From PGP to Mythos: a brief history of export controls that didn’t stop anyone
From PGP to Mythos: a brief history of export controls that didn’t stop anyone
从 PGP 到 Mythos:出口管制未能阻止任何人的简史
Last Friday, citing unspecified national security concerns, the White House ordered Anthropic to restrict the export of its powerful AI models Fable and Mythos to anyone outside of the United States, as well as foreign nationals inside the country. Shortly after, the AI giant hastily pulled the plug on both models, which have now been unavailable to anyone for a week.
上周五,白宫以未指明的国家安全担忧为由,下令 Anthropic 限制其强大的 AI 模型 Fable 和 Mythos 向美国境外人员以及境内的外国公民出口。此后不久,这家 AI 巨头匆忙切断了这两个模型的访问权限,导致它们在一周内对所有人不可用。
The episode is the first real test of whether the U.S. government can use export controls to contain frontier AI the way it has tried, with very uneven results, to contain encryption and spyware before it. And dramatic as it may sound, how this standoff gets resolved could shape not just Anthropic’s access to foreign markets but the rulebook that other AI labs will have to build around.
这一事件是对美国政府能否利用出口管制来遏制前沿 AI 的首次真正考验,就像它此前试图遏制加密技术和间谍软件一样,尽管之前的尝试结果参差不齐。虽然听起来很戏剧化,但这场僵局如何解决,不仅可能影响 Anthropic 进入外国市场的能力,还可能决定其他 AI 实验室必须遵循的规则手册。
Some context first. Ever since Anthropic launched Mythos in April, the company has marketed it as some kind of Doomsday cyber machine that could wreak havoc on the internet if released too widely — which is why, before the ban, only around 150 vetted companies and government organizations had access to it at all. The goal was helping defenders secure their software and services before the bad guys could reach Mythos-like capabilities.
先交代一下背景。自 Anthropic 于 4 月推出 Mythos 以来,该公司一直将其宣传为一种“末日网络机器”,如果发布范围过广,可能会对互联网造成严重破坏——这就是为什么在禁令发布之前,只有大约 150 家经过审查的公司和政府机构能够使用它。其目标是帮助防御者在坏人获得类似 Mythos 的能力之前,保护好他们的软件和服务。
So what triggered the ban? Two subsequent events, reportedly. The first: Anthropic gave a South Korean telecom access to Mythos through its limited partner program, and U.S. officials grew alarmed after identifying the company as one they suspected had ties to China. (The company, widely reported to be SK Telecom, has denied any China connection.) Amazon CEO Andy Jassy also reportedly alerted the administration after Amazon’s own researchers, he said, found a way around Fable 5’s safeguards. Anthropic disputes the “jailbreak” label, calling it a narrow, already-patched issue rather than a wholesale defeat of the model’s safety measures.
那么,是什么引发了禁令?据报道,是随后发生的两个事件。第一:Anthropic 通过其有限合作伙伴计划向一家韩国电信公司提供了 Mythos 的访问权限,美国官员在认定该公司涉嫌与中国有联系后感到警觉。(据广泛报道,该公司为 SK 电讯,但其否认与中国有任何联系。)据报道,亚马逊首席执行官安迪·贾西(Andy Jassy)在亚马逊自己的研究人员发现绕过 Fable 5 安全防护的方法后,也向政府发出了警报。Anthropic 对“越狱”这一标签表示异议,称这是一个狭窄的、已经修补的问题,而不是对模型安全措施的全面击溃。
The result was the same: the Commerce Department issued an export control directive, and Anthropic had to scramble to immediately limit access to its products — within roughly 90 minutes of being notified, by some accounts.
结果是一样的:商务部发布了出口管制指令,Anthropic 不得不手忙脚乱地立即限制对其产品的访问——据一些说法,在接到通知后大约 90 分钟内就完成了限制。
None of this is new, though. Governments have tried to use export controls to limit the proliferation of what they see as dangerous cyber technology for decades, but their track record has been middling at best. The U.S. government was behind what is perhaps history’s most spectacular failure of this approach in the early to mid-1990s. At the time, computer scientists were developing encryption technologies to secure data as it traveled over the internet. One of those encryption products was called Pretty Good Privacy, or PGP, a popular software that could encrypt data and make it virtually impossible to unscramble even if intercepted as it traveled to its intended recipient over the internet.
然而,这一切并不新鲜。几十年来,各国政府一直试图利用出口管制来限制它们认为危险的网络技术的扩散,但其记录充其量只能说是平平。美国政府在 20 世纪 90 年代初至中期经历了这种方法历史上最引人注目的失败。当时,计算机科学家正在开发加密技术,以保护数据在互联网上传输时的安全。其中一种加密产品被称为“优良隐私”(Pretty Good Privacy,简称 PGP),这是一款流行的软件,可以加密数据,即使数据在互联网上传输给预定接收者时被拦截,也几乎无法解密。
The U.S. government initially saw PGP as a dangerous weapon, fearing it would prevent its intelligence agencies from snooping on emails as they crossed their wires. To stop the distribution of PGP, the U.S. Customs Service opened a criminal investigation against PGP’s creator Phil Zimmermann for allegedly violating arms export controls. He fought back by publishing PGP’s source code as a printed book, igniting what is known today as the “Crypto Wars.” Zimmermann later won a key battle when the investigation was closed, paving the way for crucial end-to-end encryption algorithms such as the one used by billions of Signal and WhatsApp users.
