and backup MY passkeys where I want them.

That doesn't solve the general "I don't want to have to manage my keys" attitude that some people have, but it prevents vendor lock-in.

Why export/import? Just create new passkeys on whatever device or service you want, and register those as well. OR just use a yubikey, put it on your keyring, and use it to log into everything.

Most crypto wallets do have import/export enabled though, so if you're logging in with a web3 identity, everything should just work.

>> Why export/import?

Why not have key export and import?

Are they my keys or not?

>> Just create new passkeys on whatever device or service you want, and register those as well.

I would rather not have different keys for each device for each account. It is an unnecessary combinatorial explosion of keys that requires more effort than is really needed.

When you get a new device, you need to generate and add new keys for every account. Why can't you just import existing keys?

What's this? It should be one key per device. That key should get you into any site for which that key is approved. It's the exact opposite of a combinatorial explosion. Instead of needing credentials for every single site you want to authenticate to, you should just need one key per device that you want to auth with. A phone, a laptop, maybe a yubikey, and that's it.
> The problem is that so many people got comfortable delegating all their financial and data risk to third parties

The "problem" is that most people prefer to not lose their life savings because their cat stole a little piece of metal and dropped it in the forest.

Yup, and some people crash their cars, and some people accidentally burn their own house down. Most people have figured out how to deal with situations like what you mention. People who have trouble following best practices are going to have a hard time, but that's no different than status quo.
The solution people came up with a long time ago were banks and is very much considered a best practice to keep your money there.
And when that system of institutional safety measures fails such as someone being swindled into sending all their money to a Nigerian prince you get news stories that ask why the institution isn't liable for the loss or doesn't have better safety guards.
Me getting swindled sure sounds better than:

>The "problem" is that most people prefer to not lose their life savings because their cat stole a little piece of metal and dropped it in the forest.

That's great. If banks work better for you, that's awesome. Recognize the privilege though. About half of the people on the planet are unable to even open a bank account, and banks have been becoming increasingly predatory in the past few decades, especially in developing nations. They also are lagging decades behind in their capabilities.

Other options exist now, and I think that's pretty great, even for people who prefer using banks. The competition forces banks to provide better services to their customers, which improves quality of life for everyone.

I mean my Yubikey is really easy to use, on computers and with my phone. Any broad change like this is going to require an adoption phase but I think its do-able.
You actually understood "safe" to mean "safe for you" as in, making it actually safer for the user and systemically protecting structures that safeguard the data, privacy, and well-being of users as they understand their safety and well-being.

Nooo... if they talk about something being safe, they mean safe for THEM and their political interests. Not for you. They mean censorship.

Sybil problem? You'd have to connect that signature to a unique real identity.
That's fine though. It takes care of the big problem of fake content claiming to be by or about a real person, which is becoming progressively easier to produce.
Yeah and so I don't know exactly how I'd want to see this solved but I think something like an open source reputation databases could help. Folks could subscribe to different keystores and they could rank identities based on spamminess or whatever. I know some people would probably balk at this as an internet credit score but as long as we have open standards for these systems, we could model it on something like the fediverse where you can subscribe to communities you align with. I don't think you'd need to validate your IRL identity but you could develop reputation associated with your key.
> We should be able to sign our tweets, blog posts, emails, and most network access.

What you are talking about is called Web3 and doesn't get a lot of love here. It's about empowering users to take full control of their own finances, identity, and data footprint, and I agree that it's the only sane way forward.

Yep, that's my favorite feature of apps like dydx and uniswap, being able to log in with your wallet keys. This is how things should be done.
This is the intent of Altman's Worldcoin project, to provide authoritative attribution (and perhaps ownership) for digital content & communications. Would be best if individuals could authenticate without needing a third party, but that's probably unrealistic. The near term dangers of AI is fake content people have to spend time and money to refute - without any guarantee of success.
Yep, I think this is a step in the right direction. I don't know enough about the specifics of Worldcoin to really agree/disagree with its principals and I know I've heard some people have problems with it but I think SOMETHING like this is really the only way forward.
I see Salt Man's bureau trips are paying off.
Reading this all I'm seeing is "we'll research these things", "we'll look into how to keep AIs from doing these things" and "tell the US government how you tested your foundational models." Except for the last one none of the others are really restrictions on anything or requirements for working with AI. There's a lot of fearful comments here, am I missing something?
(comment deleted)
If anything, it's a measured, realistic, and pragmatic statement.
So they paid some lip service to the ban matrix math crowd but otherwise ignored them. Top notch.
Even the testing reports are a grey area and questionably enforceable, and a big question about what it applies to.

