On August 22, foreign media reported that NVIDIA had informed suppliers such as Amkor Technology and Samsung to suspend the production of H20-related products, citing information from sources. Prior to this, on July 31, in order to maintain the cybersecurity and data security of Chinese users, the Cyberspace Administration of China (CAC) had held a meeting with NVIDIA, requiring it to explain and submit relevant proof materials regarding the security risks of backdoors in the H20 computing chips sold to China.
NVIDIA's decision to halt production has undoubtedly increased doubts about the security of the H20. In response to this issue, Observers.com connected with Mr. Gao Zhikai, a renowned international affairs expert, to seek his advice on how to prevent the risks of importing AI chips into China.
[Dialogue/Observers.com: Tang Xiaofu]
Observers.com: Regarding the recent "backdoor" incident involving the H20 chip, Yuyuantan Tianqi found that the United States once had a systematic consideration for putting "backdoors" in AI chips. The U.S. also specifically mentioned that if companies cooperate with the U.S. government to install "backdoors," the U.S. government could exclude them from export controls, including relaxing export restrictions for "low-risk Chinese customers." From your perspective, how should we respond to the U.S. AI chip controversy, and how should we address potential AI chip backdoor issues in the future?
Gao Zhikai: Recently, the U.S. has made a series of fluctuating statements regarding the chip issue with China, so we need to carefully analyze what the real intention is. Let's first look at NVIDIA. Initially, when it sold chips to China, the entire industry was thriving: its chips had numerous users in China, and NVIDIA itself earned substantial profits, which provided ample resources for subsequent R&D and capacity expansion.
However, in recent years, the U.S. government has launched a chip war, attempting to "choke" China in the mid-to-high-end chip sector by restricting U.S. chip exports to China, thereby creating a new war between the U.S. and China.
In October 2023, I was invited to Yale University's anniversary celebration as a law school alumnus. I met with U.S. Commerce Secretary Gina Raimondo and had a brief conversation with her.
Raimondo and Hillary at Yale's anniversary celebration
I told Raimondo at the time: China has been importing over $40 billion worth of chips annually from the U.S. and other regions; if a chip war is launched against China, China may eventually stop purchasing chips from abroad, spending no money at all. As the U.S. Commerce Secretary, are you concerned that China's chip supply may become completely independent and self-sufficient?
Raimondo told me she was indeed concerned about this possibility, but everything depends on how China responds. After returning, I have been pondering the meaning behind Raimondo's words.
Now we see that the AI chips previously strictly restricted and banned from being sold to China by the U.S. government have opened a loophole. Why did the U.S. government change its mind? I think there are several reasons:
Firstly, NVIDIA's CEO Huang Renxun went to the White House to plead with President Trump, saying that if he couldn't sell the chips to China anymore, his revenue would be affected, and he wouldn't be able to earn enough money, making it difficult for NVIDIA to maintain high R&D investment.
Secondly, the U.S. government has realized that Chinese companies like Huawei have reached a very high level of technical capability in artificial intelligence chips. The U.S. government is also worried that Chinese chip manufacturers will not only quickly dominate the domestic market but may also gain a competitive advantage in the international market.
Therefore, the U.S. has changed its initial strategy of completely blocking the sale of AI chips to China, allowing NVIDIA to sell its slightly tailored H20 chips designed for the Chinese market. If this chip for the Chinese market does not have any backdoors or other problematic features, some Chinese companies might find that using the H20 can meet their commercial goals, and purchasing it would be acceptable.
NVIDIA chips
But the question is, has the U.S. forced NVIDIA to install a backdoor in the chips specifically designed for export to China? Now, U.S. senators and representatives have been loudly advocating that when the U.S. exports chips to other countries, especially to so-called "hostile countries" or those that don't get along with the U.S., they must install backdoors. What does this mean?
First, the U.S. wants to determine who the final user of the chip is, whether it is being used in violation of the purchase terms or misused; second, to monitor what the chip is doing; third, the U.S. wants to have a means to shut down the chip at a command, ensuring that "when I tell you to stop, you must stop." These are contents that the U.S. is currently placing on the table through legislation.
