[House Hearing, 118 Congress]
[From the U.S. Government Publishing Office]
IP AND STRATEGIC COMPETITION WITH CHINA: PART III--IP THEFT,
CYBERSECURITY, AND AI
=======================================================================
HEARING
BEFORE THE
SUBCOMMITTEE ON COURTS, INTELLECTUAL PROPERTY, AND THE INTERNET
OF THE
COMMITTEE ON THE JUDICIARY
U.S. HOUSE OF REPRESENTATIVES
ONE HUNDRED EIGHTEENTH CONGRESS
FIRST SESSION
__________
THURSDAY, OCTOBER 19, 2023
__________
Serial No. 118-49
__________
Printed for the use of the Committee on the Judiciary
[GRAPHIC NOT AVAILABLE IN TIFF FORMAT]
Available via: http://judiciary.house.gov
__________
U.S. GOVERNMENT PUBLISHING OFFICE
53-827 WASHINGTON : 2023
COMMITTEE ON THE JUDICIARY
JIM JORDAN, Ohio, Chair
DARRELL ISSA, California JERROLD NADLER, New York, Ranking
KEN BUCK, Colorado Member
MATT GAETZ, Florida ZOE LOFGREN, California
MIKE JOHNSON, Louisiana SHEILA JACKSON LEE, Texas
ANDY BIGGS, Arizona STEVE COHEN, Tennessee
TOM McCLINTOCK, California HENRY C. ``HANK'' JOHNSON, Jr.,
TOM TIFFANY, Wisconsin Georgia
THOMAS MASSIE, Kentucky ADAM SCHIFF, California
CHIP ROY, Texas ERIC SWALWELL, California
DAN BISHOP, North Carolina TED LIEU, California
VICTORIA SPARTZ, Indiana PRAMILA JAYAPAL, Washington
SCOTT FITZGERALD, Wisconsin J. LUIS CORREA, California
CLIFF BENTZ, Oregon MARY GAY SCANLON, Pennsylvania
BEN CLINE, Virginia JOE NEGUSE, Colorado
LANCE GOODEN, Texas LUCY McBATH, Georgia
JEFF VAN DREW, New Jersey MADELEINE DEAN, Pennsylvania
TROY NEHLS, Texas VERONICA ESCOBAR, Texas
BARRY MOORE, Alabama DEBORAH ROSS, North Carolina
KEVIN KILEY, California CORI BUSH, Missouri
HARRIET HAGEMAN, Wyoming GLENN IVEY, Maryland
NATHANIEL MORAN, Texas BECCA BALINT, Vermont
LAUREL LEE, Florida
WESLEY HUNT, Texas
RUSSELL FRY, South Carolina
------
SUBCOMMITTEE ON COURTS, INTELLECTUAL PROPERTY, AND
THE INTERNET
DARRELL ISSA, California, Chair
THOMAS MASSIE, Kentucky HENRY C. ``HANK'' JOHNSON, Jr.,
SCOTT FITZGERALD, Wisconsin Georgia, Ranking Member
CLIFF BENTZ, Oregon TED LIEU, California
BEN CLINE, Virginia JOE NEGUSE, Colorado
LANCE GOODEN, Texas DEBORAH ROSS, North Carolina
KEVIN KILEY, California ADAM SCHIFF, California
NATHANIEL MORAN, Texas ZOE LOFGREN, California
LAUREL LEE, Florida MADELEINE DEAN, Pennsylvania
RUSSELL FRY, South Carolina GLENN IVEY, Maryland
CHRISTOPHER HIXON, Majority Staff Director
AMY RUTKIN, Minority Staff Director & Chief of Staff
C O N T E N T S
----------
Thursday, October 19, 2023
Page
OPENING STATEMENTS
The Honorable Darrell Issa, Chair of the Subcommittee on Courts,
Intellectual Property, and the Internet from the State of
California..................................................... 1
The Honorable Henry C. ``Hank'' Johnson, Ranking Member of the
Subcommittee on Courts, Intellectual Property, and the Internet
from the State of Georgia...................................... 2
The Honorable Jerrold Nadler, Ranking Member of the Committee on
the Judiciary from the State of New York....................... 4
WITNESSES
Dr. William Hannas, Lead Analyst, Center for Security and
Emerging Technology, Georgetown University
Oral Testimony................................................. 7
Prepared Testimony............................................. 9
Dr. John Brennan, General Manager, Private Sector, Scale AI
Oral Testimony................................................. 23
Prepared Testimony............................................. 25
Dr. Benjamin Jensen, Senior Fellow, International Security
Program, Center for Strategic and International Studies
Oral Testimony................................................. 33
Prepared Testimony............................................. 36
Robert Sheldon, Senior Director of Public Policy and Strategy,
Crowd-Strike
Oral Testimony................................................. 44
Prepared Testimony............................................. 46
LETTERS, STATEMENTS, ETC. SUBMITTED FOR THE HEARING
All materials submitted by the Subcommittee on Courts,
Intellectual Property, and the Internet, for the record........ 75
QUESTIONS AND RESPONSES FOR THE RECORD
Questions submitted by the Honorable Darrell Issa, Chair of the
Subcommittee on Courts, Intellectual Property, and the Internet
from the State of California, for the record
Questions to Robert Sheldon, Senior Director of Public Policy
and Strategy, Crowd-Strike
Questions to Dr. John Brennan, General Manager, Private Sector,
Scale AI
Questions to Dr. William Hannas, Lead Analyst, Center for
Security and Emerging Technology, Georgetown University
Response from Dr. William Hannas, Lead Analyst, Center for
Security and Emerging Technology, Georgetown University
Questions to Dr. Benjamin Jensen, Senior Fellow, International
Security Program, Center for Strategic and International
Studies
Response from Dr. Benjamin Jensen, Senior Fellow,
International Security Program, Center for Strategic and
International Studies
IP AND STRATEGIC COMPETITION WITH
CHINA: PART III--IP THEFT, CYBERSECURITY, AND AI
----------
Thursday, October 19, 2023
House of Representatives
Subcommittee on Courts, Intellectual Property, and
the Internet
Committee on the Judiciary
Washington, DC
The Subcommittee met, pursuant to notice, at 10 a.m., in
Room 2141, Rayburn House Office Building, the Hon. Darrell Issa
[Chair of the Subcommittee] presiding.
Present: Representatives Issa, Cline, Gooden, Kiley, Lee,
Johnson, Lieu, Ross, Dean, and Ivey.
Also present: Representative Nadler.
Mr. Issa. The Subcommittee will come to order.
Without objection, the Chair is authorized to declare a
recess at any time.
We want to welcome everyone here to the hearing on China:
IP Theft, Cybersecurity, and AI. Please have a seat.
I will now recognize myself for a short opening statement.
First, for everyone in attendance, especially our
witnesses, I want to thank you for your indulgence as we have
had a series of missteps and delays in what I believe is one of
the most important hearings that this Subcommittee will have
this year.
Our panel of experts understand all too well the critical
threat faced by the communist Chinese Government. I always say
the ``Communist Chinese Government,'' so as to differentiate it
from the government in Taiwan, which, at one time, was known
for disregarding patents, trademarks, and the like but has done
an about-face over the last several decades, and now is very
much part of a community that is responsible in its actions
toward intellectual property.
With the advent and growth of artificial and regenerative
artificial intelligence, one of the key activities that we see
the Chinese Government doing is, in fact, predictive use of AI
to both steal real intellectual property and also to box off
and, in fact, deny real inventors their intellectual property.
The cyber warfare conducted by the Chinese Government is
not new. In fact, the Chinese military itself has divisions
that exist both to steal military secrets and commercial
activities.
In the coming years, AI will pose a transformative
relationship to all industries, but it also will particularly
affect cybersecurity. A supercomputer that can break any code,
a supercomputer that can anticipate changes and the like, can,
in fact, completely neuter existing cybersecurity systems. As a
result, AI will be fighting against AI in cybersecurity.
We will hear shortly if China wins the cyber-AI arms race.
Their ability to steal technology and harm, not just our
country but the free world, will, in fact, be permanent.
To be sure, American AI development must be done carefully,
ethically, and with respect for the values that make us
different than the Chinese adversaries.
Today's hearing should make clear to everyone how important
the 21st century arms race is, not only to Republicans and
Democrats, but to all Americans, and particularly to those who
want to be the inventors and the innovators of the future.
I hope all my colleagues on both sides of the aisle will
join with me in seeing the importance of urging the
administration--my opening statement says, to shift their
priorities, and I will modify that by saying, to enhance and
expand their priorities, to meet the challenge.
All of us must come together as AI users, creators,
technology companies, and, yes, the government, to meet this
challenge. No less than the American way and the free world
advancements we've had since World War II are at stake.
I want to thank all our witnesses for being here today.
With that, I recognize the Ranking Member, Mr. Johnson, for
his opening statement.
Mr. Johnson of Georgia. Thank you, Mr. Chair, for holding
this important hearing. Thank you to our bipartisan slate of
witnesses for being willing to share your perspectives with the
Committee today, and thank you for your forbearance in our
having to postpone this hearing in the past.
Americans cannot pick up a newspaper without a near daily
reminder that artificial intelligence, or AI, is transforming
the world as we know it. With a few keystrokes, a layperson can
generate an image indistinguishable from a photograph and can
make a business plan based on AI-driven, supply chain
predictive analysis, or write code for a new application.
Langston Hughes may have died over 50 years ago, but
sitting here today, I can ask ChatGPT to write an original poem
in his style.
AI innovations have sparked necessary debate about
intellectual property protections for both the owners of the
massive quantities of data used to train AI models and the
authors of final products of AI-assisted works. The disruptions
to society don't end there. Looming behind labor disputes lie
questions about the future of work when AI is used by the
powers that be to replace writers, technicians, and auto
workers.
I'm committed to working with my colleagues across the
aisle to protect creators, inventors, and intellectual property
rights overall, while encouraging innovation and invention. We
are here today to talk about just one of the many ripple
effects of AI innovation: How AI is being used and can be used
in the future to augment China's strategy toward the United
States.
As a global leader in AI innovation, the People's Republic
of China, or PRC, is in a unique place to deploy AI before many
other Nations. If the PRC chooses to use AI to increase its
authoritarian hold over its own people, to advance its cyber
espionage strategy, or to interfere in its neighbor's
elections, such actions will undermine competition and
innovation, not just in China, but around the world.
Since the PRC entered the World Trade Organization 20 years
ago, it has endeavored to gain American data, intellectual
property, and our Nation's secrets. Cyber intrusions from the
Chinese Government or affiliated groups have successfully
infiltrated the United States Department of Justice, our
military bases, and businesses across the country.
The adoption of AI only increases China's ability to
continue these tactics. So far, China has tested swarms of AI-
powered drones, used AI-generated propaganda to target U.S.
politics, and stolen AI technology from U.S. companies.