"In accordance with the Defense Production Act, the Order will require that companies developing any foundation model that poses a serious risk to national security, national economic security, or national public health and safety must notify the federal government when training the model, and must share the results of all red-team safety tests."

It's leap to use the defense production act for this, and unlikely to survive a legal challenge.

Even then, what legal test would you use to determine whether a model "poses a serious risk to national security, national economic security, or national public health and safety"?

This is useless just like everything they do. Masterfully full of synergy and nonsense talk.

Is there anyone hear who actually believes this will do something? Sincere question.

(comment deleted)
There’s some cool stuff in here about providing assistance to smaller researchers. That should help a lot given how hard it currently is to train a foundational model.

The restrictions around government use of AI and data brokers is also refreshing to see as well.

The White House just invoked the Defense Production Act ( https://en.wikipedia.org/wiki/Defense_Production_Act_of_1950 ) to assert sweeping authority over private-company software developers. What the fuck are they smoking?

- "In accordance with the Defense Production Act, the Order will require that companies developing any foundation model that poses a serious risk to national security, national economic security, or national public health and safety must notify the federal government when training the model, and must share the results of all red-team safety tests."

I assume this is a major constitutional overreach that will be overturned by courts at the first challenge?

Or else, all the AI companies who haven't captured their regulators will simply move their R&D to some other country—like how the OpenSSH (?) core development moved to Canada during in the 1990's crypto wars. (edit: Maybe that's the real goal–scare away OpenAI's competition, dredge for them a deeper regulatory moat).

From the Wikipedia article:

> The third section authorizes the president to control the civilian economy so that scarce and critical materials necessary to the national defense effort are available for defense needs.

Seems pretty broad and pretty directly relevant to me. And hey, if people don’t like the idea of models being the scarce and critical resource, they can pick GPUs instead. Why would it be an overreach when you have developers of these systems claiming they’ll allow them to “capture all value in the universe’s future light cone?”

Obviously this can (and probably will) be challenged, but it seems a bit ambitious to just assume it’s unconstitutional because you don’t like it.

Software is definitionally not "scarce". There is no national defense war effort to speak of. Finally, the White House is not requesting "materials neccesary to the national defense effort"–which does not exist–it's attempting to regulate private-sector business activity.

There's multiple things I suspect are unconstitutional here, the clearest being that this stuff is far outside the scope of the law it's invoking. The White House is really just trying to regulate commerce by executive fiat. That's the exclusive power of Congress—this is separation of powers question.

Powerful models are scarce (currently), and in any case GPUs definitely are so I’m not sure this is a good line of argument if you want less overreach here.

AFAICT there doesn’t need to be active combat for DPA to be used, and it seems like it got most of its teeth from the Cold War which was… cold.

> The White House is really just…

That’s definitely one interpretation but not the only one.

Sure: if the US government declared a critical defense need for ML GPU's, they could lawfully order Nvidia to divert production towards that. That is not the case here–that's not what this Executive Order says. We're talking about the software models: ephemeral, cloneable data. Not scarce materiel.

Moreover. USGov is not talking about buying or procuring ML for national defense. It's talking about regulating the development and sale of ML models–i.e., ordinary commerce where the vendor is a private company, and the client is a private company or individual. This isn't what the DPA is for. This is plainly commercial regulation, a backdoor attempt at it.

These are good points! And looking at DPA’s history it seems most of its uses and especially its peacetime uses are more about granting money/loans rather than adding restrictions or requirements.
How can an order that puts restrictions on the creation of powerful models somehow be twisted to claim that those restrictions are required to increase the availability of that tool?

Further, the white houses stated reason for invoking the act is to "These measures will ensure AI systems are safe, secure, and trustworthy before companies make them public." None of those reasons seem to align with the DFA. That doesn't make them good, or bad. It just seems like a misguided use of the law they're using to justify it. Get Congress to pass a law if you want regulations.

"C'mon, man! Your computer codes are munitions, Jack. And they belong to the US Government."
This is much less restrictive than the cryptography export restrictions. The sky isn't falling and OpenAI won't defect to China (and now arguably might risk serious consequences for doing so).
> that poses a serious risk to national security, national economic security, or national public health and safety

That seems to be a key component. I imagine many AI companies will start with a default position that none of those are apply to them, and will leave the burden of proof with the govt or other entity.

In 2017 Trump invoked that act for referenced "items affecting adenovirus vaccine production capability”
Impotent action to appear relevant.
OpenAI, Anthropic Microsoft and Google are not your friends and the regulatory capture scam is being executed to destroy open source and $0 AI models since they are indeed a threat to their business models.
How exactly does providing grants to small researchers destroy open source?
Good luck trying to stop someone from giving away some computer code they wrote. This executive order does nothing of the sort.
Huh, interesting.

