From PGP to Mythos: Why Export Controls Can't Contain Tech Flow

Last Friday, the White House ordered Anthropic to restrict the export of its powerful AI models Fable and Mythos to anyone outside the United States. Within hours, Anthropic pulled the plug, making these frontier models unavailable globally, a stark reminder of the US government's persistent attempts to contain critical technologies. This episode marks the first significant test for AI export controls, echoing a history of similar, often futile, efforts to control encryption and spyware, with direct implications for a rapidly developing tech hub like India. How did we get here, and what does this history tell us about the future of AI accessibility?

Echoes of the Crypto Wars: PGP in the 1990s

The 1990s saw the US government wage the “Crypto Wars,” classifying strong encryption software like Pretty Good Privacy (PGP) as munitions. This designation meant that exporting PGP was akin to shipping weapons, subjecting developers like Phil Zimmermann to criminal investigation. India, with its nascent but rapidly growing IT services sector, felt the ripple effect, as access to secure communication tools became a regulatory minefield.

Despite these restrictions, PGP and other encryption tools proliferated. Developers found ways around the rules, often by printing source code as books or distributing it openly online, demonstrating the inherent difficulty in controlling information. India's tech industry, recognizing the need for secure digital infrastructure, continued to build and adopt encryption, sometimes through local development or by leveraging open-source alternatives that rendered geographic controls largely irrelevant.

The notion that you can contain information, especially software, within national borders is fundamentally flawed. History has shown us that code, much like water, always finds a path.

The Spyware Paradox: NSO Group and Global Proliferation

Fast forward two decades, and the focus shifted from encryption to its darker cousin: commercial spyware. Companies like NSO Group, based in Israel, developed sophisticated tools such as Pegasus, capable of remotely compromising mobile devices. Despite efforts by some nations to control their export, these tools have consistently appeared in the hands of various governments worldwide, including instances reported in India targeting journalists and activists.

Export controls on spyware have proven equally ineffective. The clandestine nature of the market, coupled with the high demand from state actors, ensures a steady supply chain that bypasses official channels. The US Department of Commerce added NSO Group to its entity list in November 2021, citing malicious cyber activities, yet this hasn't eradicated the problem; it merely pushes the market further into the shadows, making oversight even harder.

📌 Key Point: Export controls on digital technology rarely halt innovation or spread; instead, they often accelerate the development of decentralized alternatives or create thriving black markets.

Anthropic's Mythos: A New Frontier, An Old Story

The White House's recent move against Anthropic's Fable and Mythos models signals a new phase in this ongoing struggle, attempting to apply an outdated playbook to a rapidly evolving technology. These frontier AI models hold immense potential, and restricting their global access directly impacts research and development in countries like India, which are heavily invested in AI innovation. Indian AI startups and research institutions rely on access to leading models for benchmarking, refinement, and application development.

This restriction could force Indian developers to either slow their progress, seek out less-regulated alternatives, or intensify domestic efforts to build comparable models. The global nature of AI research, often driven by open-source collaboration and shared datasets, makes national containment a particularly challenging endeavor. We've seen this before with nuclear technology, but AI's digital nature makes it even more difficult to fence in.

• 1991: PGP 1.0 released, sparking the Crypto Wars.
• 1997: US export controls on encryption eased after public and industry pressure.
• 2016: Reports of NSO Group's Pegasus spyware targeting individuals globally begin surfacing.
• 2021: US Department of Commerce adds NSO Group to its Entity List.
• June 2024: White House orders Anthropic to restrict export of Fable and Mythos AI models.

Key Facts

• The Indian IT Act of 2000 provided a legal framework for digital signatures and electronic commerce, acknowledging the growing importance of encryption within the country.
• Global spending on commercial spyware is estimated to be in the billions of dollars annually, despite export controls and sanctions.
• India's AI market is projected to reach $7.8 billion by 2025, indicating significant reliance on global AI advancements.
• The source code for PGP 2.6.2 was published as a physical book in 1995 to bypass export restrictions on software.

Conclusion

The history of tech export controls, from PGP to Pegasus and now Anthropic's Mythos, paints a consistent picture: attempts to contain digital innovation through national borders are largely ineffective. While governments cite national security, the reality is that technology, especially software and AI models, will find its way across boundaries, often accelerating alternative developments or fostering underground markets. For India, a nation poised to be an AI powerhouse, these restrictions present both a challenge and an impetus to bolster its domestic AI capabilities, pushing towards greater self-reliance in a globally interconnected world. The question isn't if these technologies will spread, but how nations will adapt to their inevitable proliferation.

FAQ

QWhat are technology export controls? A: Technology export controls are government regulations designed to restrict the transfer of certain technologies, software, or data to foreign countries or individuals, typically for national security or foreign policy reasons.

QWhy do these controls often fail for digital technologies? A: Digital technologies, especially software and AI models, are inherently difficult to contain due to their ease of replication, global distribution via the internet, and the rapid pace of open-source development.

QHow do these AI export controls affect countries like India? A: For India, these controls can limit access to frontier AI models, potentially hindering research, innovation, and the growth of its burgeoning AI industry, pushing local developers to seek alternatives or accelerate domestic development.

QWhat alternatives exist if access to models like Mythos is restricted? A: Developers can turn to open-source AI models, collaborate on international projects not subject to specific national controls, or focus on developing indigenous AI capabilities to meet local needs.