Chinese Firms Are Evading U.S. Semiconductor Sanctions – Foreign Policy
Argument: Chinese Firms Are Evading Chip Controls
Create an FP account to save articles to read later and in the FP mobile app.
Sign Up
ALREADY AN FP SUBSCRIBER? LOGIN
Print Archive
See All
Foreign Policy Magazine is a division of Graham Holdings Company. All contents (c) 2024, Graham Digital Holding Company. All rights reserved. Foreign Policy, 655 15th St NW, Suite 300, Washington, DC, 20005.
By submitting your email, you agree to the Privacy Policy and Terms of Use and to receive email correspondence from us. You may opt out at any time.
Your guide to the most important world stories of the day
Essential analysis of the stories shaping geopolitics on the continent
The latest news, analysis, and data from the country each week
Weekly update on what’s driving U.S. national security policy
Evening roundup with our editors’ favorite stories of the day
One-stop digest of politics, economics, and culture
Weekly update on developments in India and its neighbors
A curated selection of our very best long reads
This past fall, the Biden administration moved decisively to cut off China’s supply of powerful chips, targeting the cutting-edge semiconductors used for supercomputing and artificial intelligence. However, recent reporting points to blacklisted Chinese entities—including China’s top nuclear weapons lab—gaining access to restricted chips through a combination of smuggling and renting through the cloud. Smuggling also appears to be possible for low-level vendors: Other recent reporting found that Chinese small businesses are smuggling restricted chips through neighboring countries, and that 40,000 to 50,000 of these chips are already in China. If the administration wants to succeed in holding a chokepoint over national security-sensitive supercomputing, the U.S. agency tasked with export control enforcement (the Bureau of Industry and Security, or BIS) will have to get more creative.
This past fall, the Biden administration moved decisively to cut off China’s supply of powerful chips, targeting the cutting-edge semiconductors used for supercomputing and artificial intelligence. However, recent reporting points to blacklisted Chinese entities—including China’s top nuclear weapons lab—gaining access to restricted chips through a combination of smuggling and renting through the cloud. Smuggling also appears to be possible for low-level vendors: Other recent reporting found that Chinese small businesses are smuggling restricted chips through neighboring countries, and that 40,000 to 50,000 of these chips are already in China. If the administration wants to succeed in holding a chokepoint over national security-sensitive supercomputing, the U.S. agency tasked with export control enforcement (the Bureau of Industry and Security, or BIS) will have to get more creative.
First, some context. Last year’s export controls included a swath of measures targeting China’s access to semiconductor manufacturing equipment, specific fabrication facilities (known as “fabs”), and certain chips. The chip-specific controls attempted to ban Chinese entities from procuring advanced AI chips based on fixed performance thresholds. The ban applies not just to U.S.-made chips, but also to any chip produced using U.S.-origin technology, software, or equipment.
Given the United States’ pivotal role in the semiconductor industry, this was ostensibly a crippling blow. Two U.S. firms—NVIDIA and AMD—dominate the market for the powerful chips targeted by the controls. But carrying out a ban this big was never going to be easy. Unlike other dual-use items, cutting-edge chips are manufactured in the millions. They can also usually fit in a shoebox, making smuggling possible even at the scale required to build modern supercomputers (thousands of chips). And despite the controls’ focus on physical exports, most Chinese technology firms access chips virtually using services offered by cloud computing companies. These services are not monitored to prevent usage by blacklisted foreign entities under the United States’ current system of safeguards.
China has readily exploited these weaknesses. According to its employees, blacklisted facial recognition company SenseTime has been using intermediaries to smuggle banned components from the United States, mirroring the approach taken by China’s top nuclear weapons lab, the state-run Chinese Academy of Engineering Physics. And despite being blacklisted for human rights abuses, state-backed artificial intelligence firm iFlyTek has been renting access to controlled NVIDIA chips via the cloud. There is little practical difference between using a physically exported chip and using a chip “virtually” through the cloud. However, this practice is currently completely legal, even for firms like iFlyTek. This tactic could soon become even easier: NVIDIA has recently signaled its intentions to expand its cloud supercomputing offerings to China.