Experts disagree as to how far China has advanced in AI
development. Indeed, many argue that AI innovations are
happening so quickly that it is difficult to know what the
technology can and cannot do at any given time. There is a
consensus that the United States, with its broad array of
businesses, strong intellectual property protections, and
widespread investment in scientific research, is ahead of most
other Nations.
Many Americans believe that it is incumbent on the United
States to lead. I am one of them. Leading in development alone
is not sufficient.
The European Union this summer took steps to regulate
artificial intelligence by passing draft legislation that the
EU is calling, quote, ``the world's first comprehensive AI
law.'' Even China has issued interim guidelines to regulate the
use of generative AI in theory, if not in practice.
Of the leading Nations on AI, the United States stands out
for its absence of basic rules of the road. American technology
companies and industry leaders have called on the U.S.
Government to regulate AI and curtail the privacy and security
risks posed by the technology.
I'm eager to hear from our witnesses whether Congress can
properly regulate AI, while allowing the innovation to
flourish. We should not stop there. To succeed, we need
international collaboration and cooperation in the form of a
multinational agreement on privacy and security.
It is only when the leading Nations on AI, including China,
agree to AI, intellectual property, privacy, and security
principles, that we can take full advantage of the benefits AI
promises.
I look forward to hearing from our witnesses, and I yield
back the balance of my time.
Mr. Issa. I thank the gentleman.
We now recognize the Ranking Member of the Full Committee,
Mr. Nadler, for his opening statement.
Mr. Nadler. Thank you, Mr. Chair, for holding this
important hearing today.
Like any new technology, AI can be used for good purposes
or for bad purposes, and it has startling political potential.
For example, using AI, one could generate political ads,
convincing political ads, showing Jim Jordan endorsing Joe
Biden or me endorsing Donald Trump.
During our first hearing of this series, I noted that the
Government of the People's Republic of China, or PRC, has both
manipulated the free-market system and used outright, illegal
means to acquire other nations' intellectual property. In a
field that largely relies on players to act in good faith,
acquisition of new technologies through theft, cyber espionage,
and other forms of subterfuge is part of China's broader
national security and economic strategy. In no other field of
innovation is this truer than in that of artificial
intelligence.
The raw material of AI is data. This is why entities backed
by the PRC are taking steps to acquire massive quantities of
data from the United States and its allies, and they are using
all means at their disposal to do so.
Within the past decade, we have seen well-publicized data
thefts originating in China, such as the 2015 data breach at
the U.S. Office of Personnel Management, the SolarWinds hack
back in 2020, and the Microsoft Exchange hack in 2021. The
thefts that make headlines are just a small fraction of the
total. According to a 2022 report by CrowdStrike, which is
represented here today, China was behind 67 percent of cyber-
attacks between mid-2020 and mid-2021.
Because the Chinese Government exercises authoritarian
control over the country's economy, many companies in the PRC
are state-affiliated, maintain close ties to military and State
security services, and are susceptible to State coercion, or
all three.
This blurs the lines between public and private collection
of Americans' data. Chinese-affiliated actors are buying data
from commercial data brokers. They are also collecting data on
U.S. persons through Chinese-owned software applications such
as TikTok and medical diagnostic platforms like the DNA-
sequencing company BGI.
Even as the Chinese Government attempts to gain access to
as much data as possible from the United States and its allies,
Chinese officials have taken legal and regulatory steps to
limit access to data that originates in China. They have
implemented controls that prevent the export and use of such
data outside the PRC. Their goal is to gain an unfair advantage
over other nations, first by obtaining greater quantities of
information, and then by using that information to create new
AI capabilities.
The widespread acquisition and deployment of AI by China
has implications for the world at large. Using the power of AI,
a hacker can scour a network for so-called zero-day
vulnerabilities in seconds. An espionage agent tasked with
spreading disinformation can create a video that appears to
show a domestic political dissident or a foreign political
leader confessing to a crime or endorsing the wrong candidate,
as I said before.
A police state can track persecuted groups and quell
dissent, as the Chinese Government has already done with
members of its Uyghur minority.
Until now, the PRC's influence campaigns have mostly
targeted its own people, focusing on sources of internal
friction such as the status of Taiwan and COVID-19. For
example, the DNI found that China did not attempt to influence
the 2020 Presidential elections. Many experts agree that
posture is swiftly changing, which means that the threat posed
by China's development of AI is growing.
Recently, The New York Times reported that in an attempt to
sow discord within the United States, China used AI-generated
images to spread conspiracy theories about the Maui wildfires
that caused the deaths of nearly a hundred Americans.
Whether these particular deepfakes were successful remains
to be seen, but the danger is unmistakable. Addressing that
danger begins with understanding the full nature of China's
artificial intelligence strategy and the steps Congress can
take to help address the threats posed by it.
For that reason, this series of hearings is absolutely
crucial. At the same time, I would also like to add that I
appreciate the tactful manner with which these hearings have
been conducted.
Even as we protect our national security and intellectual
property, we continue to see common ground with China on issues
that affect both our countries, such as fighting climate
change. Even when we express deep concern over actions taken by
the authoritarian Chinese Government, we recognize that those
actions do not represent the will of the Chinese people.
The United States, meanwhile, is home to an estimated 17.8
million Asian Americans, including many residents of the Upper
West and Upper East sides of Manhattan.
Like so many lawmakers, I have heard from Asian-American
constituents who are terrified by the rise in anti-Asian hate
and anti-Asian violence that we have seen as friction grows
between the PRC and the United States.
I am glad that our hearings have called attention to the
very real national security and economic challenges America
faces from the policies of the Chinese Government, without
demonizing the more than one billion people who live in China
or the millions of Asian Americans who make our communities and
country stronger every day.
I am hopeful and confident that our important work will
continue, not just in this hearing, but in the weeks and months
to come.
Thank you, Mr. Chair, and I yield back the balance of my
time.
Mr. Issa. I thank the gentleman.
Without objection, all other opening statements will be
included in the record.
It's now my honor to introduce our distinguished panel of
witnesses.
Dr. William Hannas is the lead analyst at Georgetown Center
for Security and Emerging Technology. Prior to joining CSET, or
C-S-E-T, he was a member of the Senior Intelligence Service at
the Central Intelligence Agency, where he served as an expert
on advanced technical projects and was the three-time recipient
of the McCone Award for technological innovation.
Dr. Hannas has also served as Assistant Professor of
Chinese at Georgetown while concurrently serving with the CIA's
open source enterprise.
We are also joined by Dr. John Brennan. Dr. Brennan is the
general manager, public sector, at Scale AI. He has 25 years of
experience across the public and private sectors, and has
developed and led programs in cloud computing, data science, in
support of intelligence collection and analysis, cybersecurity,
new product innovation, and supply chain.
He has also served our country in the United States Army
with the Central Intelligence Agency and the Office of the
Director of National Intelligence.
We're also joined by Dr. Benjamin Jensen. Dr. Jensen is a
Senior Fellow for future war-gaming and strategy in the
International Security Program at the Center for Strategic and
International Studies. He is also a Professor of strategic
studies at the Marine Corps University School of Advanced
Warfighting.
Dr. Jensen has worked with the Defense Advanced Research
Projects Agency of the Marine Corps Warfighting Lab, NATO, and
the U.S. Army, and a range of other government agencies and
foundations to develop war games and scenario-driven exercises.
Mr. Robert Sheldon. Mr. Sheldon is the Senior Director of
Public Policy and Strategy at CrowdStrike, where he leads
corporate engagement on a variety of U.S. Federal, State, and
local government policies, programs, and initiatives. He runs
CrowdStrike's election security initiatives, serves as its
company's representative to the Joint Cyber Defense
Collaborative and IT Sector Coordinating Council, and heads the
Congressional Affairs practice.
Mr. Sheldon also serves as an Adjunct Professor/Lecturer on
international cybersecurity policy at the American University
School of International Service.
We seldom have this much--no, let me rephrase this. On this
side of the dais, we never have this much intellect, and even
among our distinguished witnesses, all of you stand out.
Pursuant to Committee Rules, I would ask that you please
all rise now to take the oath.
Raise your right hand.
Do you swear or affirm under the penalty of perjury that
the testimony you are about to give will be the truth and
correct to the best of your knowledge, information, and belief,
so help you God?
Please be seated.
Let the record reflect that all witnesses answered in the
affirmative.
Please know that as witnesses, all your written statements
and collateral material you wish to give us will be included in
the record. So, with that, I would ask that you limit your
actual oral statements initially to five minutes to allow
plenty of time for everyone to speak.
I will mention--and I apologize that there has been
scheduled a conference for the majority at 11 o'clock. That
does not mean we'll necessarily adjourn at that moment, but it
does mean that Members will be a little rushed, and we'll try
to get as many in as we can before that.
So, with that, we go to Dr. Hannas first for your five
minutes. You're recognized.
STATEMENT OF DR. WILLIAM HANNAS
Dr. Hannas. Chair Issa, Ranking Member Johnson,
distinguished the Members of the Subcommittee and staff, I'm
grateful for the opportunity to join today's hearing on two
topics that have fascinated and, frankly, terrified me over the
past decades; namely, China's use of foreign technology to fuel
its science and technology enterprise and China's drive to
become the world's leader in artificial intelligence.
I'm a founding member of Georgetown University's Center for
Security and Emerging Technology where I work with a small team
to identify threats posed by Chinese AI. Prior to that, as
stated, I was with the CIA where I managed open-source
exploitation of Chinese S&T materials and built a program to
track China's transfer of U.S. technologies.
These efforts culminated in two books on ``Chinese
Industrial Espionage,'' and ``China's Quest for Foreign
Technology,'' which became de facto handbooks, and the recent
volume--co-authored volume, ``Chinese Power and Artificial
Intelligence,'' a comprehensive look at Chinese AI.
China's technology transfer programs date from 1956 and
cover every imaginable practice and venue. The link with AI,
besides China's use of its collection apparatus to tap global
AI know-how, is the likelihood that China will soon, if it has
not already, used AI for cyber exploits to further its transfer
agenda, an unholy marriage in which advances in the one
promotes progress in the other, multiplying existing threats to
U.S. and allied security.
I'll talk about these three in turn. First, to Chinese
technology transfer practices. It's impossible to condense some
700 pages of book narrative, terabytes of unclassified data, a
mile-long list of known cases, and two decades of horror
stories, into this brief space.
My testimony accordingly is limited to an overview of how
the Chinese transfer system operates, with emphasis on so-
called extralegal or gray area transfers, maneuvers, at which
China excels and which are devilishly hard to track.
Chinese artificial intelligence. My team does not share the
perception that China's alleged lag in generative AI--that is,
large language models--absolves us from concern because (A)
they're not that far behind; (B) China need not be at the cusp
to adapt these models wherever it wishes; and (C) it can
literally beg, borrow, and steal what it needs to be
competitive; and (D) finally, and I think most importantly,
China is aggressively pursuing alternative paths to advanced AI
aimed at artificial general intelligence and a first mover
advantage.
China's use of tech transfer to further its AI program.