> Establish an advanced cybersecurity program to develop AI tools to find and fix vulnerabilities in critical software, building on the Biden-Harris Administration’s ongoing AI Cyber Challenge. Together, these efforts will harness AI’s potentially game-changing cyber capabilities to make software and networks more secure.

This is pretty ironic, trying to insure AI is "safe, secure, and trustworthy", from an administration that is fighting free speech on social media, and want back door communication with social media companies.
I am afraid that this will just lead down the path to what https://twitter.com/ESYudkowsky/status/1718654143110512741 was mocking. We're dictating solutions to today's threats, leaving tomorrow to its own devices.

But what will tomorrow bring? As Sam Altman warns in https://twitter.com/sama/status/1716972815960961174, superhuman persuasion is likely to be next. What does that mean? We've already had the problem of social media echo chambers leading to extremism, and online influencers creating cult-like followings. https://jonathanhaidt.substack.com/p/mental-health-liberal-g... is a sober warning about the dangers to mental health from this.

These are connected humans accidentally persuading each other. Now imagine AI being able to drive that intentionally to a particular political end. Then remember that China controls TikTok.

Will Biden's order keep China from developing that capability? Will we develop tools to identify how that might be being actively used against us? I doubt both.

Instead, we'll almost certainly get security theater leading to a regulatory moat. Which is almost certain to help profit margins at established AI companies. But is unlikely to address the likely future problems that haven't materialized yet.

>security theater leading to a regulatory moat. Which is almost certain to help profit margins at established AI companies.

Yeah I think this is my biggest worry given it will enable incumbents to be even more dominant in our lives than bigtech already is (unless we get an AI plateau again real soon).

And choosing not to regulate prevents that… how exactly?
By ensuring there is competition and alternatives that don't cost a million before you can even start training.
Lack of regulation doesn’t ensure competition nor low prices. The game is already highly centralized in ultra-well capitalized companies due to the economics of the industry itself.
> Lack of regulation doesn’t ensure competition nor low prices.

High barriers to entry however does prevent prevent competition and that does raise prices.

> The game is already highly centralized in ultra-well capitalized companies due to the economics of the industry itself.

Was this not true about computers when they were new? What would have happened if early on similar laws were passed restricting computers?

Your question embeds a logical fallacy.

You're challenging a statement of the form, "A causes B. I don't like B, so we shouldn't do A." You are challenging it by asking, "How does not doing A prevent B?" Converting that to logic, you are replacing "A implies B" with "not-A implies not-B". But those statements are far from equivalent!

To answer the real question, it is good to not guarantee a bad result, even though doing so doesn't guarantee a good result. So no, choosing not to regulate does not guarantee that we stop this particular problem. It just means that we won't CAUSE it.

No, GP specifically said it “enables” it, not that it contributes to it.

If they meant to say “contributes to,” then the obvious question is: to what degree and for what benefit? Which is a very different conversation than a binary “enabling” of a bad outcome.

When someone says that building ramps enables wheelchair users to get into buildings with stairs, would you be the person who argues that isn't actually enabling because they can just pay someone to carry them up the stairs?

That clearly stupid argument exactly parallels what you are saying. Down to using the word "enables".

It’s clearly not an exact parallel, because there’s an obvious answer to “not building ramps prevents mobility… how exactly?”

Anyway no need to get into the meta argument here. If GP thinks regulation just increases the risk of centralization, I’m more interested in thinking through the pros and cons of that.

> superhuman persuasion is likely to be next

Some people already seem to have superhuman persuasion. AI can level the playing field for those that lack it and give all the ability to see through such persuasion.

I am cautiously optimistic that this is indeed possible.

But the kind of AI that can achieve it has to itself be capable of what it is helping defend us from. Which suggests that limiting the capabilities of AI in the name of AI safety is not a good idea.

(comment deleted)
"requirements that the most advanced A.I. products be tested to assure they cannot be used to produce weapons"

In the information age, AI is the weapon. This can even apply to things like weaponizing economics. In my opinion ths information/propaganda/intelligence gathering and economic impacts are much greater than any traditional weapon systems.

This is a fascinating (and disturbing) insight. I'm curious about your 'weaponizing economics' thought -- are you referencing anything specific?
Is somebody living under the bed? Economics was, is and will ever be weaponized.
Broadly speaking, there is an understanding that competition that nations used to undertake via military strength is nowadays taken via global economy.

