The term Artificial Intelligence – or machine learning – is a computer science technique in which models are trained to make predictions. Machine learning can be used to make predictions about any subject provided that an appropriate library is fed appropriate training data. The libraries used to train models (i.e. Tensorflow) are open source and the hardware used for training algorithms is generic. Given this, while there are many ways in which machine learning can be misused, CNS has previously recommended that the focus of control should be on training data and the trained models where either of these has been developed in relation to specific military or weapons of mass destruction end uses.[1] Some countries may go further in controlling these also in relation to human security considerations (i.e., facial recognition etc.). The potential elements to be controlled are thus as follows:
- The training data where the training dataset was designed to address a specific military or weapons of mass destruction related end use. For example, the identification of tanks from aerial reconnaissance.
- The trained model resulting from use of such training data. The model will typically be one or more computer files.
CNS has also observed that while many machine learning models can be deployed on generic computer hardware, for certain systems custom hardware is developed. For example, Tesla has designed its own hardware for running the model in Tesla cars.[2] For many military deployments of AI, it is perhaps likely that custom hardware would also be designed. For example, this could be the case on a military aircraft where the hardware must be designed to meet the operating and environmental considerations associated with the aircraft. As such, it is recommended that hardware specifically designed for running machine learning algorithms in military systems be subject to control.
In a PRC context, AI applications are applied in conjunction with a many other fields. Namely, the Five-Year Plans mention the integration of AI into manufacturing processes and other sectors to ‘intelligize’ the economy.[3] For this reason, it is important to consider how to secure AI’s applications as well as the algorithms and hardware themselves. Outside of integrating AI into manufacturing methods, AI has been used by the PRC in security and surveillance both domestically and abroad. The PRC has an initiative to develop and deploy ‘smart cities’ which integrate AI into the infrastructure of the city and incorporates systems such as automated ticketing for jaywalking. Many of these smart cities are being developed along the Belt and Road Initiative and in countries partnered to the program. The technology is being developed by ZTE or Huawei.[4] While seemingly benign, these systems, especially when deployed in foreign countries, collect large amounts of data on the movements of citizens and for the fine-tuning of facial recognition AI. This data can be used to police domestic citizens or target foreign citizens. The PRC has also shown that they can employ AI for targeted schemes to steal information from foreign companies, such as the examples in case studies 3 and 8 where hacking groups used AI to gain access to company networks and potentially digital information for strategic goods.
China’s most clear shortcoming in machine learning is the production of specialized hardware, however, not all applications of AI require specialized hardware. The capacity to develop and produce such hardware is tied to the state of China’s semiconductor and supercomputer industry, covered in their own sections below in more detail.
Russia has put together a national strategy for the development of artificial intelligence. The strategy plans to increase the country’s expertise in machine learning, create machine learning focused education programs, datasets, infrastructure and reforms of the legal architecture to greater facilitate the growth of the space.[5] The Russian government hopes to make use of the country’s strong cadre of scientists and engineers to make Russia a player in the AI space. Russian companies such as Yandex are competitive globally in certain AI applications such as image recognition and self-driving vehicles with a presence on international markets given the company’s relatively early embrace of the technology.[6] It remains to be seen how Yandex maintains this foothold in the post-24th of February reality.
Takeaways
Russia and China are both working to integrate machine learning into strategic and military systems. To do this, both countries are likely to leverage open-source software and data. They are also likely to seek proprietary models and training data including by leveraging their powerful cyber warfare capabilities. These countries may also seek to use cloud services to train their machine learning models (see the High-Performance Computing section below). Given this, entities that develop models and training data that could be used for military and strategic systems should safeguard the data including by adhering to best cybersecurity practices. Such proprietary data should not be posted openly on the internet without careful consideration, and authorities should be consulted on whether the posting of such data could constitute an export of technology as defined by national export controls.
[1] https://nonproliferation.org/export-control-and-emerging-technology-control-in-an-era-of-strategic-competition/
[2] https://www.wired.com/story/why-tesla-designing-chips-train-self-driving-tech/
[3] English Translation of “Proposal of the Central Committee of the Chinese Communist Party on Drawing Up the 14th Five-Year Plan for National Economic and Social Development and Long-Range Objectives for 2030” https://cset.georgetown.edu/wp-content/uploads/t0237_5th_Plenum_Proposal_EN-1.pdf
[4] https://e.huawei.com/en/services/industry-consulting-and-application-integration/smart-city#
[6] https://voicebot.ai/2019/05/17/local-knowledge-and-personality-help-yandexs-alice-virtual-assistant-dominate-the-russian-market/