This is two-sided. While respecting China's home-grown efforts
to build advanced AI which we have come to greatly admire--they
do a lot of the good indigenous work--China has not shied from
acquiring AI technology from abroad. My team has documented
China's use of each of its acquisition venues to advance its AI
program. Legal venues of support provided by U.S.
multinationals are on a scale that shocks even this jaundiced
observer.
A case against China's efforts to relieve the world of
proprietary technology is easier to make now than years before,
as evidenced by today's hearing. Myths die hard, such as the
notion that China can't create in AI or other high-tech
disciplines--they can--that it will always be behind--that's
not necessarily true--or that exposure to democracy will lead
to responsible behavior. We all know how that experiment turned
out.
The United States Intelligence Community (USIC), of which I
was a part, and to that extent responsible, should also be held
accountable for its failure to seriously pursue so-called
science and technology, S&T, intelligence; that is, identifying
and monitoring foreign S&T threats, and for relegating open
source intelligence to an enabler of classified collection
rather than regarding open source as an entity worth pursuing
in its own right.
In sum, I'm arguing that you can't make good policy if you
don't have good data. Our efforts to monitor foreign science
and technology, inherently an open-source exercise, are,
frankly, pathetic. They're worse than useless because these
cosmetic efforts are seen as evidence of measures in places
where there are few or none. China, by contrast, runs a world-
class open-source S&T intelligence network with a staff, by
their admission, of more than 100,000 professionals that is
light years ahead of us.
Accordingly, I recommend establishing an entity within the
U.S. Government--for lack of a better name--a national science
and technology analysis center--outside the USIC, or if that
isn't possible, as a stand-alone unit directly within--under
the Director of National Intelligence, to collect, analyze,
forecast, give timely policy support and, as needed, help
mitigate or interdict foreign S&T threats. Since China's
ability to appropriate technology is part of its S&T posture,
the center would also track these transfers using unclassified
data and tradecraft honed by open-source experts.
As for the threat to U.S. IP generally, we've appended to
our written testimony some 18 proposed legislative and
institutional remedies that address the problem in a nuanced
fashion.
That's all I have to say.
[The prepared statement of Dr. Hannas follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Issa. Thank you.
Dr. Brennan.
STATEMENT OF DR. JOHN BRENNAN
Dr. Brennan. Chair Issa, Ranking Member Johnson, and the
Members of the Subcommittee on the Courts, Intellectual
Property, and the Internet, thank you for the opportunity to be
here today.
My name is John Brennan, and I joined Scale AI in April to
lead our public sector business. This work puts me at the
crossroads of AI development, government adoption, and its
proper governance structure.
Supporting the Federal Government is deeply personal to me.
I come from a family with five generations of service to our
Nation. I have always felt a strong commitment to ensuring the
U.S. leads the world in adopting next-generation technologies
that support our democratic values.
Scale was founded in 2016 with the mission of accelerating
the development of AI. Scale creates training data, fine-tunes,
red teams, tests and evaluates the leading frontier large
language models and computer vision system. This puts us in a
unique vantage point to best understand the development of
safe, secure, and trustworthy AI for the public and private
sectors.
While AI is more accessible today, this does not mean the
technology is new. Despite years of global investment in the
development of these technologies in the U.S., China has a
clear lead in certain areas of AI technology, such as computer
vision for facial recognition. This is concerning because
China's using the technology to suppress the Uyghurs and
surveil its population.
The U.S. is ahead when it comes to large language models
and generative AI, though this leadership is at risk. Since
2020, China has launched 79 large language models, launched
tens of national AI labs, and has been heavily investing in
both the compute necessary to power AI and the engineering
talent to develop it.
Additionally, this year alone the Chinese Government's
investment into AI is at $14.75 billion, which stands in stark
contrast to the administration's Fiscal Year 2024 proposal for
$5.5 billion in Federal AI spending.
It is critical that the AI is developed and trained in
alignment with democratic values. Currently, the best LLMs are
developed by some of the leading U.S.-based engineers, and the
data they are trained on reflects our democratic ideals.
If the U.S. does not continue to invest in developing
generative AI, we risk letting the ideals of the Chinese
Government drive AI development around the world. It is
imperative that the United States maintains this momentum if we
want the most transformative technology of this era to reflect
our leadership.
The U.S. has always led the world in adoption of new
technologies, and AI will be no different. When it comes to
governance, it is better to be right than to be first. To do
this, we must work and lead the development of AI through
governance frameworks that enable innovation, while putting in
place the proper guardrails.
Globally there's no shortage of proposals being generated
and passed, and all boil down to a key question: How do we know
the AI is safe to deploy?
Scale firmly believes that the best way to ensure AI safety
is through active and constant data fine-tuning, through
reinforcement learning with human feedback, red-teaming to
expose vulnerabilities, and then applying a risk-based approach
to test and evaluate to ensure that the AI is safe to deploy.
These evaluation methods can incorporate ideals that are
critical to protect, like property rights over copyrighted
materials and other intellectual property.
For these reasons, the administration has recognized the
value of red-teaming and test and evaluation, both in the
voluntary commitments that more than a dozen leading companies,
including Scale, have agreed to, and through their support for
the DEF CON 31 AI Village red team event.
Beyond putting in place the right mechanisms to ensure the
development of safe and responsible AI, Congress must play a
role to help enact the right governance structure.
In the United States, we have also seen actions that are
helping to establish the right foundation. The 2019 AI
Executive Order was a key step to help get our Federal agencies
ready to adopt AI. More recently, the release of the NIST AI
Risk Management Framework, a blueprint for an AI bill of
rights, and the Biden-Harris voluntary commitments are
essential precursors to any comprehensive legislative package.
Like other emerging technologies, it's also important to
first understand any deficiencies within the current or
existing laws. Once these gaps are identified, we can address
them through rulemaking and new legislation.
While it might feel urgent to act swiftly to keep up with
global developments and maintain the United States' strategic
advantage, one of the most important things we can do now is to
establish an effective regulatory framework that will
ultimately be the approach the rest of the world wants to
adopt.
Thank you again for the opportunity to be here today, and I
look forward to your questions.
[The prepared statement of Dr. Brennan follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Issa. Thank you.
Dr. Jensen.
STATEMENT OF DR. BENJAMIN JENSEN
Dr. Jensen. Chair Issa, Ranking Member Johnson, and
distinguished Members of the Subcommittee, I'm going to build
off some of their points, and I'll be on time because you have
two Army officers in a row, so you're welcome for that.
Mr. Issa. Go Army, beat Navy.
Dr. Jensen. I had to do it to you, sir.
No, honestly, I'm kind of envious when I look at you as
legislators. You're sitting at a critical moment in history,
and just separate all the noise for a second and think about
the task at hand. If you get this right, if we get this right,
you set the foundation for economic growth, prosperity, and
protecting free markets and open societies for the next
generation.
So, I'm honestly humbled as a citizen to even be part of
helping you have that dialog, and I thank you for continuing to
draw attention to it.
Although, now I'm going to be a bit of a downer and talk
about the Chinese Communist Party and economic warfare, because
it actually--we can't separate your responsibility to us as a
Nation from someone actively trying to undermine it.
So, I don't think this competition needs to turn to
conflict, but it will almost certainly continue to see networks
of operatives wage systematic cyber espionage campaigns.
Put simply, China is trying to cheat its way into the top
of industries in the 21st century. The intellectual property
they don't subsidize or buy through shell companies, their
cyber spies will steal. It would be foolish to think their
quest for dominance in AI would be any different.
Let's start with the facts on this. According to the Dyadic
Cyber Incident and Campaign Dataset, an academic dataset that
studies cyber statecraft, the Chinese Communist Party and
leading the PRC is the world's most egregious actor in terms of
cyber espionage targeting private firms and linked to stealing
intellectual property. Since 2000, China's been associated with
90 documented cyber espionage campaigns against rival states.
That's 30 percent more than Russia, to put that into context,
and I know we all know Moscow is not the good guy there. The
actual number is likely higher, and each instance sees multiple
businesses targeted in overlapping priority industries that's
specified in the Made in China 2025 Plan. They're targeted,
they're deliberate.
The scale of the theft is just staggering. A survey of
chief financial officers estimates that one in five U.S.
corporations has had their IP stolen. Just think about that for
a second--one in five--and I'm sure there's another one that's
just not saying.
Some of the leading generative AI systems, in fact, come
out of nonprofit research labs that grew out of tech
accelerators and not Fortune 500 companies. Why that's
important is, if you're a small veteran entrepreneur--I know
Representative Cline's done work on that--if you're a small
business and you're scraping by to make payroll, are you really
buying high-end cybersecurity to protect yourself?
They have to make hard choices and, frankly, our most
innovative companies are the 44 percent of our economy that's
in small businesses that are most at risk from the world's
largest thief.
I want you to imagine for a second a young startup, using
generative AI to develop entirely new chemical compounds and
materials that could support the green economy. Communist
Party-linked advance persistent threat groups could scan the
internet for key technologies of interest--you can openly look
up, as you know, patents, and where VC money and patents kind
of come together is a good indicator--and then they could just
go ahead and steal it.
The case is not far-fetched. In 2014, a U.S. grand jury
indicted five agents of the People's Liberation Army for
hacking Solar-
Worlds, a firm that was about to release a revolutionary new
solar cell.
Every entrepreneur with a new idea for applying generative
AI to solve a problem is a target for the largest authoritarian
regime the world has ever seen.
Even more disconcerting, APT's link to the Communist Party
could seek to undermine cloud computing and chip infrastructure
the new AI economy relies on. Imagine an entirely new form of
economic warfare in which hackers poison datasets and digitally
sabotage data centers in rival States.
Again, this is not as farfetched as it sounds. In 2023, a
network of still unidentified hackers--I think we have a good
idea who they might be--gained login credentials from major
data center operators.
The strategic logic of corrupting rival States' data will
only grow as the Communist Party trying to keep data inside
China. Therefore, the question before you is; what can Congress
do to protect American businesses in this new era of
competition? I'll conclude with a few thoughts.
First, there is no cybersecurity without cloud security.
Generative AI models require access to large datasets and
computer power to learn. Helping companies find ways to protect
their data, without stifling innovation, is a critical national
security challenge.
If we thought of national security in terms of
cybersecurity along these lines, the loss of hundreds of
billions of dollars in IP theft would be unacceptable. It would
be the equivalent of every ship in the Navy sinking each year.
Second, we have to probably get to what you heard my
colleague talk about, to think about how you would go about
regulating the gray space used to actually support tech
transfers.
This isn't just an AI issue. We have American ships and
Shahed drones that are hitting Ukraine and hopefully don't hit
one of our other major partners and allies.
Third, this is going to get hard--how do you, without
overstepping, actually give grants to small businesses, what
CISA does to the dot-gov that actually help them secure their
own networks so they can focus on being innovative?
In closing, competition is inevitable. Conflict is not. I
think that we can make sure we keep this as competition and not
conflict if we maintain the strength of our economy through
protecting small businesses and the innovation that drives
America. I thank this Committee in particular for really taking
the lead on that.
