Trending Now
We have updated our Privacy Policy and Terms of Use for Eurasia Group and its affiliates, including GZERO Media, to clarify the types of data we collect, how we collect it, how we use data and with whom we share data. By using our website you consent to our Terms and Conditions and Privacy Policy, including the transfer of your personal data to the United States from your country of residence, and our use of cookies described in our Cookie Policy.
{{ subpage.title }}
Banking rules are coming to AI
The Biden administration will soon ask artificial intelligence companies to comply with federal rules most commonly applied to banks and other financial services companies: know-your-customer, or KYC, rules.
What are they? KYCs help financial regulators ensure US banks aren’t being used for money laundering, terrorist financing, or enabling sanctioned people or organizations.
The US government has heavily regulated its financial system since the Great Depression, but it wasn’t until the Bank Secrecy Act of 1970 that the government began monitoring who was using banks for illicit purposes. The Patriot Act, passed in the aftermath of 9/11, expanded the BSA to require banks to develop more thorough customer identification programs. The president now wants to force AI companies to know their customers, too.
What is Biden proposing? On Jan. 29, the Commerce Department’s Bureau of Industry and Security proposed requiring US cloud services companies to start collecting information like a bank would. The goal, the department wrote in a press release, is to prevent foreign entities aiming “to harm US critical infrastructure or national security, including to train large artificial intelligence (AI) models.”
Why is this so unusual? The financial sector is heavily regulated; the tech sector less so. While the government has taken exceptional steps to regulate the export of computer chips needed to power and run AI software, it's more challenging to regulate software and cloud services because they are globally accessible via the internet. The proposed rule would shift the burden of regulation to the software and cloud providers themselves.
“It turns out that Russian cybercriminals and Chinese spies, you name it, use American cloud services for their cyber activities,” says James Andrew Lewis, senior vice president and director of the strategic technologies program at the Center for Strategic and International Studies.
The measures are also aimed at preventing foreign adversaries, namely China, from using AI to strengthen their military capabilities, but it’s a half-measure.
“The long-term [view] is that the Chinese will figure out a way around this,” Lewis says. “This buys us a few years, but it’s not a permanent solution.”
Cloud Computing illustration.
Enter the cloud wars
The Biden administration proposed new rules on Monday placing know-your-customer requirements on cloud service providers. This is the government’s latest step aimed chiefly at keeping China at bay.
“We can't have non-state actors or China or folks who we don’t want accessing our cloud to train their models,” Commerce Secretary Gina Raimondo told Reuters. “We use export controls on chips … Those chips are in American cloud data centers, so we also have to think about closing down that avenue for potential malicious activity.”
The White House has issued export controls on the computer chips made with US parts, a stringent set of requirements that have cut off China and its technology firms from buying high-powered chips — or at least buying them through above-board means.
The chip wars now have a parallel: the cloud wars.
Know-your-customer requirements are typically imposed upon financial institutions like banks to thwart money laundering and terrorist financing. They’re not common in the much-less-regulated tech industry — something that will likely lead to moans, groans, and lawsuits from Big Tech.
Cloud computing and US cybersecurity
Marietje Schaake, International Policy Director at Stanford's Cyber Policy Center, Eurasia Group senior advisor and former MEP, discusses trends in big tech, privacy protection and cyberspace:
What is cloud computing?
Now it's not that easy to answer but let me give it a try. Cloud computing is the capacity to store or process data over the Internet on servers away from a device like a laptop or a mobile phone. And it actually allows for software, databases, and the storage of data to be sold as a service.
Is the future of cybersecurity in the cloud?
Well, the recently adopted executive order by President Biden with the aim of improving the US's cybersecurity does suggest as much. But I'm afraid it's not that simple. Any software can be exploited and is being breached even when it's run by major companies like Microsoft. So it's worrying that despite national security protections, even large companies cannot protect users against state hackers. So the question is, who can protect the homeland and who can assure cybersecurity?
- Impact of Microsoft hack deepens; why cyber attacks target ... ›
- Russia's cyber attack: an act of espionage or war? - GZERO Media ›
- Panel: Working together to protect cyberspace - GZERO Media ›
- Why we need a World Data Organization. Now. - GZERO Media ›
- Report: China's cyber security a decade behind the US, despite hype - GZERO Media ›
- US, NATO, & EU condemn China's Microsoft hack; Pegasus spyware leak - GZERO Media ›
- QR codes and the risk to your personal data - GZERO Media ›
- Panel: Working together to protect cyberspace - GZERO Media ›
- Biggest cybersecurity threat to watch in 2022 - GZERO Media ›