Comment by winterismute

10 days ago

Indeed, I find quite ironic that some people in tech in the US complain about EU "regulations first" approach, but then their government seem to arbitrarily stop things from being released because, well, there is no established policy on safety guarantees or other similar aspects.

I see it too, but worth noting that this is basically unprecedented at least within the last 25 years; I think you have to go back to export controlled cryptography for another example of this kind of abrupt and targeted regulation.

  • We’ve seen more examples recently. TikTok, wireless routers, polestar cars…

    • Huawei, Foreign gambling sites were banned on dubious reasons in 2006 (in reality American companies weren't as competitive and las Vegas needed to be protected), Japanese electronic tariffs in the 80s/90s ...

      US never exactly believe in full on 'free trade'.

      26 replies →

    • I think that's a bit different. The crypto-wars were about restricting strong encryption IN GENERAL. Not targeting a specific vendor.

      The equivalent would be to restrict all LLMs with a minimum number of weights.

      That's probably as futile, but remember for how long the encryption ban proved to be a nuisance.

    • TikTok ban was the worst one because it was about speech, not trade or security. If the bill said "China banned our social media so we're gonna ban theirs in reciprocity," that'd be a way more valid reason.

      7 replies →

    • DJI, Huawei and the list goes on. Definitely no need to go back "25 years". The USG is turning into a joke of a surveillance state. As if any of the US based tech is truly any less backdoor'd? Cisco and Flock and Google and Facebook and Microsoft, oh what amazing technology companies that could never be used for... Oh wait, what a fantastic endgame we're on course for! I wonder why other nations are actively moving away from US tech?

  • A real headscratcher isn't it? And from a government that is supposedly priding itself on small government. How should companies navigate this? What's the framework they should operate within?

    • Claiming the mantle of "small government" was simply an exercise in marketing to relax regulation meant to prevent bribery and corruption. In practice, the current slate of government officials believes in absolute control of whatever they want whenever they want.

      It's a mirror case of the supposed "free speech absolutists" who immediately turned around and silenced, sued, fired or jailed once granted the power to do so.

      3 replies →

    • It's only small government when they are trying to not give money to some group they don't like.

  • Munitions exporting. I fondly remember the PGP feasco. I spent years using PGP to encrypt my emails to several people who refused to use email without it. Good times.

  • Competent government wouldn't do this either... ...also why I think it won't last.

    Doubtful it'd hold in court; this admin would have to show that it's not corruption, because we'd all assume otherwise.

  • Between $5-10T of the US economy is subject to export controls. Nobody disputes that Mythos is dual-use technology, which means it has been export controlled since the day it was created.

    Companies are responsible for demonstrating criteria to export (for example) a nerfed version (Fable) of an export controlled item (Mythos)

    Nothing here is novel, unusual, capricious, or … fascisistic.

    • We saw what happened with banning nvidia flagship compute GPU exports to China; it just spurred them to develop a domestic semiconductor industry while still importing black market GPUs at a minor markup. The US would do well to keep the world dependent on American products that are under the jurisdiction of the US government, and can therefore be regulated or killswitched. All this will do is allow China to have flagship model capabilities without being subject to the US at all.

This arrangement is already dubiously legal. The government is already being sued over the Fable incident with Anthropic.

No amount of rules can stop people who are willing to break them. Only enforcement can.

  • Anthropic just needs to donate millions of dollars to a “MAGA Inc” like Greg Brockman did and they’ll get regulated properly from now on.

    It’s a perfectly good system for government regulation.

  • But your government is constantly acting illegally. Isn't it time for Americans to... do something? It's clear that your legal framework isn't working.

    • Do what, exactly? Throw away our lives? 40% of the nation would rather die than vote for anyone other than a racist, and another 40% would tsk-tsk and say “that’s not how you’re supposed to do it”. There’s no revolution coming to save the day.

      7 replies →

  • And enforcement cannot work if you’ve captured all three estates.

    • Did you mean this in the French Revolution sense (the clergy, the nobility, and the commoners) or in the American sense (the legislative, judicial, and executive branches)?