Does the H20 have any other backdoors?
NVIDIA claims there are no backdoors. They cited an example from the 1990s, where someone tried to tamper with the chip at the software and hardware levels, causing the entire system to crash. Therefore, they believe that installing backdoors in chips is not advisable and may affect the overall network security.
But this is just NVIDIA's word. More than a decade ago, a major event occurred in the U.S., known as the "PRISM scandal," where Snowden accused the U.S. government of using the "Regin" software to monitor and interfere with many things on the internet. Therefore, the U.S. intelligence agencies have long arms. So the question arises: Is NVIDIA really telling the truth when it says "there are no (backdoors)"?
I will now clearly break it down into different scenarios for everyone. In the U.S., if you are a technology company, such as a communication or internet company, if you violate U.S. government regulations and make some changes, the consequences could be catastrophic. However, there are two situations where the U.S. government can also manipulate things, and you must comply.
The first situation is when U.S. government departments, such as the FBI, police, etc., come with legal search warrants, arrest warrants, etc., and require you, the manufacturer or operator, to do something, which you cannot avoid.
The second situation is when the U.S. government can legally force you, the operator or manufacturer, to do things according to the items explicitly listed in the legal provisions.
In this way, the U.S. manufacturers can say: I am following the law, or I am acting according to normal procedures; whether it's the FBI or the police, as long as they have a search warrant, it's all in accordance with the rules. Thus, they can again conveniently use U.S. regulations to escape their own legal responsibilities.
Therefore, I think that on one hand, it is very necessary and timely for China's Cyberspace Administration to hold NVIDIA accountable and ask it to explain, and such actions should be done regularly. On the other hand, I hope to propose an important legal suggestion to China's Cyberspace Administration and other relevant government departments, that we Chinese users need to sign more legally binding agreements with these foreign manufacturers.
For example, regarding the current AI chips, regardless of what the manufacturers say, we should compel NVIDIA and other foreign manufacturers to make clear commitments:
If it is found in the future that chips or other products sold in mainland China have backdoors or other functions that cause certain damages to Chinese users, the manufacturers of these chips should bear legal responsibility unconditionally. Once discovered, these manufacturers should accept penalties unconditionally. Only companies that have signed these documents can sell AI chips within China.
Another aspect, if we find that chips and other products sold in China have weaknesses or vulnerabilities, which allow the CIA, FBI, etc., of the U.S. to easily breach and threaten Chinese users, then NVIDIA or other manufacturers should also bear corresponding legal responsibilities and provide compensation.
NVIDIA and AMD need to pay 15% of their chip sales revenue in China to the U.S. government to obtain export licenses
Moreover, I recently noticed that President Trump did something very unique. He issued a new regulation requiring NVIDIA and AMD to pay 15% of their chip sales revenue in China to the U.S. government to obtain export licenses. That is to say, the U.S. government is actually collecting a "royalty tax" from companies like NVIDIA: I allow you to sell, but you must pay 15% of the "tax" to intervene in the overseas sales of these companies.
I suggest that the Chinese government should sign formal agreements with companies like NVIDIA. In addition to ensuring that there are no so-called backdoors or other related functions, they also need to pay 15% of their income to the Chinese government as a security deposit.
That is to say, companies like NVIDIA and AMD need to deposit 15% of their revenue from selling AI chips in China into a designated location as a deposit to guarantee that their products do not have backdoors or other illegal functions. After a certain period, if it is confirmed that the relevant products have no backdoors, we can return this deposit to these companies.
I think this is crucial. Otherwise, if it is just based on the manufacturers' verbal promises or signing papers without actual legal constraints, the consequences could be unimaginable if something goes wrong in the future.
Moreover, as we mentioned earlier, the U.S. authorities may use certain things in NVIDIA's software or servers to spy on the online activities of Chinese users and generate data for analysis. They may even restrict or prevent you from performing certain training or running certain programs.