How should the United States address these gaps while preserving its global dominance in supercomputing? First: The BIS needs to patch current controls by addressing the physical smuggling of chips. The current enforcement process relies heavily on an initial licensing step, where a U.S. entity seeking to export controlled technology to a foreign actor is either approved or denied the right to do so. Unfortunately, this process has historically failed to keep up with Chinese and Russian actors’ ability to quickly establish shell companies. Researchers at the Center for Security and Emerging Technology found extensive evidence of this practice in projects run by Chinese defense agencies and state-owned enterprises.
Once a license is approved, the BIS is also responsible for ensuring that technology isn’t smuggled to blacklisted entities. But this process is both time-consuming and underfunded. A recent report by the Center for Strategic and International Studies interviewed U.S. officials involved in this process, who claim that it can take the Russian and Chinese military “mere days” to establish shell companies for purchasing controlled technology. In contrast, the current process for discovering smuggling can “take years, if it is uncovered at all.”
To address these problems, we propose a random chip sampling program. What would this look like? First, require that sellers of controlled chips register their sales with the BIS using unique IDs assigned during manufacturing. Then place requirements on sellers to notify the BIS about any secondhand sales and any cases where chips are destroyed or lost. Finally, to stop chips from leaking into China, conduct randomized end-use checks to confirm the current registered owner of a chip actually has it in their possession. The BIS has historically done this with larger devices, such as lithography machines (a category of manufacturing equipment crucial for producing advanced chips). But given that millions of controlled chips are sold each year, BIS officials couldn’t hope to keep tabs on each one manually. Instead, by checking the location of a small but random share of all sold chips, the BIS would catch (or better yet, deter) any supercomputer-scale smuggling of chips to China. Thankfully, the most concerning use cases for these chips, such as building a next-generation authoritarian version of ChatGPT or conducting advanced ballistic simulations, require thousands of chips running continuously for weeks. We estimate that with 5,000 inspections a year, the BIS could achieve greater than 90 percent confidence that no smuggling of chips at this scale was occurring.
At first glance, such a program might appear impossibly ambitious due to the sheer size of the semiconductor market. However, though there are countless chip companies and products available on the market, likely less than a dozen companies currently sell chips powerful enough to be subject to export controls. A few of the largest are NVIDIA (U.S.), AMD (U.S.), Graphcore (U.K.), Cerebras (U.S.), and Biren (China), which together make just six different chips that fall within the controls. Inspections could take advantage of these firms’ existing logistics networks for chip maintenance.
There’s another way military-linked firms and labs could use advanced chips’ capabilities: virtual access through cloud computing services. Top cloud providers such as Amazon Web Services, Microsoft Azure, and Google Cloud already offer the ability to remotely leverage the computing power of export-controlled chips, and NVIDIA recently announced its plans to rent out supercomputing power to Chinese firms.
At face value, the availability of these services to Chinese users may appear concerning. However, a blanket ban on all Chinese access to advanced U.S. cloud computing would be a mistake. Chinese cloud computing users could still access controlled chips by renting access through non-U.S. cloud service providers. There is currently no viable way for the United States to impose extraterritorial controls on these services. Given this reality, better for the United States to retain its dominance in cloud offerings for advanced chips, making it harder for Chinese firms to utilize a market gap to accelerate their own offerings. A blanket ban for physical chip exports made sense because of the difficulty of controlling who has access to the chip after it is shipped overseas. But effective regulations over cloud services could distinguish between users in a much more fine-grained way: The chip remains on U.S. soil, and service providers could implement guardrails to help prevent cloud chips from being used for applications that threaten U.S. national security.
Right now, these guardrails are sparse. U.S. cloud service providers have no official responsibility for how customers use their services, even if those services are used to aid foreign militaries or intelligence efforts. How, then, should these services be regulated? Existing financial regulations can offer some lessons. Thanks to the centrality of the dollar, the U.S. government can track global flows of money to prevent illicit activity such as money laundering. Because their firms dominate key chokepoints in the advanced semiconductor supply chain (manufacturing equipment, advanced materials, and design software), the United States and a few key allies hold a similar position with respect to advanced chips.
The U.S. Financial Crimes Enforcement Network requires both customers and financial institutions to comply with “Know Your Customer” standards to prevent illegal activity. And Suspicious Acts Reports require financial institutions to file reports of transactions exceeding $10,000 and to report any transactions that might signal criminal activity. Using its leverage over supply chains, the U.S. government could use analogous tactics to prevent blacklisted entities from accessing powerful chips and their capabilities.