[The prepared statement of Dr. Jensen follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Issa. Thank you.
Mr. Sheldon.
STATEMENT OF MR. ROBERT SHELDON
Mr. Sheldon. Chair Issa, Ranking Member Johnson, and the
Members of the Subcommittee, thank you for the opportunity to
testify.
The People's Republic of China presents significant threats
to U.S. national interests today. This Subcommittee, in the
previous hearings in the series, has done an admirable job of
highlighting the scope and scale of these threats. From the
military and diplomatic arenas to all areas of economic and
trade relations, the U.S. faces a formidable set of challenges.
CrowdStrike, as a leading U.S. cybersecurity company with
global visibility, has a useful vantage on Chinese actions in
this space. As a technology, threat intelligence, and services
provider for the Federal Government, as well as a commercial
provider serving major tech companies, 15 of the top 20 largest
U.S. banks, and thousands of small-and medium-sized businesses,
we confront all manner of cyber threats.
As a brief primer, CrowdStrike tracks threat actors
according to three primary motivations: Nation-State, criminal,
or hacktivist interests. When we develop sufficient visibility
on these groups to identify or attribute them, we assign them a
code name. Under this system, Chinese Government-related threat
actors are referred to broadly as Pandas. Individual groups
receive specific names like Judgment Panda or Vanguard Panda,
which often derive from community-based identifiers.
These groups are numerous and prolific. Out of over 220
named actors CrowdStrike tracks at the time of this writing,
over 50 are Panda groups. For scale, that exceeds the number of
groups we track from Russia and North Korea combined.
It's clear that some Panda actors are quite capable. For
example, in July, Chinese threat actors once again exploited
authentication flaws in a major software company's office
productivity and email platform, this time resulting in threat
actors' unauthorized access to the email of two Cabinet
Secretaries. Under slightly different geopolitical conditions
or adversarial objectives, these incidents could've enabled
scaled, destructive attacks.
The nexus between cybersecurity and artificial intelligence
isn't new, but the intersections are increasing and
diversifying. For most of the history of the cybersecurity
industry, defenses were primarily reactive. An organization
would be breached. At some later point, and sometimes much
later indeed, malicious artifacts from that breach would be
recovered and disseminated among the security community.
Vendors would periodically update signatures in their products
based on those artifacts, which would limit their impact going
forward. When the artifacts changed even slightly, the process
would start again.
Starting approximately a decade ago, CrowdStrike pioneered
an approach leveraging machine learning and AI to enable a more
proactive defense. The innovation focused on detecting
anomalous behavior in a chain of system events. A tiny software
agent deployed to end points would stream hashes of system
events back to a secure cloud environment. AI and machine
learning applied against the data in the cloud, as well as AI
deployed on the agent itself, would work in concert to detect
and prevent threats in real time. Crucially, this approach
would work at a scale even for completely novel threats.
Today, defenders also leverage AI for vulnerability
management, robust identity threat detection and response, and
a host of other use cases. For our part, most recently, we've
created a capability leveraging large language models, or LLMs,
to provide a natural language interface to key cybersecurity
tools. This will radically simplify and speed up work analysts
do daily and make certain cybersecurity roles more accessible
to people with different skills or less formal training.
Of course, adversaries will also leverage AI. Threat actors
have expressed interest in a number of areas. These include
crafting more persuasive lures for phishing attacks,
vulnerability discovery, exploit and malware development, bulk
data processing, and deepfakes. I've included more detail on
these threats and others in my written statement.
As the Committee continues its work on AI, I'd like to
offer a few recommendations.
First, support continued AI innovation for fields like
cybersecurity. Although threat actors will leverage AI, it's
important to recognize the significant, current benefits AI is
driving in cybersecurity now. Today's solutions overperform, by
a wide margin, legacy tools that do not leverage AI.
Importantly, attackers will continue to leverage AI to innovate
regardless of the rules of the road for defenders.
Second, invest in threat intelligence. The security
community must continue to monitor threat actors engaged in
intellectual property theft and the use of AI for malicious
purposes. The more we understand about these groups, their
targeting practices, their resources, and their constraints,
the more accurate a threat model we can develop to help us
defend against them.
Third, promote U.S. Federal cybersecurity. U.S. Government
faces among the most severe threat environments of any
organization globally. To the extent that threat actors are
able to leverage AI to enhance their capabilities, the U.S.
Government will be an early target. Moreover, findings from
successfully defending Federal agencies can support the
development of best practices of value to other sectors like
academia, commercial enterprises, and nonprofits.
Thank you again for the opportunity to testify today, and I
look forward to your questions.
[The prepared statement of Mr. Sheldon follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Issa. Thank you.
I want to announce to everyone that shortly after 11
o'clock, we've agreed, on a bipartisan basis, we'll take a
recess of approximately an hour. So, if our witnesses can
indulge us by having an early lunch and plan to be back here
around noon, our intent is to begin coming back and I'll
reconvene.
There may be an intervening vote that we'll have to leave
for, but, if at all possible, I want to get everyone an
opportunity to ask their questions. This is too important to
not find a way to get it done today.
With that, we go to the gentleman from Virginia, Mr. Cline.
Mr. Cline. Thank you, Mr. Chair. I thank the witnesses for
being here.
This is a timely topic and some harrowing scenarios that
have been painted here, Mr. Sheldon and Dr. Jensen.
I want to ask Dr. Brennan, you stated that China has also
started to craft its own AI governance framework that requires
adherence to Communist Party principles. Can you describe those
principles?
Dr. Brennan. Yes. It's very specific, Congressman. Thank
you for the question. They have language in the draft
regulation like you cannot use artificial intelligence to
subvert the government, and you cannot use it to promote any
principle other than those that the Communist Party agrees to.
So, it's very oppressive and very counter to the ideals that I
think we all hold, and it's very transparent.
Mr. Cline. How does a U.S. company collect and prepare data
for AI training, and how does this compare to how Chinese-
backed companies collect and prepare AI data?
Dr. Brennan. Thank you for the question, Congressman.
First, we start with the rule of law and respect for
intellectual property. We use contracts to define the
relationships between our customers, the large language model
builders, and the services that we're providing, which is
helping them create exquisite training datasets, whether it's
for a large language model or for the self-driving car
industry. The customers are responsible for ensuring that they
have a legal right to the data that they're sharing with us for
labeling and annotation that we perform that's part of either
the training process or the test and evaluation process.
Mr. Cline. The Chinese-backed companies, how do they
compare?
Dr. Brennan. In general, I think from the open-source
information and from our recent warning by the Five Eyes
intelligence leaders yesterday, China's engaged in a broad,
organized espionage effort against intellectual property around
the world. They take that data and information and give it
either to their ministries, defense organizations, or to the
State-owned companies that are acting on their behalf.
Mr. Cline. Are U.S. companies taking appropriate steps to
protect their IP and data collection, and if so, can you
describe how they're doing so?
Dr. Brennan. I think this is improving. As a victim of the
OPM hack that took all our security clearance data base several
years ago, we're all keenly aware of the risk that cyber actors
play.
It's important that agencies like CISA and the Department
of Homeland Security continue to have the education and
awareness programs that they have, to teach small businesses,
universities, and schools, how to have proper cyber hygiene.
A good colleague of mine, even recently, was the victim of
ransomware in a family business. So, it's happening all the
time, it's a persistent threat, and we need to think about it
like changing the batteries in our smoke detector; it always
has to happen.
Mr. Cline. You've spoken today about how China acquires
foreign high tech, including investments or acquisitions of
companies and PRC-backed venture capital funds. The
Congressional Research Service recently addressed this topic in
an article related to Light Detection and Ranging Technology,
also known as LiDAR. The LiDAR market is developing and
advancing quickly, and PRC firms are advancing in this area
through access to the U.S. market and technology.
Would it be fair to say that LiDAR integration is a risk
for both computer vision systems as well as generative AI?
Dr. Brennan. As you know, the United States regulated the
remote sensing industry for a number of years and has loosened
that, and we've all benefited from global positioning satellite
capabilities to drive around. Self-driving cars and other
industries use full-motion video, LiDAR, and other technologies
to create the computer vision models that they need to perform
well.
I could imagine, if I put on my former hat, that
information like that would be an attractive target to the
Chinese Communist Party and the People's Liberation Army. So,
like all the other data that's used in the self-driving car
industry, it's a high bar for safety, and those companies are
keenly aware of the security that they need to apply and
leverage some of the leading security capabilities as you'll
hear about today, I would imagine.
Mr. Cline. So, LiDAR data could be used to train AI or make
real-time decisions with generative AI, based on the training
data it's been given?
Dr. Brennan. So, the generative transformers that Google
invented in 2017, we've mainly seen applied to language so far,
but it could be applied to other data. It's a large matrix, and
I think we'll see more experimentation and other modalities in
the coming years.
Mr. Cline. What concerns do you have that China could use
data compiled by LiDAR systems to acquire sensitive information
and use this information to conduct military or industrial
espionage to gain operational advantages?
Dr. Brennan. In warfare, things like understanding the
terrain and weather can be classified as secrets. So, any
sensor, LiDAR or other otherwise, that helps you understand the
general condition or terrain is an important asset, and we
would need to protect it in the United States.
Mr. Cline. Thank you. I yield back.
Mr. Issa. Thank you.
We now go to Ms. Ross.
Ms. Ross. Thank you, Mr. Chair and Ranking Member, for
holding this very important hearing. I also serve on the
Science, Space, and Technology Committee, as do a couple of
other Members of this Subcommittee, and we're exploring this
very issue.
I understand the potential of AI to launch our country into
a new era of innovation. For example, I've heard from
healthcare organizations in my district--I represent the
Research Triangle area of North Carolina--about ways that AI
has revolutionized their processes, from analyzing large swaths
of medical data to informing research to help doctors more
quickly log patient data. I also recently read an article about
how AI has helped with breast cancer detection and been more
accurate even than human detection.
Our country has been on the cutting edge of science and
technology for decades, and I know that to maintain that
position, especially when facing competition with China and
other superpowers, we need to harness the power of AI.
That said, we should not sacrifice individual privacy and
intellectual property protections purely for the sake of
outcompeting China. Just because China is willing to forego the
rights of individuals and creators in the name of competition
does not mean that we should lower our standards and risk-
driving innovators away from our country.
Dr. Brennan, access to vast amounts of unique data is
critical to achieving high-performance AI models. Can you
describe how disparate policies around data collection and
access play a role in our competition with China?
Dr. Brennan. Thank you for the question, Congresswoman. I
think what's important for us to preserve, as you outline, is
the checks and balances we have in the public sector on
government activities. Whether it's the Institutional Review
Board process for experimentation with human subjects or the
sort of classification methods that we use for our intelligence
data, each of those rules was set up in a time and place to
protect, not only the civil liberties that are related to them
and the rights, but also the public service or the public good
that's trying to be articulated.