美国政府最初将 PGP 视为一种危险武器,担心它会阻止其情报机构在电子邮件通过网络传输时进行窥探。为了阻止 PGP 的传播,美国海关总署对 PGP 的创建者菲尔·齐默尔曼(Phil Zimmermann)展开了刑事调查,指控其违反了武器出口管制。他通过将 PGP 的源代码作为印刷书籍出版进行了反击,从而引发了今天所知的“加密战争”(Crypto Wars)。齐默尔曼后来在调查结束时赢得了一场关键的胜利,为关键的端到端加密算法铺平了道路,例如数十亿 Signal 和 WhatsApp 用户所使用的加密算法。
Later during the early 2010s, researchers began discovering Western-made spyware used against dissidents in the Middle East. In response, several governments agreed to expand the Wassenaar Arrangement, an international treaty that limits the export of dual-use software and technologies that are used in both civilian and military applications. The idea was to classify surveillance and hacking software as dual-use, thus forcing spyware makers to get export licenses to sell their products abroad.
后来在 2010 年代初,研究人员开始发现西方制造的间谍软件被用于针对中东的异见人士。作为回应,几个国家的政府同意扩大《瓦森纳协定》(Wassenaar Arrangement),这是一项限制民用和军用双重用途软件和技术出口的国际条约。其想法是将监控和黑客软件归类为双重用途,从而迫使间谍软件制造商在向国外销售产品时必须获得出口许可证。
But Wassenaar has always had two inherent weaknesses. There are several countries that don’t adhere to the agreement, including Israel, which houses some of the world’s most active spyware makers. The agreement also depends on countries applying it to companies within their borders at their own discretion. For a time, the Italian government allowed one of the country’s then-top spyware makers, Hacking Team, a license to export its tools around the world, despite the company’s track record of selling spyware to oppressive governments that used it to hack journalists and human rights activists.
但《瓦森纳协定》一直存在两个固有的弱点。有几个国家不遵守该协议,包括以色列,那里拥有世界上一些最活跃的间谍软件制造商。该协议还依赖于各国自行决定将其应用于境内的公司。曾几何时,意大利政府允许该国当时顶尖的间谍软件制造商之一 Hacking Team 获得向全球出口其工具的许可证,尽管该公司有向压迫性政府出售间谍软件并被用于黑客攻击记者和人权活动人士的记录。
Since then, other countries in Europe have been lax with spyware makers like Italy. Despite numerous scandals, Europe, home to many spyware and hacking tools makers, has continually failed to curb the export of spyware to authoritarian regimes. Critics say that a recently renewed effort across the bloc of 27 member states to tackle its growing problem of spyware exports to authoritarian states “does not go far enough.” Several spyware makers, such as Intellexa, a sanctioned consortium of spyware companies, have simply moved their operations to countries with lax export controls. Other spyware makers sought to move their operations to Saudi Arabia for similar reasons.
从那时起,欧洲其他国家对像意大利这样的间谍软件制造商也一直很宽松。尽管丑闻不断,但作为许多间谍软件和黑客工具制造商的所在地,欧洲一直未能遏制向威权政权出口间谍软件的行为。批评人士称,27 个成员国最近为解决向威权国家出口间谍软件这一日益严重的问题而做出的新努力“还远远不够”。一些间谍软件制造商,例如被制裁的间谍软件公司财团 Intellexa,已经简单地将其业务转移到了出口管制宽松的国家。其他间谍软件制造商也出于类似原因寻求将业务转移到沙特阿拉伯。
There have been some wins. Germany-based spyware maker FinFisher shut down in 2022 after a multi-year investigation by German prosecutors into the company for allegedly selling spyware to Turkey without an export license. Investigators previously found the FinFisher spyware had been deployed on the phones of critics of Turkey’s government.
也有一些胜利。总部位于德国的间谍软件制造商 FinFisher 在 2022 年倒闭,此前德国检察官对其进行了多年的调查,指控其在没有出口许可证的情况下向土耳其出售间谍软件。调查人员此前发现,FinFisher 间谍软件已被部署在土耳其政府批评者的手机上。
As of the time of writing, the impasse between Anthropic and the Trump administration remains. There is a reasonable chance the administration will buckle and lift the restriction in the interest of keeping American AI companies competitive.
截至撰写本文时,Anthropic 与特朗普政府之间的僵局依然存在。为了保持美国 AI 公司的竞争力,政府很有可能会妥协并解除限制。