From PGP to Mythos: Why Tech Export Controls Never Work

Last Friday, the news hit Delhi’s tech circles like a sharp, sudden monsoon shower: the White House, citing vague national security concerns, ordered Anthropic to yank its powerful AI models, Fable and Mythos, from anyone outside the US. Foreign nationals, even those inside the country, were cut off. Within days, those models simply vanished. For a week now, they’ve been unavailable. It’s a move that feels both dramatic and, frankly, a bit predictable, echoing a long, often farcical history of governments trying to put the digital genie back in the bottle.

The Crypto Wars: PGP and the ‘Munitions’ Myth

To understand the Mythos saga, we need to rewind to the 1990s, a time when the internet was still finding its legs and encryption was seen by some as a weapon. Pretty Good Privacy (PGP), developed by Phil Zimmermann in 1991, allowed ordinary folks to encrypt their emails, making them unreadable to prying eyes. This was revolutionary, and terrifying for governments who considered it a threat to national security.

The US government famously classified PGP as a munition, placing it under strict export controls typically reserved for weapons like tanks and missiles. You couldn't just send it overseas. Yet, the software, being software, didn't care for borders. It was uploaded, downloaded, and distributed globally, often on floppy disks or via early internet forums. The controls were, to put it mildly, a spectacular failure.

Blockquote: “The world’s governments have learned nothing. They think they can control information. They cannot.”

Spyware’s Shadow: Pegasus and the Global Bazaar

Fast forward to the 2010s and early 2020s, and we saw a new battleground: spyware. Tools like Pegasus, developed by Israel’s NSO Group, could covertly infect phones, turning them into mobile surveillance devices. Despite being sold with strict licenses to governments for counter-terrorism and crime-fighting, Pegasus notoriously found its way into the hands of regimes using it against journalists, dissidents, and human rights activists worldwide. Here in India, the Pegasus scandal of 2021 sent shockwaves, revealing how deeply such tools had penetrated even high-profile targets.

Export controls were theoretically in place for such sensitive technologies, but the reality was a wild west. Once a tool exists, especially one designed for stealth, its proliferation becomes almost inevitable. The financial incentives for developers and sellers are immense, and the demand from various state and non-state actors is constant. It's a classic case of demand creating its own supply, regardless of official sanctions.

📌 Key Point: Digital information, unlike physical goods, inherently defies traditional border controls and customs checks. Its very nature is fluid and global.

Mythos and the AI Frontier: Deja Vu All Over Again?

Now we arrive at Anthropic's Fable and Mythos. These aren't just advanced chatbots; they represent the frontier of AI, capable of complex reasoning and generation. The US government's move is the first real attempt to contain frontier AI using the old playbook of export controls. But history, as we’ve seen, isn’t on their side. The core problem remains: how do you control knowledge, algorithms, and models that can be copied, shared, and adapted with relative ease?

The global AI talent pool, including the booming scene right here in Delhi, doesn’t operate within national silos. Researchers collaborate across continents, open-source models proliferate, and the underlying principles are increasingly understood globally. If a powerful AI model is restricted, the incentive for other nations or even individual developers to replicate or create alternatives intensifies. This isn't just about code; it's about the ideas embedded within that code.

Why Tech Export Controls Often Fail:

1. Ease of Digital Duplication: Software and models are bits and bytes, effortlessly copied and distributed globally. No physical barrier can stop them.
2. Global Talent Pool: Expertise isn't confined to one nation. Developers and researchers worldwide can replicate or build similar tools.
3. Open-Source Ethos: Much of the foundational tech is open-source, making it hard to control proprietary offshoots.
4. Economic Incentives: The demand for powerful tools, be it encryption, spyware, or advanced AI, creates massive financial drivers for circumvention.

Key Facts

• 1991: Phil Zimmermann releases PGP, leading to its classification as a munition by the US government.
• 2021: The Pegasus Project reveals widespread misuse of NSO Group's spyware, including in India.
• June 2026: The White House orders Anthropic to restrict export of Fable and Mythos AI models.
• $200 billion: Estimated global AI market size by 2025, indicating massive incentives for development and access.

Conclusion

The pattern is clear: from PGP to Pegasus to Mythos, attempts to cage digital advancements with export controls have consistently fallen short. The inherent nature of information, coupled with global collaboration and relentless innovation, ensures that these technologies, for better or worse, will spread. The real question isn't whether AI models like Mythos can be contained, but what new, perhaps more effective, strategies governments will devise to manage their inevitable global proliferation. Or, perhaps, they’ll finally learn that some things are just meant to be free.

FAQ

• Why do governments impose export controls on technology like AI models? Governments impose these controls primarily for national security reasons, fearing that powerful technologies could be used by adversaries or for malicious purposes if they fall into the wrong hands.
• How did PGP bypass early export restrictions? PGP bypassed restrictions because it was software, easily copied and distributed digitally across international borders, often via the internet or physical media, making traditional export checkpoints ineffective.
• What was the impact of the Pegasus scandal in India? The Pegasus scandal in India highlighted concerns about surveillance and privacy, as reports indicated the spyware was used against journalists, activists, and politicians, raising questions about government oversight and individual rights.
• Will the Anthropic AI export controls be successful in the long term? History suggests these controls will likely not be successful in the long term, as the global nature of AI development and the ease of digital sharing make it extremely difficult to contain advanced models or prevent similar technologies from emerging elsewhere.