      The French Revolution sense would be an ironic counterpoint, because the Revolutionaries did end up capturing all three estates, only to fall to someone (Napoleon) who captured the military, which wasn't considered one of the "three estates" because at the start of the French Revolution destroying civil society, enacting a military dictatorship, and starting a series of wars throughout Europe was considered outside the Overton Window.

      This perhaps holds some lessons for America today.

      7 replies →

It would only be ironic of you assume those same people who thing the EU over-regulates also support this US government regulation.

It's N=1, but I believe both that the EU approach discourages investment and innovation in the EU, and that this US policy will do the same in the US.

It’s a bit in general, because if you actually read the EU AI legislation, most of it follows the right ideas and provides more safety, in the sense that OpenAI and Anthropic used to pretend to care about, but never really did.

  • The ideas are debatable but generally correct. The EU's problem is that regulation stops at the ideas, and it is intentionally designed so to be impossible to ensure compliance in advance. So the regulation is really after the fact and a subjective judgment by regulators. So there's tons of risk even if you genuinely believe you're complying with the prescribed intents.

    My opinion on EU regulation would flip 180 degrees if they offered any kind of pre-clearance where you could propose a product, feature, or policy and be told in advance if it meets their subjective requirements.

    IMO you can have clear, specific requirements in advance, or you can have a body that provides interpretations of spirit-of-the-rules regulations in advance. Having neither is a problem.

    (yes, I'm aware of the argument that if you tell companies what's legal in advance they will just do the bare minimum or find loopholes... I don't find that to be a legit rule of law system)

    • I understand that desire entirely, but I’m not sure if it would work that way. Take an ISO 27001 certification (or SOC, if you like): There is no one clear set of things to do, but both guidance and requirements that you need to address and be able to defend your concrete implementation.

      And I generally like that a lot better than having a set of hard this-way-or-no-way checklists that invariably consist of 80% bullshit ceremony for giant corporations. ISO nudges you toward that too, but if you’re able to deliver the same security guarantees with less, auditors will usually be happy.

      The same, in general, works for GDPR regulations as well: The law is mostly about doing the right things, but not spelling out the billions of cases and permutations and strategic decisions involving privacy in one way or another.

    • It's deliberately not prescriptive as the implementers are the ones best placed to solve for requirements - you don't want policy makers providing technical checklists. And it's not unstructured - ISO 42001 essentially encodes it.

  • With the way things are, having to disclose training data will basically make it impossible for an EU AI to compete.

    • Im not happy with the AI act in entirety either, but my point was that it’s hard to read it and say "this isn’t generally the right thing to do", where right means responsible and beneficial to society as a whole.

      3 replies →

    • In the end the only winner that emerges out of this is China. Tge EU is over regulating everything, the current US administration is randomly banning things left and right.

      1 reply →

Our AI czar, David Sacks, whined and moaned about the idea of regulation, even said Anthropic begging for some guidance was asking for “regulatory capture” and was gloating about how right he was they wanted it, 2 weeks ago.

I wonder if he understands why, now.

Is it really ironic or just yet another example of how the current administration just keep finding ways to line their pockets? Big Tech has lots of money, and they'd just like to get a little taste. Placing arbitrary restrictions is a pretty good motivator for those being restricted to find some way to make necessary contributions.

On some level though we have to be cognizant of the potential for harm these models have.

LLMs are still a little loosey goosey, and we are right on the cusp (if not there already) for an agent to hack a bank and steal money for some rando teenager with a penchant for jail breaking.

The regulations are and will be negative, but don't lose sight of what LLMs can do off the leash.

  • >but don't lose sight of what LLMs can do off the leash.

    there is no such thing as an LLM "off the leash", it's not a dog, and even if it was a dog the person responsible is the owner. What is this bizarre attitude to a piece of software that makes people think existing laws don't apply?

    If your LLM agent hacks a bank, you have hacked a bank, you will go to prison and that's entirely sufficient. People have been hacking banks for decades now, it didn't require the government to regulate C compilers and Emacs.

    • This is overly reductive.

      If your web browser hacks a bank, but you didn't know and didn't expect it to, have you hacked a bank? Why is an LLM different? What happened to mens rea?

      9 replies →

    • There is a baseline level of competence and motivation needed to commit crimes.

      Decades ago few people would walk into a record store and steal CDs. Napster came along smashing all barriers entry, and it became weird not to steal music.