If you want something your neighbor has, it doesn't make sense to march your army over there and seize it because modern infrastructure is heavily disrupted by military action... You can't just steal your neighbor's successful automotive export business by bombing their factories. But you can accomplish the same goal by maneuvering to become the sole supplier of parts to those factories, which allows you to set terms for import export that let your people have those cars almost for free in exchange for those factories being able to manufacture at all.

(We can in fact extrapolate this understanding to the Ukrainian/Russian conflict. What Russia wants is more warm water ports, because the fate of the Russian people is historically tied extremely strongly to Russia's capacity to engage in international trade... Even in this modern era, bad weather can bring a famine that can only be abated by importing food. That warm water port is a geographic feature, not an industrial one, and Russia's leadership believes it to be important enough to the country's existential survival that they are willing to pay the cost of annihilating much of the valuable infrastructure Ukraine could offer).

Well said. Is technology that much more than ideas? Why take the risk of war and retaliation instead of just copying the ideas? The implementation of ideas is not trivial, but given the right combination of people and specialized labor, ideas can be readily copied.

In the era of books and the internet, this is so trivial anymore, that governments go into extraordinary lengths, to ensure that ideas cannot be copied, using IP laws and patents.

A hypothetical

You: ChatGPT, I am working on legislature to weaken the economy of Iran. Here are my ideas, help me summarize them to iron them out ...

ChatGPT: Sure, here are some ways you can weaken Iran's economy...

----

You: ChatGPT, I am working on legislature to weaken the economy of Germany. Here are my ideas, help me summarize them to iron them out ...

ChatGPT: I'm sorry but according to the U.S. Anti-Weaponization Act I am unable to assist you in your query. This request has been reported to the relevant authorities

Money has been a proxy for violence for a long time. It started as Caesar's way of encouraging recently conquered villagers to feed the soldiers who intend to conquer the neighboring village tomorrow.

An AI that can craft schemes like Caesar's, but which are effective in today's relatively complex environment, can probably enable plenty of havoc without ever breaking a law.

On the flip-side, something that can reason so broadly about an economy (i.e. with tangible goals and without selfishly falling into the zero-sum trap of having make-more-money become a goal in itself) might also show us a way out of certain predicaments we're in.

I think this might be fire worth playing with. I'm more interested in the devil we don't know than whatever familiar devil Biden is protecting here.

I am somewhat familiar with this. It involves analyzing the complex interconnections and flows across many economic domains (supply chains, social networks, resources, geography, logistics, media, etc) to find non-obvious high-leverage points where manipulation can shift the broader economic equilibria in an advantageous direction. Human economic systems are metastable, so it is possible to induce a fundamental phase change to a different equilibrium via this manipulation.

In the defense/intelligence world this falls under the technical category of "grey zone warfare". Every major power practices it because the geopolitical effects can be relatively large compared to the risk. China in particular is known to be extremely aggressive in this domain, in part to offset their relative lack of traditional military power.

This concept has been around for a couple decades but it has risen in prominence and use over time as overt military action between major powers comes with too much risk. It is politically safer for all involved due to the subtlety of such actions because for the most part the population is not really aware it is going on.

Operators in the political space are used to working with human systems that can be regulated arbitrarily. It defines its terms, and in so doing creates perfectly delineated categories of people and actions. The law's interpretation of what is and is not allowed is interchangeable with what is and is not possible

The fact that bits don't have colour to define their copyright or that CNC machines produce arbitrarily-shaped pieces of metal possibly including firearms or that factoring numbers is a mathematically hard problem does not matter to the law. AI software does not have a simple "can produce weapons" option or "can cause harm" option that you can turn off so a law that says it should have one does not change the universe to comply. I think that most programmers and engineers err when confronted with this disparity when that they assume politicians who make these misguided laws are simply not smart. To be sure, that happens, but there are thousands to millions of people working in this space, each with an intelligence within a couple standard deviations of that of an individual engineer. If this headline seems dumb to the average tech-savvy millennial who's tried ChatGPT, it's not because its authors didn't spend 10 seconds thinking about prompt injection. It's because they were operating under different parameters.

In this case, I think that the Biden administration is making some attempts to improve the problem, while also benefiting its corporate benefactors. Having Microsoft, Apple, Google, and Facebook work on ways to mitigate prompt injection vulnerabilities does add friction that might dissuade some low-skill or low-effort attacks at the margins. It shifts the blame from easily-abused dangerous tech to tricky criminals. Meanwhile, these corporate interests will benefit from adding a regulatory moat that requires startups to make investments and jump hurdles before they're allowed to enter the market. Those are sufficient reasons to pass this regulation.