Just as our government dealt with the digitization of
information from paper and memos to the internet and email, we
have cybersecurity professionals and policies that can help us
properly protect the information.
Now, there is still a need for the government to feel more
open to experiment. Too frequently we meet with customers, and
they have this fear that somehow if they bring data together,
it will have a different level of classification or something
like that, and it just slows down the ability to even
experiment. We've seen this time and time again in my own
career. So, the government should also continue to encourage
proper experimentation with good risk management approaches,
such as what NIST has outlined, so we can keep innovating and
get the benefits that you identified such as for medical and
healthcare.
Ms. Ross. Thank you, Dr. Brennan and Dr. Jensen, building
on your testimony, as Congress considers proposals for AI
regulation, including new agencies dedicated to AI licenses,
transparency requirements, and compensation for IP holders, and
much more, what do you believe is the best way to balance
responsible regulation with maintaining our competitive edge?
Dr. Jensen. Well, thank you for your question and your
dedication to this on both Committees. I would just highlight
for you before I answer that, actually healthcare and public
health were the second most targeted thing for Chinese IP
theft.
So, I tend to take maybe a bit more of a free market
approach to this, meaning that we have good checks and balances
and classifications, and we can actually submit licenses. What
you're hearing my colleagues say about doing the right thing
and creating overly cumbersome processes really has to be at
the forefront of your mind.
The mantra we use in my own work on this are standards are
strategy. If you set the right standards and the right
framework, and you let market mechanisms respond to those
standards, it becomes a public good that allows for the greater
exchange of ideas.
Ultimately, as we're seeing, we can't keep having a
technological revolution if we overregulate or curb it before
it gets started.
So, I think the really hard task for all of you is what is
that balance, what does it look like, what is that licensing
framework. If I as an entrepreneur have to spend more money on
lawyers to basically submit it and protect myself than I do to
hire research scientists, I probably have the wrong balance.
I think one very simple first step is, is there some
mechanism to help small entrepreneurs get tax credits or
incentives to actually protect their own IP. It's their baby.
They want to protect it. So, help them protect it, so we can
keep moving forward.
Ms. Ross. Thank you, Mr. Chair. I yield back.
Mr. Issa. I thank the gentlelady.
We now go to the gentlelady from Pennsylvania, Ms. Dean.
Ms. Dean. I thank you, Chair and Ranking Member, thanks to
all our testifiers today.
It gives all of us great pause over where we are going,
where the globe is going on AI, its regulation.
I guess I'll start with you, Dr. Brennan. You talked about
that China has a lead on facial recognition and a little bit of
a lag on language. Talk about how they are using the facial
recognition--you talked about the Uyghurs--and what can be done
in terms of governance, what can be done to interrupt the mal
use of facial recognition?
Dr. Brennan. Thank you for the question, Congresswoman.
It's fairly pervasive, down to the primary school level, where
facial recognition is used in classrooms to monitor and track
every moment of a student's day. It extends into public spaces.
When people are walking around the streets, there's constant
monitoring and then facial recognition. Obviously, that's not
the kind of world that we would want to live in, although
computer vision can help with accident avoidance and in
disaster response.
So, I think the key is to continue to go back to the
principles that we rely on in the Bill of Rights and the
protections that the House and Senate have afforded us all as
citizens as we find ways to experiment with computer vision and
other uses in our lives. I think that's the situation we are in
compared to China.
Ms. Ross. You talked about, in your testimony and in your
written testimony, about governance, coming up with a framework
of governance, not being first necessarily but being right. Can
you, for a layman, explain what that governance best looks
like?
Dr. Brennan. Absolutely. Some good examples are, if you
turn to the Department of Defense, 10 years ago, the leaders in
the Department of Defense wrote their first regulation and rule
on how to think about autonomy in weapon systems. They continue
to update it. Part of that regulation mandates that there must
be senior-level reviewers in the process.
So, that's a good example of rulemaking that those leaders
can rely on across the Department to ensure that they're going
through tests, safety, and other evaluation techniques as they
consider an application of AI and autonomy.
If you work your way down through the executive branch,
we've had a series of Executive Orders, we've had a draft AI
bill of rights from the administration recently, we've had
voluntary commitments from large companies. Most of it centers
around ensuring that humans are in the loop and that there's a
rigorous test and evaluation process.
So, if you have at least those three legs of the stool here
in the beginning, I think we're going to be off to a good start
in any of the experimentation an agency or a department's
engaged in.
Ms. Ross. Thank you. That's very helpful.
Dr. Hannas, the final thing that you mentioned in your
testimony was to develop a separate science--I missed your
working name--for the science center. Could you elaborate on
that a little bit.
Dr. Hannas. The National Science and Technology Analysis
Center, I agree, that's not going to make it.
Ms. Dean. Around here, big long names like that work. They
don't work for me, but--
Dr. Hannas. This has been proposed more than once, and no
one ever objects to it, that is, outside of the intelligence
community. People think it's a good idea. The arguments are
pretty straightforward and compelling.
If you want to understand what's happening globally in
science and technology, your best source is open source, by
far. What 95-98 percent is available, you can get through
unclassified information.
I have seen reports written by the intelligence community
that are based almost a hundred percent on open source, and
they add a classified snippet here and there to justify their
budgets and whatnot. The truth is, for S&T, it's all in open
source by and large, and we're not prosecuting it, we're not
looking at it.
I mentioned the number--I'm not exaggerating, this is right
out of the horse's mouth--100,000 people or more that are
dedicated professionally in China to pursuing this one
discipline. Frankly, I could count on, there were times, just
one hand, the fingers of one hand, how many people in our
community were looking seriously at Chinese S&T. So, there's a
big disparity.
The problem with the intelligence community is that they
will understand the issue. They acknowledge it, pay lip service
to the fact that it needs to be done, but at the end of the
day, they're focused more on current intel. They always have
been. S&T is, by and large, long-term. So, that's one problem.
The other problem is, even those within the community that
recognize the value of open source itself tend to regard it
more as an enabler of the intelligence--the ends that they are
budgeted to support, using the open source, for example, to
support human targeting, or SIGINT, queueing and tipping, that
kind of thing, and they rarely go beyond that.
Ms. Dean. I thank you for your answers.
Thank you, Professor Sheldon, also for your recommendations
and, Dr. Jensen, especially for your optimism. You're right, we
are here at an important time. I think this Committee knows
that.
Thank you. I yield back.
Mr. Issa. I thank the gentlelady.
We now go to the gentleman from Maryland, Mr. Ivey.
Mr. Ivey. Thank you, Mr. Chair. I want to commend you again
on these hearings. I appreciate the way you've structured them
and the fact that you've focused on this repeatedly, because
it's such an important topic, and at least from my perspective,
taken a bipartisan approach in doing so. Thank you so much for
that.
I did have a question. I think this is for Dr. Jensen. You
mentioned the--I think it was 44 percent of small businesses
are most at risk in the United States for these sorts of cyber-
attacks. I think there was a suggestion about perhaps we could
provide some sort of subsidy or some incentives to help these
companies protect themselves.
Having come out of a small business, it was a law firm,
that was victimized in this way and we had to pay ransomware,
I'm sure there's probably millions of companies who need this
kind of assistance, but can't afford it or just on the day-to-
day calculation you do in your risk analysis, you just try and
keep your head low and do your work, but it's going to be a
problem. So, what sorts of things could we as Congress do to
help provide, whether it's incentives or subsidies or
something, to help these small businesses protect themselves?
Dr. Jensen. Well, thank you, Congressman, for that
question, and sorry about the Orioles.
Mr. Ivey. Oh, I'm a Nats fan. So, I'm beyond sorrow, I
think. Total grief is where we are, but--
Dr. Jensen. Yes.
Mr. Issa. Apparently, that's not a bipartisan shared belief
here.
Dr. Jensen. Generative AI--
Mr. Issa. The sympathy is limited.
Dr. Jensen. Generative AI is not going to make better
baseball players, so we're going to be hurting for a while.
This is a critical question for someone who grew up raised
by, also, a family that thinks about--my parents owned a small
business, and so exactly what you're talking about I watched
daily. I know it sounds like kitchen table issues, but it was
like are we hiring someone, are we firing someone? So, the idea
of imagining my mom and dad having to think about spending
money on cybersecurity just blows my mind when I think about
it.
I think the path ahead for you in Congress is you actually
have a great case study in the evolution of CISA. So, I think
if you actually go back and look at all the fits and false
starts really from 2000 forward, as we formed DHS, you began to
pull in different agencies, and kind of really lay that out,
that'll give an interesting roadmap, because even though CISA
has taken the lead in defending the dot-gov, that's over 100
different agencies, each that are very different with all sorts
of diverse concerns.
So, I think that is a great case study to start with and
see what worked, what didn't want. The good news is, not to be
a shameless self-plug, we're actually launching a big report on
that history Monday at CSIS. So, we actually detail that
history and talk about how you actually balance that, right. At
a minimum, I would think there has to be some type of funding
provision.
So, for example, CISA will fund, for those Federal
agencies, they get the first two years of continuous diagnostic
and monitoring software paid for. After that initial two years,
the funding becomes a bit more complicated, but at least you
can give that jump start in. So, it would be a question of how
you fund it, what's the right tool, and then we can't pay for
everything indefinitely, so is there like a sunset period? Is
there a cost-sharing provision? I think you actually have a
good news story in how CISA has evolved and how you then could
apply that to protect the small businesses, sir.
Mr. Ivey. All right. And would that be--just to followup on
that a little bit, I mean, sort of a funding source, and I
would assume we would knock out--for example, law firms that
are doing litigation, I don't know that we'd have to protect
those. Those that have certain--qualify perhaps for national
security providers of some kind or what sort of parameters
could we set, so we could target whatever the funding is and
get the most bang for the buck?
Dr. Jensen. So, I think there's a number of different ways
you could go about doing this. One would be look at--I'm not
saying we go full Communist Party, but what is our national
list of critical technologies, and make the fact if you're in
some way, shape, or form involved directly or indirectly with
that list, you qualify.
The other is to just closely look at universities. So, I
think the same logist actually applies to universities. The top
58 universities between 2002-2010 accounted for 37 percent of
patents granted, right. So, you're going to have to help both
small businesses who are going fast follower they didn't build,
barred, or Llama or Llama 2, but they're going to be really
creative in how they're going to implement it.
You're also going to have to go upstream and look at those
university ecosystems because their budgets are getting hit
every year. We're pulling money back at the State level.
Private institutions are even seeing lower enrollment. So, I
think there's going to have to be--the funding source will vary
by the type of innovation and then even by the type of
institution. So, it would be both small businesses and
universities. I do think larger businesses, even though they're
important, they can make those harder choices, but those are
the two I'd be most concerned about, sir.
Mr. Ivey. I'm overtime, but if I could ask just one last
question. With respect to the larger companies who maybe aren't
putting the money toward this that we would hope that they
would, would you propose a certain set of standards that would
guide them on that front, or should we just be requiring it at
some level? What and how should we approach them?
