Encryption, spyware, and now Mythos: History shows why cyber export control doesn’t work
Last Friday, citing unspecified national security concerns, the White Houseordered Anthropicto restrict the export of its powerful AI models Fable and Mythos to anyone outside of the United States, as well as foreign nationals inside the country. Shortly after, the AI giant hastily pulled the plug on both models, which have now been unavailable to anyone for a week. The episode is the first real test of whether the U.S. government can use export controls to contain frontier AI the way it has tried, with very uneven results, to contain encryption and spyware before it. And dramatic as it may sound, how this standoff gets resolved could shape not just Anthropic’s access to foreign markets but the rulebook that other AI labs will have to build around. Some context first.Ever since Anthropic launched Mythos in April, the company has marketed it assome kind of Doomsday cyber machinethat could wreak havoc on the internet if released too widely — which is why, before the ban,only around 150 vetted companies and government organizationshad access to it at all. The goal was helping defenders secure their software and services before the bad guys could reach Mythos-like capabilities. So what triggered the ban? Two subsequent events, reportedly. The first: Anthropic gave a South Korean telecom access to Mythos through its limited partner program, and U.S. officials grew alarmed after identifying the company as one they suspected had ties to China. (The company,widely reportedto be SK Telecom, hasdeniedany China connection.) Amazon CEO Andy Jassy also reportedlyalerted the administrationafter Amazon’s own researchers, he said, found a way around Fable 5’s safeguards. Anthropic disputes the “jailbreak” label, calling it a narrow, already-patched issue rather than a wholesale defeat of the model’s safety measures. The result was the same: the Commerce Department issued an export control directive, and Anthropic had to scramble to immediately limit access to its products — within roughly 90 minutes of being notified, by some accounts. None of this is new, though. Governments have tried to use export controls to limit the proliferation of what they see as dangerous cyber technology for decades, but their track record has been middling at best. The U.S. government was behind what is perhaps history’s most spectacular failure of this approach in the early to mid-1990s. At the time, computer scientists were developing encryption technologies to secure data as it traveled over the internet. One of those encryption products was called Pretty Good Privacy, or PGP, a popular software that could encrypt data and make it virtually impossible to unscramble even if intercepted as it traveled to its intended recipient over the internet. The U.S. government initially saw PGP as a dangerous weapon, fearing it would prevent its intelligence agencies from snooping on emails as they crossed their wires. To stop the distribution of PGP, the U.S. Customs Serviceopened a criminal investigationagainst PGP’s creator Phil Zimmermann for allegedly violating arms export controls. He fought back by publishing PGP’s source codeas a printed book, igniting what is known today as the “Crypto Wars.” Zimmermann later won a key battle when the investigation was closed, paving the way for crucial end-to-end encryption algorithms such as the one used by billions of Signal and WhatsApp users. Later during the early 2010s, researchers began discovering Western-made spyware used against dissidents in the Middle East. In response, several governments agreed to expandthe Wassenaar Arrangement, an international treaty that limits the export of dual-use software and technologies that are used in both civilian and military applications. The idea was to classify surveillance and hacking software as dual-use, thus forcing spyware makers to get export licenses to sell their products abroad. Contact UsDo you have more information about the Mythos ban? From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, oremail. But Wassenaar has always had two inherent weaknesses. There are several countries that don’t adhere to the agreement, including Israel, which houses some of the world’s most active spyware makers. The agreement also depends on countries applying it to companies within their borders at their own discretion. For a time, the Italian government allowed one of the country’s then-top spyware makers, Hacking Team, a license to export its tools around the world, despite the company’s track record of selling spyware tooppressivegovernmentsthatused itto hack journalists and human rights activists. Since then,othercountriesin Europe have been lax with spyware makers like Italy. Despite numerous scandals, Europe, home tomany spyware and hacking tools makers, hascontinually failed to curb the export of spywareto authoritarian regimes. Critics say that a recently renewed effort across the bloc of 27 member states to tackle its growing problem of spyware exports to authoritarian states “does not go far enough.” Several spyware makers, such as Intellexa, a sanctioned consortium of spyware companies, have simply moved their operations to countries with lax export controls. Other spyware makers sought to move their operations to Saudi Arabia for similar reasons. There have been some wins. Germany-based spyware maker FinFishershut down in 2022after a multi-year investigation by German prosecutors into the company forallegedly selling spywareto Turkey without an export license. Investigators previously found the FinFisher spyware had beendeployed on the phonesof critics of Turkey’s government. As of the time of writing, the impasse between Anthropic and the Trump administration remains. There is a reasonable chance the administration will buckle and lift the restriction in the interest of keeping American AI companies competitive worldwide — a move that would amount to tacit acknowledgment that AI labs elsewhere, including in China, will likely reach similar capabilities regardless of what the U.S. restricts. Or, American AI companies could end up needing government approval before serving foreign customers at all, a compliance burden that would invariably dent their bottom line. Given the past experiences that world governments have had with trying to control the reach of software, government-mandated export controls are unlikely to be the right approach to stop malicious actors from abusing powerful dual-use cyber technologies.