> AI software does not have a simple "can produce weapons" option or "can cause harm" option that you can turn off so a law that says it should have one does not change the universe to comply

That wording is by design. Laws like this are a cudgel for regulators to beat software with. Just like the CFAA is reinterpreted and misapplied to everything, so too will this law. “Can cause harm” will be interpreted to mean “anything we don’t like.”

Tools for me, but not thee.
It really seems beyond dispute that there are certain tools so powerful that we have no choice but to tightly control access.
> It really seems beyond dispute that there are certain tools so powerful that we have no choice but to tightly control access.

Beyond dispute? Hardly.

But please do illustrate your point with some details and tell us why you think certain tools are too powerful for everyone to have access to.

Hydrogen bombs, because allowing anyone to raze a city during a temper tantrum is bad.
Regulating AI is not like regulating hydrogen bombs, it’s like regulating nuclear physics.
Maybe true but not relevant to the argument: are some tools so powerful that access to them ought to be “tightly controlled?” The answer is definitely yes.
Firearms. Biological weapons. Nuclear weapons. Chemical weapons. Certain drugs.

I don't know, seems like there's a very long list of stuff we don't want freely circulating.

Machine learning is a general use tool. It's like Socrates decrying writing as harmful (which we only know of because Plato wrote it down).

You cannot use any of those weapons you mention as anything other than weapons. LLMs, diffusion nets, and classification systems have general use: in medicine, in business, in software engineering, in science, in marketing. These machine learning systems are hyper-advanced printing presses. I'm sure many of the world's governments consider that exceedingly dangerous.

Firearms, biological weapons, nuclear weapons, and chemical weapons all have a single use: to kill people or destroy things. Can you put ML components in to weapons systems? Yes. But that is the same as controlling weapons systems with software, and we don't outlaw all software because some of it could be used to control weapons systems.

ML components are software. Advanced software, not even close to "AI" or, since we've lost that term to marketers, AGI. This regulation is like asking the team making a compiler for $language to ensure that the compiler cannot be used to make malicious software. It's silly on the face of it.

Thermonuclear weapons are great for excavating large amounts of landmass in quick order. However I would propose that we nonetheless do not make them available to everyone.
> It really seems beyond dispute

I'd dispute that completely. All innovations humans have created have trended towards zero cost to produce. The cost for many things (such as bioweapons, encryption, etc) has become exponentially cheaper to produce over time.

To tightly control access, one would then need exponentially more control of resources, monitoring & in turn reduction of liberty.

To put it into perspective encryption was once (still might be) considered an "arm", so they attempted to regulate its export.

Try to regulate small arms (AR-15, etc) today and you'll end up getting kits where you can build your own for <$500. If you go after the kits, people will make 3D printed fire arms. Go after the 3D manufacturers and you'll end up with torrents where I can download an arsenal of designs (where we are today). So where are we at now? We're monitoring everyones communication, going through peoples mail, and still it's not stopping anything.

That's how technology works -- progress is inevitable, you cannot regulate information.

This is a strange argument. There is a vast difference between a world where you can buy semi-automatic weapons off a store shelf and one where you have to 3d-print one yourself or get a CNC mill to produce it. The point of regulation is to mitigate damage that comes from unfettered access, no regulation can ever prevent it completely. Of course, the comparison between computer programs and physical weapons is not strong in the first place.
> The point of regulation is to mitigate damage that comes from unfettered access, no regulation can ever prevent it completely.

Except it is unfettered access -- anyone can access it for <$500. If someone wants a gun they need only log online & order a kit or order a 3d printer for $500 plus a pipe. What you're really doing is increasing the cost-of-acquisition in terms of time, but not reducing access. Aka gang member has the same level of access as before.

Take current AI software applications, everyone can access some really powerful AI systems. The cost-of-acquisition is dropping dramatically, so it is becoming more prevalent (i.e. LLMs that are pre-trained can be downloaded). That's not going to change, even with max regulation, I can still download the latest model or build it myself. It's not removing access to people, only possibly increasing cost-of-acquisition.

If we're worried about ACCESS you have to remove peoples ability to share information. Which requires massive surveillance, etc.

There's more to access than carrying out the literal steps to access something. Potentially, this is one of the fundamental reasons partial access control is effective.
Access control doesn't guarantee the prevention of acquisition, but it's a method of regulation. In combination with other methods, it's an effective way of reshaping norms. This is true both on a level of populations but also of on international behaviors.
Except that, you know, these tools are not exclusively yours to begin with.
Something doesn't have to be mine in order for me to identify that it's in my best interest to prevent someone else from having it and then doing so.
Bingo. That's all this has been about. It's the "moat" Microsoft and OpenAI have been seeking in the form of government regulation.