Dr. Jensen. Great question again, Congressman. Honestly,
that's already been set in motion with some of the requirements
to report cyber incidents, and the question is less about how
do you do it as harmonizing who they report to. So, if you're a
major company and you're publicly traded, are you reporting to
the SEC first about this or are you reporting absolutely up how
it should be through CISA to actually make sure there's
visibility on that compromise.
So, you've actually done a good job across parties on
getting that right. It's just going to be harmonizing, because
the last thing you want, even if you're a large business, is
you get three phone calls, one from the FBI, one from the SEC,
and then one from NSA, and then you're wondering which one do I
return to first. So, I think those are in place for the larger
companies. It's just a question of harmonizing that they know
routinely which call they'd take first.
Mr. Ivey. Thank you, Doctor.
Thank you to all the witnesses.
Thank you for your indulgence, Mr. Chair.
Mr. Issa. You're most welcome. The indulgence came from the
Ranking Member, who we'll now recognize, Mr. Johnson of
Georgia.
Mr. Johnson of Georgia. Thank you, Mr. Chair.
Mr. Jensen, China has used AI-generated images to sow
discord related to the Maui wildfires a couple of months ago
that took 100 American lives. What is America's exposure to
deepfakes and AI-generated images from China? How can that hurt
us from a security standpoint?
Dr. Jensen. I think deepfakes are going to be the defining
security issue of the next 10 years. As awful as the wars that
we find our partners in across--globally, unfortunately, this
is the one that scares me the most, because what happens if you
destroy trust in a society? You can't have an open polis and a
republic if there isn't the ability to trust the information.
Unfortunately, the technology is moving at a pace right now
where it's very difficult to keep up with how you can help
both, whether through just convention and practice, people
identify the fakes, or do clever things like watermarking
images. You still probably won't be able to do it with text,
unfortunately.
So, I think that you're grappling with the core issue. I
would say that we've seen this too in some of the tabletop
exercises we've been running. So, as part of that study on
CISA, we got together 60 Federal and private sector CISOs, so
from large Federal agencies and large companies, and we then
had 1,000 Americans, a representative sample of 1,000 different
Americans play the same game. Both populations were more
concerned about deepfakes than I originally anticipated.
So, I think both the general public is afraid and
anticipated some of what we saw. We did these before the
Chinese actually amplified the issues in Maui, and business
leaders are. The question is, what do you do about it? I think
it's going to have to involve a mix of both technological
watermarking, so some requirement to mark images, and it
probably is going to have to come up with something like the
Motion Picture Association of America.
Like how do we start to have some independent body that
certifies well-documented fake things that are circulating? I
don't know what that looks like, but I don't think it should be
government necessarily, because that will quickly become
polarized. If you have some entity that can just allow people
to know, hey--I think most people are actually good at heart. I
take a Locke view, not a Hobbs view. So, if you let them know
they're inadvertently circulating fake stuff, I think a good
number of them might back down. They don't want to be kind of
told by a stranger they're circulating fake things. So, I think
that's where you're going to have to get after it. I don't
think we're ever going to stop China from doing it though, so
it's just a question of rapidly identifying, triaging, and
making sure people understand it's fake.
Mr. Johnson of Georgia. Thank you.
Dr. Hannas, what role do you think government should play
in making sure that deepfakes and AI-generated images do not do
us harm either national security or economically?
Dr. Hannas. Probably not the best person to answer that
question, Congressman. My concern is not so much with deepfakes
per se, but with the technology that supports deepfakes, and
that is AI moving onto artificial general intelligence, which
opens up a whole lot of other scenarios, which we need to pay
attention to, deepfakes being just one.
Mr. Johnson of Georgia. Would--
Dr. Hannas. I'm more concerned with control at--discrete
control at the neuro level which could actually happen.
Mr. Johnson of Georgia. OK. Well, let me ask that same
question of Dr. Brennan. Thank you.
Dr. Brennan. Thank you, Congressman. I think we've already
started to see companies highlight this potential risk, and
indeed Alphabet has got a new rule that says, if you're going
to do a political advertisement and you're going to use
generative AI, you need to disclose that to the viewers.
So, there will be a combination of things that happen in
the marketplace because people want customers and they don't
want to harm their customers, but it will be important for the
intelligence services and law enforcement to carefully monitor
foreign groups that are perpetrating these activities and
pursue them through all means necessary. We should expect that
there will be more of this. China saw what Russia and Iran
attempted in previous elections, and we should just expect it
all the time now.
Mr. Johnson of Georgia. Thank you.
Mr. Sheldon?
Mr. Sheldon. Thank you. Yes, I agree with the other
panelists that this is a problem that likely could get worse
before it gets better. I'm encouraged to see some
experimentation both with people who are producing generative
images, like the utilities that have created to do that, and
with how some social media networks are promoting the ability
for users to tag materials that are shared that may be
generated.
I think we need to have some more experimentation like
that, as well as potentially some tools that operate as
registers where people can identify that they've made and
associated with a date, time creation, and intentions so that
people can look at that sort of thing after the fact. They see
something that looks suspicious and verify whether it exists on
such a register. So, those are some of the ideas the community
is playing with now.
Mr. Johnson of Georgia. If I might, Mr. Chair, just one
final question.
Mr. Issa. Go ahead.
Mr. Johnson of Georgia. Dr. Hannas, earlier this summer,
the cybersecurity--excuse me, the Cyberspace Administration of
China released guidelines for the adoption of generative AI
technology, which included new requirements for how algorithms
are built and deployed, as well as for what information AI
developers must disclose to the government and the public. What
is the significance of those regulations?
Dr. Hannas. I think they're trying to do two things. Part
of it is for show. They want to get out in front and
demonstrate that they are--that the Chinese Government is aware
of the problems with AI and controlling it, on the one hand. On
the other hand, I do believe that they are sincerely--Chinese
Government is aware of its citizens' concerns with privacy and
are trying to address it, because they recognize this as a
popular issue, and it's to their advantage to address these
issues to keep the public happy, is what it comes down to.
So, part of--it's two sided, like I said. On the one hand
they're demonstrating to the world that they care; on the other
hand, they're demonstrating to their own population that, yes,
we hear your grievance and we're doing something about it.
Mr. Johnson of Georgia. Thank you. I yield back.
Mr. Issa. Thank you.
I'll now recognize myself for a round of questioning.
Dr. Hannas, this Committee enjoys a number of pieces of
jurisdiction, and not every question being asked today is
within our jurisdiction. One that is clearly within our
jurisdiction is whether we grant any intellectual property
protection for copyrights, patents, or even trademarks if
they're produced using generative AI or not produced by human
being in a substantial portion.
Do you recommend that we adopt a policy of not granting
intellectual property protection of that sort, specifically
patents, trademarks, and copyrights; and if so, how would we
enforce that?
Dr. Hannas. I haven't thought about that problem, no. If I
were asked to think about it, as you're doing now, yes, I think
we need to accept the inevitable that generative AI--and I
don't like to just look at that, because we're really dealing
with artificial general intelligence at this point. That's just
one manifestation of it. It's happening.
Many of the scenarios, which were science fiction 20 years
ago, are being taken seriously. They're talking about instead
of 30-40 or 100 years from now in a couple of years from now,
we'll be dealing with sentient artificial intelligence. So, we
have to accept that this is going to happen and deal with it.
Should we grant it rights? If it's sentient, we have to. I
recognize that's not going to satisfy a lot of people, but I'm
inclined to think that China is right on this score that we're
heading toward a merger of human intellect and artificial
intelligence that supersedes both.
Mr. Issa. Dr. Jensen, I'll ask a similar question of you
and sort of put your military and CIA hat on. Let's presume for
a moment that one or more countries intend to collapse our
intellectual property advantage, much of which is built on the
back of intellectual property protection, particularly patents.
Let's presume that this country, we'll just call it China
for lack of a better name, ran its AI system for hours, weeks,
and months, producing patent claims of things which are not
reduced to practice. but reduced to what appears to be reduced
to practice, puts a name on it coming out of a lab, we'll call
it Huawei just for a name, and, in fact, boxes in with tens of
thousands or even millions of claims, obviously costing a lot
of money, but boxes in anyone who chooses to actually invent
something, and then let's particularly assume that they license
some and restrict many, is that a scenario that if any of you
were running war games would effectively cripple other
countries if you're first to strike?
Dr. Jensen. Well, thank you for that question, Chair. I
volunteer openly before all of you to come run that exact war
game on high-end economic competition with your Committees,
because I'm a big believer in the importance of that, and I've
already done it with conference at offsite. This is part of--
Mr. Issa. We'll take you up on it.
Dr. Jensen. Deal. Done. I testified, so I have to. So, this
is--I would actually take your scenario and take it one step
further. I think a lot of--
Mr. Issa. That was already bad enough.
Dr. Jensen. Yes, well, we're going to make it worse, sir.
Sometimes, we like to think about the history of military
confrontation in terms of great men on horseback and decisive
battle, but the more insidious side has always been political
and economic warfare, and how States and loose networks of
organizations can strict strategic choice and undermine
economic productivity or even fundamental rights.
So, you've laid out a really compelling move where you use
a combination of technology and our own respect for the rule of
law to crowd out the space of any one entrepreneur, that even
if--with 10 years later in court we realize that was just a
phony patent generated by a bot, heck, even the lawyer claim
process turned out to be a fake AI person filing it online,
it's already too late, right.
I would compound that further with what really keeps me up
is financial market manipulation as well, because there can be
no innovation ecosystem if you don't have access to reliable
capital. So, I would put those two together and start to ask
really hard questions about how do we actually create an
environment that makes that difficult, and then probably in
other title 50 communities, what is that war in the shadows
that denies the adversary the ability to make those moves,
which I've talked about it in the written testimony.
I think we did that in the early 1980s with some of the
software sabotage that helped the Soviets think twice about
stealing American code. We may get back to that world, and I
think that's not a bad idea. It's better than open
confrontation. It's going to have to be a multifaceted look at
economic and political competition going forward, exactly along
the lines you lay out, sir.
Mr. Issa. Thank you.
I'm going to ask one final question, and this one is
clearly outside of the jurisdiction of any one Committee, but
it's a step that might happen in the foreseeable future.
Government has the ability to create regulations or standards.
Usually, we do those in concert with industry. When we do them
best, we do them in close concerts and collaboration with
industry.
We also have the ability within that to require fitness or
testing. We'll use the post-2009 stress testing of banks and so
on. We haven't done that in cybersecurity. We've allowed it to
grow with the idea that the FTC will absolutely cripple you
after it happens, unless you're the government and all our
clearances are now in hands of nefarious people.
Should we do it, and if so, would a combination of, if you
will, a U.S. or even a U.S. and ally global umbrella of basic
security layer that is there, and obviously this would be
primarily implemented at the cloud level of each of the major
cloud participants, many of whom have already on their own
initiative done some of this, and then within the cloud
community, currently we do not require, and essentially, we'll
use Oracle or Microsoft or Amazon, any of them, we don't
require them to look into the data bases of their clients for
fitness.