What worries me most is whether they can appropriate some user data and analyze specific information within the data? If they can, what results will these analyses yield? Will they help external software break through our firewalls and let hackers enter and tamper with our internal data and information? Or even intentionally guide the creation of certain outcomes, misleading users to draw incorrect conclusions? Regardless of which, the consequences would be unimaginable.
Of course, we need to collect solid evidence before we can responsibly raise these issues at the official level. But in my opinion, even if there is no relevant evidence now, we still need to be prepared for the worst. It is precisely because of this need to be prepared that the Chinese authorities should think carefully to prevent such situations from occurring.
I previously suggested that the authorities should establish institutional arrangements when AI chips and related facilities from NVIDIA and others enter the Chinese market. I think we can learn from the U.S. and introduce what is called "class action," establishing a specialized collective litigation mechanism.
It is estimated that NVIDIA will release 1 million H20 chips in the Chinese market in 2025, which could potentially reach tens of thousands or even hundreds of thousands of users. If at some point in the future someone discovers that the H20 chips have been implanted with hidden functions or have been abused by third parties, NVIDIA would become an accomplice. What then? Can we expect each user to sue NVIDIA individually?
At that time, we should learn from the U.S.: in such cases, a few users can "band together" to represent all 1 million chip users to initiate collective litigation against the manufacturers of these chips, as long as they can prove that the product has serious violations, a small number of users can collectively defend the interests of the majority.
In the U.S. market, this has played a significant punitive role against some unscrupulous merchants. Although our market characteristics are not particularly "dependent" on litigation, in preventing the abuse of such AI chips, especially when they are used by the other government, we still need to be vigilant and take preventive measures, to avoid the situation where, when something happens, people scramble to find solutions but can't even find the right ones. If foreign capital withdraws at that time, leaving a mess, the victims will ultimately be our users and ourselves.
Boeing faced collective lawsuits after the Max 9 incident, Reuters
Moreover, since the U.S. is now loudly advocating for putting "backdoors" in AI chips sold to China, we should more clearly stipulate which units absolutely cannot use these imported AI chips. Especially our military, police, and security departments, as well as some highly sensitive research institutions and science and technology colleges, should be clearly included in the prohibited list. Rather than betting on whether there are no backdoors or the ability to interfere with your data, it's better to close the door tightly.
In my view, using more domestic chips is safer, because if important information is stolen or spied on due to the use of foreign AI chips, the consequences would be unimaginable.
My other suggestion is that China should designate a court to handle disputes and litigation involving imported AI chips from abroad. Why? Because AI is developing rapidly, and the technology involved is constantly changing. Therefore, professional personnel are needed to ensure that the legal aspects are properly handled. Moreover, judges, lawyers, and juries must understand these rapidly evolving technologies, otherwise they may be led around by the nose.
Therefore, I recommend that the country should recruit more lawyers or other professionals specializing in AI litigation across the country, focusing on this area of work, cooperating with the specialized AI court to connect with professional collective litigation institutions, enabling us to quickly form a complete set of institutional arrangements in terms of legal protection.
This kind of institutional arrangement can protect the legitimate interests of Chinese users and the entire Chinese society on one hand, and on the other hand, it can curb some foreign entities or organizations with ulterior motives who are trying to achieve their illegal purposes by violating Chinese laws and regulations.
These suggestions are based on my personal reflections from my experience in equity investment funds and enterprise management regarding information protection. I am a lawyer and currently the chairman of the China Association of Yale Law School, so I have been closely following the various bills being discussed in the U.S. Congress, especially the recent discussions on AI legislation in the U.S. Congress. Therefore, I hope that the domestic side can keep up with the U.S. legal developments and grasp the progress there. This way, we can be prepared for the future: the stronger the fence, the fewer the things that get stolen, and the fewer the sheep that run away.
This article is exclusive to Observers.com. The content of the article is purely the author's personal opinion and does not represent the platform's position. Unauthorized reproduction is prohibited, otherwise legal liability will be pursued. Follow Observers.com WeChat guanchacn to read interesting articles every day.
Original: https://www.toutiao.com/article/7542321369464308262/
Statement: This article represents the personal views of the author. Please express your attitude by clicking the [Top/Down] button below.