As a starting point, we propose that cloud providers implement “Know Your Customer” checks for any customers using large quantities of export-controlled chips. The thoroughness of checks should scale proportionally with estimated risk and computational intensity: customers seeking to use thousands of export-controlled chips simultaneously should undergo the most rigorous screening. Such a practice would only affect a small minority of cloud customers who are engaged in supercomputing and large-scale AI training. This proposal aligns with a recent announcement by the Biden administration and a report from Microsoft about viable ways to govern the most powerful AI systems.
Of course, U.S. cloud providers are not the only game in town. The U.S. government should work with its allies to spread responsible screening practices internationally, much as the Financial Action Task Force has set international standards to prevent global money laundering and terrorist financing. If Chinese cloud providers with data centers outside of China do not cooperate, end-use controls could be placed on physical chip exports to prevent these firms from offering them.
The BIS’s role has grown in importance and must now be resourced for its mission. The agency’s budget has not grown in proportion to the number of controlled items it is expected to regulate. Compounding budgetary issues, the bureau as it stands today suffers from antiquated software, understaffing, and a lack of presence in key regions. For example, only two personnel from the BIS’s export control enforcement department are based in China. Moreover, due to IT system incompatibilities, the BIS’s analysis team is unable to use U.S. trade data to check where controlled goods are being exported due to mismatches in product categorizations, limiting its ability to automate export monitoring.
These issues are fixable. The U.S. Congress should grant the BIS a larger budget and empower it with the tools to deal with the emerging challenges posed by powerful chips. Solutions need not break the bank. Using conservative estimates, the chip inspection program we describe above could be implemented with an annual budget of less than $5 million. However, implementing such a program should be paired with a more comprehensive overhaul of the BIS’s processes and technology to allow it to deal with future challenges. A recent Center for Strategic and International Studies report recommends an annual budget increase of $44.6 million to provide the BIS with modern processes and technologies to better identify and target high-risk transactions and entities.
Finally, the United States must work more closely with its allies and partners—Taiwan, the Netherlands, Japan, India, and South Korea—to coordinate export control enforcement. By sharing information and coordinating enforcement efforts, the United States and its allies can prevent rogue actors from exploiting loopholes in export control regimes and ensure that sensitive technologies do not end up in the wrong hands.
Enforcing a ban on Chinese access to leading-edge chips won’t be easy. But by establishing a chip inspection program, taking steps to help ensure cloud services are secure, providing the BIS with more funding, and continuing to seek allied cooperation, the U.S. government can erect significant barriers to China using advanced computing to power a new generation of dangerous military applications.
Tim Fist is a fellow with the Technology and National Security Program at the Center for a New American Security.
Lennart Heim is a researcher at the Centre for the Governance of AI.
Jordan Schneider is the host of the ChinaTalk podcast.
Commenting on this and other recent articles is just one benefit of a Foreign Policy subscription.
Already a subscriber? Log In.
Subscribe Subscribe
View Comments
Join the conversation on this and other recent Foreign Policy articles when you subscribe now.
Subscribe Subscribe
Not your account? Log out
View Comments
Please follow our comment guidelines, stay on topic, and be civil, courteous, and respectful of others’ beliefs.
The default username below has been generated using the first name and last initial on your FP subscriber account. Usernames may be updated at any time and must not contain inappropriate or offensive language.
Read More
A comprehensive economic strategy can forestall Beijing.
|
Techniques honed in Xinjiang are being normalized against new targets.
|
Experts once thought globalization would ensure peace. Now, they’re looking elsewhere.
|
You’re on the list! More ways to stay updated on global news:
By submitting your email, you agree to the Privacy Policy and Terms of Use and to receive email correspondence from us. You may opt out at any time.
This time, Israel must heed Theodor Meron’s warning.
The U.S. special envoy for Sudan warns that the geopolitical fallout from the spiraling civil war could be immense.
The U.S. military’s collapsed pier in Gaza is symbolic of a much bigger issue.
Explanations from insiders range from ignorance to ideology.
|
|
|
|
|
|
Sign up for World Brief
By submitting your email, you agree to the Privacy Policy and Terms of Use and to receive email correspondence from us. You may opt out at any time.
Foreign Policy Magazine is a division of Graham Holdings Company. All contents (c) 2024, Graham Digital Holding Company. All rights reserved. Foreign Policy, 655 15th St NW, Suite 300, Washington, DC, 20005.