Yet, because they're in the cloud and because that
technology certainly could be implemented, these companies
could have a basic standard of fitness that they would be able
to do. The question is, should this be something that Congress
looks specifically at and works in concert--Energy and Commerce
and other Committees works in concert so that we develop those
two tools, the umbrella of protection and the system of
fitness?
Dr. Jensen. So, the good news is, after I answer this, I
actually know someone who might be sitting at this table who is
an expert on the cloud. So, I'll defer to the cloud part. I
think the stress testing, the key would be to do this before
something like the 2008 financial crisis, and that's going to
be a hard sell, but it's something we thought a lot about on
the Cyberspace Solarium Commission.
So, I served as the Senior Research Director on that, and
one of the things that kind of lingered over a lot of those
recommendations was always this idea of how do you actually
work across multiple jurisdictions even within our own elective
institutions, but then also with your partners, and I think
some of those are starting to bear fruit.
So, the first step was you had to put the ONCD in place to
try to, as like Engles said, ``be the quarterback,'' that's
still playing itself out but working across to kind of do that.
The second level that they're just starting is really this idea
of maybe not security cooperation but cyberspace security
cooperation, and not obviously the Cyber National Mission Force
but teams from DHS and FBI who work with partners.
In all of this, whether it's stress testing or red teaming,
the key is--which is actually how Threat Hunt really got
started--is to let smart people try to break your system so
that you can learn from it. So, whatever the form it takes, if
you can just hold onto that and make people play in a way
they're open. The benefit of this is the stress testing because
you mandate it, banks have to play, they probably pull their
punches once in a while, but you know it, it's built up over
time, you can monitor it. You would have to do something
similar.
The hard question on the stress test would be how many
players. There's a massive cyber exercise that takes place
every two years, the Cyber Storm that's run there, you'd need
something like that or even just to augment some of the
requirements of Cyber Storm to get after it. I think the stress
test is a phenomenal idea, and I defer on the fitness of the
data in the cloud, sir.
Dr. Brennan. Thank you, Chair, for the question. If you
remember, back in your days in the Army, we had a lot of
readiness exercises we would do to be ready and prepared for
these sorts of days when they eventually come. I think the
cloud service providers have inherent incentives to make sure
that their customers are protected. They have programs to
constantly remind them of times and ways in which they maybe
are not using all the security features of the cloud, and after
spending more than seven years working with governments to
implement cloud computing technology, I think the leading CIOs
and CISOs, even in the Federal Government, believe that they're
safer in the cloud.
Now, that said, if Nation States are going to attack us
constantly and attack private citizens and private
infrastructure, then I think we should also expect our
government to protect us.
Mr. Issa. OK. With that, because we do have conferences of
both Republicans and Democrats going, and because there's an
unknown question of the vote, I'm going to recess until a time
certain, which will be 12:30, unless we are voting on the
floor, in which case, extend your lunch.
So, with that, we stand in recess.
[Recess.]
Mr. Issa. The Committee will come to order.
We'll now go into the--we don't know if anyone else is
going to come back, but what you have to say is too important
for us not to make the record complete. So, in spite of the
fact that we neither have a Speaker nor are we well organized
and with adult leaders, this Committee will attempt to do that.
So, I'm going to followup with a couple of questions, but
if there are things you want to get out that come up from
previous questions and so on, we're going to deal with this
like an open forum to a great extent, and if other Members come
in, we'll recognize them as they come in.
I want to ask you a broad question, and that is, if China
goes unchecked on its current trajectory, what do you believe
will be the result to American enterprise? Then the flip side
of it is, if we are to act with legislation, regulations, and
procedures, what are the most important among them, other than
money, which is usually the answer that we get first? So, we'll
go and--starting with Mr. Sheldon.
Mr. Sheldon. Thank you, Mr. Chair. I'll constrain my answer
to just a couple topics that already came up this morning.
First, I wanted to talk about promoting better defenses for
people in small business. I think that was a really productive
exchange. I just wanted to add a couple points. One is that it
is the case that sometimes cybersecurity technologies just
operate better at scale, and in addition to being costly, it
just helps to be able to build a big, mature security program
that can operate 24/7 by 365.
So, one thing that we encourage for policymakers to do is
think about how to make accessible things like managed security
services, which can kind of bring down that level of maturity
that you only usually find in large companies down to very
small companies. So, that's a thing that I would encourage for
us. It's worth exploring how we can use tax incentives or other
tax mechanisms to be able to promote the adoption of those
types of technologies in small businesses.
Then the second thing, you asked a great question earlier
this morning, from my point of view, on stress testing and
thinking about how to get platforms to be able to govern the
sort of areas of risk under their control. I think that over
the past 15 years, there's been an interesting change in terms
of how we've thought about trying to do that.
If you go back to a long time ago, there was some
discussion around using internet service providers as the sort
of enforcement point to try and protect individual companies or
individuals. Then more recently, we've seen some interest in
getting cloud service providers to do the same sort of thing.
Of course, in both those cases, there's a countervailing
interest in protecting individuals' privacy and company
interests as well, and that's why the system that we have now
is largely predicated on people trying to defend themselves.
There's a thing that's happening within the U.S. Government
right now, and it's being driven by CISA, which I think is a
really interesting and important way to square the circle, and
that is to try and get more concepts like secure by design and
secure by default adopted by major platform providers.
The idea behind that is to ensure that you have a situation
where companies are accountable for delivering secure services
to different users, and that so that vulnerable users aren't
the ones bearing the responsibility solely for their own
defense. That's a really important concept that we can help
promote over time. Thanks.
Mr. Issa. Dr. Jensen.
Dr. Jensen. I'm excited to answer this question. Actually,
at lunch we were talking about how he wished he could've
answered the small business one, sir, so that was great.
I want to start with the first one about unchecked. I
wonder what will break first, the Chinese Communist Party or
the American economy. I am not an optimist for China's future
at all. When you have a nation of 1.4 billion that suppresses
basic human freedoms and women's right to even have a
productive dialog in their society, that shows you things
aren't going well.
Usually, authoritarian regimes are their most dangerous
when they're at their death's door, and that means that they
will use the competition with the United States as a way to
possibly rally around the party, right, to basically come at us
at every means possible. I think you've laid out a number of
those scenarios, both very creative ways of tying us up
legally, accelerating economic warfare, accelerating political
warfare, getting us stuck in arms races that are important but
ultimately self-defeating from a net assessment standpoint.
Now, how do we compete in that, and what can Congress, in
particular, do to compete in that? Because I do think our
service-
members are ready for that challenge, have been planning for
some time. I think it gets back to what we're talking about,
how do you promote innovative new companies without
overregulating them? I 100 percent agree, this is not a money
question. This is a smart governance question and creating that
kind of playing field, so whether it's--whatever the mechanism,
credits, subsidies, there's better experts on that to figure
out the right calibration for small businesses and
universities, so that you make it harder for the Chinese
Communist Party to get in, you alter the cost-benefit
calculation.
I think tech standards are more than just secure by design.
We need to start sending our top diplomats to the International
Technical Union to negotiate new standards and as technology
comes online. I do also think the stress testing--I don't know
if Congress can mandate that, but whatever instrument you could
use to push for more than just Cyber Storm large-scale games.
Mr. Issa. Just in case you thought it was a made-up
question, the concept of how we would do it is to reign in the
Federal Trade Commission by creating a safe harbor. Almost
every company of any size, their greatest fear is somebody will
hack in, some employee will misuse their own authority, and
then they will be under a consent decree for years at a very
expensive oversight, even happens to very small companies,
sometimes putting them out of business.
So, one of the questions we've had in the past--and, again,
not completely within our jurisdiction, was the Federal Trade
Commission has a great ability, except if you're in government,
to beat the living hell out of you after you've already been
hurt--
Dr. Jensen. Yes.
Mr. Issa. --by some sort of an event, but they do nothing
or virtually nothing to tell you what to do to prevent it. They
tell you, well, use the best standards. It's like, well, if it
fails, by definition they're going to say you didn't meet
whatever the best standards were.
Safe haven of a quote, ``recognized stress test'' and if
you will, cloud compliant would seem to be where the government
can say, if you do this, we will give you--even if something
bad happens, and eventually it will, because nothing is
perfect, we give you the safe haven, safe haven from
litigation, safe haven from your own government. It doesn't
mean you don't have to fix it, it doesn't mean you don't have
to make people whole. That was where we saw the soft hand.
Dr. Jensen. Yes.
Mr. Issa. The late Colin Powell always said that the way he
got problems solved, including in Haiti, was he went down
there, and he explained to the dictator that the carrot he was
offering is if he left, he wouldn't use the stick. That is sort
of what we're saying, is we already have a stick.
Dr. Jensen. Yes.
Mr. Issa. Let's find a way to tell people that if they meet
standards, we won't use--we won't be allowed to use the stick.
Dr. Jensen. So, final point to build off that, I think
there's something also then, too, to pooling cyber statistics
and having transparent data. So, we for years have had the
ability to have near misses reported anonymously to the FAA
that lets make aviation safer. If we don't start pooling cyber
statistics and anonymizing them, we're not going to have a
sound set of data to actually be able to price risk. It would
be like trying to run the American economy without accurate
inflation data, accurate GDP data, accurate unemployment data.
Then, the last would be visibility in supply chains. I'd
defer to other folks on that, but how do I make sure that what
we produce and is patent protected isn't being bought by front
companies and given to our competitors.
Dr. Brennan. Chair Issa, back to your first question about
if China goes unchecked, I think as we look back on the end of
the cold war, there's one story line that says the American
economy bankrupted the USSR. So, you can analogize to a world
where China tries to fight a war of economic attrition with all
the waste and abuse they can try to get into our system through
cyber-attacks, theft of intellectual property, et cetera. So,
that's a very bleak side of the story, and we definitely have
to keep investing in the institutions and government that
protect us from that.
On the more positive front, I think our public sector
employees need more help. There are now advanced persistent
threats that they face every day. The volume of information
that they're trying to process on behalf of us all is orders of
magnitude larger than what we imagined or had to deal with as
young people. They don't have AI-ready data. They just have
data.
So, we really need to start working on the more than 700
AI-
related initiatives that agencies and departments have
identified already. They need to start getting experience
around it, and especially how to apply modern security
practices to this AI-ready data that are going to create in the
new applications that they're going to build to deliver better
services to us all.
Mr. Issa. Thank you.
Dr. Hannas.
Dr. Hannas. In terms of reigning in China, let me speak to
what I know--I think I know best. You're not going to stop the
informal technology transfer that's happening. It's been going
on since the 1800s by some measure. It's become part of the
national psyche, and it's not going to go away, unlike Japan
and South Korea and even United States, which once they became
developed nations, technologically proficient, they stopped
borrowing from abroad.