      Its not really the legality that matters, it's the barrier on one hand and the cognitive ability on the other. Drop both and you get huge spikes in crime.

  • > On some level

    The appropriate level would be regulation though? Like I just don't get how we can argue that arbitrarily throttling companies is ok.

    • OpenAI fired the starting gun 3.5 years ago before anyone in the industry had a sound safety plan, and not much progress has been made since.

      So here we are, it's probably going to me messy and err on the side of over-bearing.

      4 replies →

  • Bank should be more secure, if a random person with an LLM can hack them, they should have paid 100 random blue teamers with LLMs to hack them first to get more secure. Not AI's fault.

    • > blue teamers

      Pretty sure you mean red team here. While I've heard people refer to any offensive security (eg including blackhat) as 'red team' , it typically means people you've hired or contracted to try to break into your systems, whereas the blue team are people you've hired to build and operate your security defenses. Red and blue team are both your employees / contractors but perform different functions.

      1 reply →

    • The purpose of policies like this is precisely to ensure that those 100 runs do happen first, rather than allowing a free-for-all where they have to race to secure their systems.

> there is no established policy on safety guarantees

Which is the government’s own fault.

Elon Musk talked back in 2018 about how he went to Washington and met with Obama and Congress, but they did nothing.

In 2020 Andrew Yang’s entire run for president was centered around the risk of AI displacing job. He lost, no one did anything.

A couple years later we say the consumer facing LLMs start to roll out. Still, no one does anything.

They have time to micromanage the industry, but in all these years they haven’t found the time to establish any meaningful policy?

  • Deeper than that, what to do with a super smart AI has been floating around intellectual circles since the late 00's.

    Google had been pussy-footing AI research due to deathly fear of awakening an ASI, because their safety teams still had no answers.

    Then Altman came along...

  • In your opinion, what was the appropriate action you believe should have been taken in 2018?

I'm fine with this in principle, it's more like regulations last. They looked at the end result and decided it was too powerful to let loose. But also expect the Trump administration to unfairly use it as leverage against US corps.

Meanwhile EU prevented itself from building competitive LLMs in the first place.

  • its the typical US regulations for consumer but not for corporations, disgusting

Regulation is a good thing, even if HN hates it.

It's a way to clearly agree on ground rules that you can plan around, not more, not less.

The alternative is not no rules, do whatever you want. The alternative is executive capriciousness arbitrarily setting the rules based on whims and messing up your plans.

This applies to most things when it comes to the USG/citizens. Protectionism is communist unless they do it. Thinking about developing a nuke? Well bomb you first despite being the only people to ever use them. Free speech and press - unless we don’t like what you say.

Let’s be real, as an EU citizen I have zero doubts that those models would also have been blocked if developed in EU.

I like the US approach better: regulate when the need for it arises, not before when you don’t know how the situation is going to evolve.

  • They're not regulating though – they're arbitrarily blocking releases based on no clear criteria. The EU may be legalistic and rules-based, but I'd take that over capricious and arbitrary.

    • I wish the EU were legalistic and rules based, but the commission and politicians are involved in many of these things. It's like Trump's executive stuff, just with a committee instead of a single person, and I guess, with less power.

    • The EU is nothing but capricious and arbitrary. Much of the DMA and similar is pure vibes that you can't know if you violated until the regulators do their divinations months or years after you shipped.

  • You can’t be serious because “When the need arises” means when your company does not lavish praise on the current administration.

  • Let's plan a fire fighter division only once we are actually having some buildings in the city burning down. That people who fear that ridiculous perfectly controlled fire in chemines are ridiculous.

  • Regulating when the need arises requires also compensating the people who get hurt in the meantime.

  • It sounds nice but you end up with entrenched special interests that later oppose all regulation regardless of the consequences. We have pesticides you wouldn't want anywhere near your children casually used to control weeds on kid's playgrounds, insanely huge trucks that kill hundred each year, the food is garbage...the list is long and tiresome. Trust me brother, if I could live in the EU, I would.

  • > regulate when the need for it arises

    I agree. But that need has absolutely arisen. The US government is not exactly the best steward for this kind of thing, but some model other than "race each other as fast as we can" is desperately needed here.