Mr. Issa. You're saying informal, so you're saying more
universities who publish what they've done and that are shocked
that it suddenly disappears into Chinese hues?
Dr. Hannas. It's a term of art. Informal, extralegal
transfer, the kinds of--anything that we don't want to happen
that's being transferred is--
Mr. Issa. So, you're talking about theft?
Dr. Hannas. Yes, I guess so.
Mr. Issa. OK. I just want to make sure that--because
obviously one of the things that we'd really do, we'd publish
in New England Journal of Medicine all kinds of things that are
very valuable. It costs a lot, and we do, in fact, create a
take-it-if-you-want-it environment, but you're talking about
over and above that, there's always been somebody sneaking in,
getting you to hire one of their people for six months to get
to know and then run back.
Dr. Hannas. We identify three major categories of
informal--of technology transfer, legal, illegal, and
extralegal, which splits the difference. Extralegal, we don't
know whether it's legal or not because we're not observing it.
We can, but we don't. We're not equipped to do it, which gets
to my point, you won't stop the informal tech transfer, but you
can get out in front of it with the right amounts of data.
Chinese scientists, administrators, particularly when
they're speaking in Chinese, although they know darn well
they're being monitored, they don't feel it in their gut. I'm
sure they're listening to me saying this right now and shaking
their heads. That's the truth. They say the darnedest things in
their open-source materials, and it can all be captured. We've
run pilot programs to do that.
So, you can understand what's going to happen in the areas
of technology transfer by identifying their needs, first, what
do they need--what do they need to acquire that they can't
develop on their own, and then also identifying beforehand and
monitoring the venues through which they fill these needs, and
it's all doable.
As far as the AI development effort, ditto for that. I
can't say that I can recommend any policies for how to mitigate
it. I'd be speculating. What I can do is say emphatically that
if you want to understand where they're going, you can't do it
without data. We don't have that data at present. We have
snippets here and there from which we could extrapolate. We
don't have a whole picture.
Mr. Issa. I've got a followup question. Currently, what
they call a BIS controls the Department of Commerce. It's a
major undersecretary position. It controls exports. It's your
export control, if you will. It's an export control for
hardware effectively. When you look at software, things
available on the internet, there isn't, in fact, a specific
agency, and that agency is not charged with, for example,
saying that this technology or time on this computer is, in
fact, a national asset.
So, currently, if I'm sitting in China and I simply rent
time on a generative AI computer, if you will, I can actually
take what somebody else has developed, and it's fine. I'm just
buying it. Yet, that could allow me to develop some of the most
sinister items, even if I didn't have the capability in my home
country. I'm speaking of China, but I'm also speaking of non-
State players anywhere in the world who simply have somebody
that's willing to give them the dollars.
What concern do you think we have, and how should we thwart
it with--and I'm including non-State actors, because I think
we've concentrated on China, that's the primary, but I think
this is a broader question of export controls on our AI
capability. We'll go the other direction this time.
Dr. Hannas. I'll take a first crack at that. I've seen so-
called military technology control lists come and go. I don't
personally think that there is much to be gained by putting
together a list of technologies, hardware or software, that
are, quote, ``at risk, because they're almost always obsolete
at the time that they're published,'' on the one hand. On the
other hand, you have to do something. You have to identify what
you care about and what you don't care about, so you know what
to emphasize.
The bigger issue here is, and you put your finger on it, is
this whole notion of, basic science, where that stuff is
already patented, not hardware, not machinery, not weapons, but
the technologies that are underlying that as they're in the
developmental stage. We for a long time, as a country, have
drawn like a line there.
Correct me if I'm wrong, colleagues, but my understanding
is that we have pretty much let that be open market free reign.
It's not something we want to restrict. Now, the National
Science Foundation, for example, for the first time is starting
to take into account that maybe we need not to be so open in
this area.
That's the U.S. side. I can tell you, again, that China
understands this perfectly well, and they identify in their
open pronouncements the need for them to access technology
while it's still in the early stages and while it's still basic
science. The one thing they don't really do well is basic
science, and for that reason they're eager to acquire it.
Dr. Brennan. If I could add to that, I would say, it's
important to have this security mindset and overlay exist
within each of our agencies and departments, especially as they
think about the types of data and types of applications we'll
need, each agency and departments continuing to go through a
digital transformation in many respects, and they ultimately
are closest to how to properly protect and control this data.
I agree with my co-panelists that we want to preserve an
open society where people can study what they need to study,
learn what they want to, and then create the inventions that we
need next, but we should now be mindful of the fact that there
is an active, persistent effort to try to steal all that from
us.
So, organizations like the Department of Commerce,
organizations like CFIUS and others, really need to be close to
this problem, and we need to rely on them to come up with the
right regulations and rulemaking, because they're so close to
the right disciplines and domains that they manage.
Dr. Jensen. Chair, I think in two extremes you've kind of
heard it. You either can lock it all down, in which case, the
cost is you will be less innovative just because there's fewer
people exchanging information; or you can completely open it
up, right, and then you buy innovation through letting people
exchange ideas, but with the clear risk of slippage into other
nefarious actors.
Obviously, those are extremes, and the challenge of
legislation is how to find something in the middle. I think the
key to something in the middle should always be an eye on
trusting our ability to out innovate our adversaries. The fact
that they aren't good at basic research should mean we double
down in basic research. Then separately, probably find a way,
which would be outside of this Committee, to basically go after
it through title 50 means where give them indirect costs for
stealing certain things. I just don't think export controls
will work in a global supply chain as well as they have maybe
historically.
Mr. Issa. With that, I'm pleased to introduce our acting
Ranking Member for his round of questions, the gentleman from
California, Mr. Lieu.
Mr. Lieu. Thank you, Chair Issa.
Thank all of you, to the witnesses, for being here.
So, there is this issue I was briefed on earlier where
countries like China or Germany and so on will say come to our
courts and we'll enforce IP, and then the court will basically
set or essentially agree to a worldwide rate for that IP. So,
you have a Chinese court educating disputes between a U.S.
company and, let's say, a Scandinavian company. It seems sort
of absurd to me that this happens, and I don't know why
companies here have to listen in Chinese courts, but it ends up
there's an agreement that they have to follow. What do you say
to sort of try to solve that problem?
Dr. Jensen. I guess, Congressman, I'll listen to a Chinese
court when they listen to their own citizens. I guess, the
starting point would be--I think triadic patents are still an
important vehicle, because otherwise, if we let any one country
just recognize the patent, we see what's happened in the past
with those ridiculous curves where it's the number of patents
granted by any one country. So, I think finding ways to make
sure that you have multiple country recognized versus any one
country recognized and then held over the U.S. corporation or
any U.S. entity that's being taken to task.
Mr. Lieu. Let me ask you this, are you generally aware of
this problem that has started to occur now in countries like
China or Germany or other places where they say come to our
courts and we're going to set this worldwide rate?
Dr. Brennan. It's not an area that we've dealt with on a
scale. In general, the idea of people shopping for a venue and
then trying to get a consent decree that conforms to the policy
they're trying to establish is a tactic that we'll see more of.
I think it's important that we continue to push in the World
Trade Organization and other international venues the
protection of intellectual property and national rights.
There is an effort to have a separate world order that
China is trying to organize with Russia, the Taliban, the other
organizations they've invited to the Belt and Road Initiative
recently. That's not a part of the world order that we want to
be part of, so we need to continue to push back with our ideals
and values.
Mr. Lieu. OK. Thank you.
So, another question I have is that American businesses are
often targeted by China for their intellectual property, either
as a cost of doing business in country or through cyber
intrusion. Is China targeting artificial intelligence
technologies in this way, and have they been successful, if any
of you know?
Mr. Sheldon. I can speak to that. Thank you, Congressman.
We have seen interest from Chinese threat actors that we
associate with a nation State in targeting industries like
semiconductors, cloud service providers, and even companies
have been doing applied R&D or productization of AI
technologies for the purposes of intellectual property theft.
Mr. Lieu. OK. Thank you.
So, the National Institute for Standards and Technology,
otherwise known as NIST, describes trustworthy AI as
incorporating validity and reliability, accountability, and
privacy, among other essential building blocks. In its 2019 AI
guidelines, the EU included ethics principles for trustworthy
AI. Do you believe Congress should incorporate trustworthy AI
into its legislative proposals? What's your view on that?
Dr. Brennan. Congressman, thank you for that question. We
definitely support the administration and the leading companies
around the world who are developing these models in embedding
ethical and responsible AI principles in what we're doing. The
NIST's AI risk management framework is a great articulation of
that, and we also see it being implemented through model
regulations and organizations like the U.S. Department of
Defense.
In order to really achieve ethical responsible AI, it's
important to have humans in the loop at every step and to have
test and evaluation methods that rely on benchmark tests that
are often created by academic organizations or Federally funded
research and development corporations to ensure objectivity.
Mr. Lieu. Even if other countries like China, if they were
to not adopt any sorts of guardrails or frameworks like what
NIST has put out, do you believe the United States and
specifically Congress should still do so?
Dr. Brennan. Congressman, I think it's very important for
the United States to continue to lead in this regard. In my
testimony, I talked about it being more important to get it
right than to be first and to create the kind of governance
framework that other countries around the world will respect
and want to implement.
The alternative is, if we do not continue to lead, China
will continue to promote the kinds of regulations that they've
been drafting, which include language like you cannot use
artificial intelligence to subvert the People's Republic of
China, Chinese Communist Party, and the other values that the
Chinese Communist Party upholds.
Mr. Lieu. Thank you.
Then my final question to Mr. Sheldon: How has China's
acquisition of data through Chinese-based applications,
purchases from data brokers, and cyber intrusions assisted the
PRC in the development of artificial intelligence, and can you
explain this strategy of mass data acquisition?
Mr. Sheldon. Thank you, Congressman. I think we should have
an expectation that China will continue to aggregate large data
sets for a variety of different purposes. In some instances, it
could be the case that there are future-use cases that they
haven't even resolved yet that they want to have data stores on
hand, and obviously the advent of AI makes data that they have
been able to aggregate much more valuable.
So, it seems clear that some of the data stores that they
have targeted over the last number of years have informed
counterintelligence-use cases, R&D-use cases, and other
technological development, and then there could be future ones
as well, and we should be alert for that.
Mr. Lieu. Thank you. I yield back.
Mr. Issa. Well, a time often comes, even in our hearings,
when they have to come to an end. I want to thank our witnesses
for their testimony.
As is the practice of the Committee, we're going to hold
open for five days for additional questions, if you'll agree to
take them and respond, additionally any additional thoughts
including publications that you think would be helpful. If you
submit them, we'll place them in the record.
With that, I thank you again, and we stand adjourned.
[Whereupon, at 1:01 p.m., the Subcommittee was adjourned.]
All materials submitted for the record by Members of the
Subcommittee on Courts, Intellectual Property, and the Internet
can
be found at: https://docs.house.gov/Committee/Calendar/ByEvent
.aspx?EventID=116383.
[all]