- On January 6, 2020, BIS published an interim final rule to add a new worldwide (minus Canada) unilateral export control on a type of geospatial imagery software specially designed for training Deep Convolutional Neural Networks to automate the analysis of geospatial imagery and point clouds.
- Although BIS is studying emerging “artificial intelligence (AI) and machine learning” technologies that are not now but should be controlled consistent with the standards in the Export Control Reform Act of 2018, today’s amendment is not such a control. Rather, it is an “0Y521” control, which is a temporary holding control created in 2012 to authorize relatively quick controls over uncontrolled items the government decides might provide a significant military or intelligence advantage to the United States. A condition of using this unilateral (i.e., U.S.-only) authority is that the government must submit the new control to the Wassenaar Arrangement for consideration as a multilateral control.
- The rule became effective today, meaning that those potentially involved with such software must conduct an immediate classification effort to determine whether the EAR’s licensing obligations apply to their activities.
- BIS will accept public comments on the new rule until March 6, 2020. Given that controls over the software at issue are new to the EAR, comments by subject matter experts, particularly in the machine learning industry, on foreign availability, definitions and impact would likely be of benefit to the effort.
Scope of the New Control
On January 6, 2020, the U.S. Department of Commerce, Bureau of Industry and Security (BIS), amended the Export Administration Regulations (EAR) to control the following software under the authority of Export Control Classification Number (ECCN) 0D521:
Geospatial imagery “software” “specially designed” for training a Deep Convolutional Neural Network to automate the analysis of geospatial imagery and point clouds, and having all of the following:
- Provides a graphical user interface that enables the user to identify objects (e.g., vehicles, houses, etc.) from within geospatial imagery and point clouds in order to extract positive and negative samples of an object of interest;
- Reduces pixel variation by performing scale, color, and rotational normalization on the positive samples;
- Trains a Deep Convolutional Neural Network to detect the object of interest from the positive and negative samples; and
- Identifies objects in geospatial imagery using the trained Deep Convolutional Neural Network by matching the rotational pattern from the positive samples with the rotational pattern of objects in the geospatial imagery.
Technical Note: A point cloud is a collection of data points defined by a given coordinate system. A point cloud is also known as a digital surface model.
BIS did not provide any other guidance regarding the scope or meaning of terms in the control, or the national security issue that warranted the immediate, unilateral and worldwide (minus Canada and Canadians) control.
Classification, Control, and Licensing Obligations Are Effective Immediately
Effective today, all such software “subject to the EAR” requires a license to export or reexport to any country (other than Canada) or to transfer within a foreign country (other than Canada). As described in more detail in EAR section 734.3, such software is “subject to the EAR if it is (i) U.S.-origin, regardless of where it is in the world; (ii) in the United States, even if foreign-origin; or (iii) foreign-origin, outside the United States, and destined to specific countries of concern if it contains more than de minimis amount of controlled U.S.-origin software. Thus, anyone involved or potentially involved with such software, such as those in satellite or machine learning industries, should immediately conduct a classification exercise to determine whether the new control implicates any of their activities.
In light of the EAR’s deemed export and deemed reexport rules, the release of source code (but not object code) for such software to foreign persons (other than Canadians) in the United States or in third countries also requires a license effective today. With respect to individuals in the United States, a “foreign person” is anyone who is not a lawful permanent resident (a “Green Card” holder), a U.S. citizen, or limited types of other protected persons such as certain types of asylees. Thus, for example, the release of such source code in the United States to a non-Canadian foreign person working under an approved work visa, even if the foreign person is the creator of the software, now requires a BIS license.
This is Not an “Emerging Technology” Control, As Such
For nearly three years, there has been a massive amount of media, industry, investor, academic and foreign government speculation, rumor, gossip and chit-chat about whether the Trump Administration would impose broad, sweeping unilateral export controls over whole categories of emerging and foundational technologies to address national and economic security concerns pertaining to China. As part of the Export Control Reform Act of 2018 (ECRA), Congress required Commerce to lead an interagency effort to identify and control such technologies consistent with standards set out in ECRA section 1758 (50 U.S.C. § 4817). To start the public part of the effort, BIS published in November 2018 a notice seeking public comments on how it should identify and control a wide variety of emerging technologies that are not now controlled, but should be because they are essential to the national security United States. Among the 14 broad categories of technologies BIS announced that it was studying was “artificial intelligence (AI) and machine learning technology.” Fairly or not, BIS’s use of broad technology categories to describe the technologies being studied―without a description of the national security threat not already being addressed by existing export controls―further fueled the speculation that it would eventually impose broad unilateral controls. Today’s rule is not such a control. Whether BIS will or will not publish in 2020 a broad AI-related control for China and other countries is unknown.
The Control is a Temporary, Unilateral “0Y521” Control
Rather, today’s rule was published under the “0Y521” structure BIS created in 2012, which is described in the EAR section 742.6(a)(7)(ii) as follows:
0Y521 Items. Items subject to the EAR that are not listed elsewhere in the CCL, but which the Department of Commerce, with the concurrence of the Departments of Defense and State, has determined should be controlled for export because the items provide at least a significant military or intelligence advantage to the United States or for foreign policy reasons are classified under ECCNs 0A521, 0B521, 0C521, 0D521 and 0E521. These items are typically emerging technologies (including emerging commodities, software and technology) that are not yet included in the CCL, so such items are listed on the CCL in 0Y521 ECCNs while the U.S. Government determines whether classification under a revised or new ECCN, or an EAR99 designation, is appropriate. The list of items classified under a 0Y521 ECCN is limited to those listed in Supplement No. 5 to part 774. (emphasis supplied)
The “0” refers to the miscellaneous CCL Category 0. The “Y” is a placeholder for the type of item at issue in the control―a commodity (Group A), test or production equipment (Group B), materials (Group C), software (Group D) or technology (Group E). The “5” indicates that the control is a unilateral (i.e., a U.S.-only) control. The “21” was chosen to mirror similar authority the State Department has in its U.S. Munitions List (USML) Category XXI of the International Traffic in Arms Regulations (ITAR).
All 0Y521 entries are subject to a regional stability (RS) Column 1 control, which includes a worldwide (minus Canada) license requirement with a case-by-case license review policy. This means that BIS and its interagency partners will review applications to export, reexport or transfer an 0Y521 item on case-by-case bases and will make determinations based on the sensitivity of the item and a review of the end uses and end users at issue. The only license exception available for an item classified under ECCN 0Y521 is paragraph (b)(2)(ii) of License Exception GOV, which describes an authorization for exports of items for official use by personnel and agencies of the U.S. government.
There are no limitations on the sources to which the government can look to determine whether a commodity, software or technology should be subject to an 0Y521 control. Generally, however, such commodities, software and technology are identified during the interagency review of commodity jurisdiction and certain commodity classification requests. These are formal requests that can be submitted to the Department of State’s Directorate of Defense Trade Controls (DDTC) or BIS, respectively, to get a formal determination regarding the jurisdictional and classification status of a particular commodity, software or technology. That is, they are official documents stating whether an item is described on the ITAR’s USML and, if not, within the scope of an ECCN on the EAR’s CCL. Occasionally, a novel―or emerging―commodity, software or technology will be the subject of such a request. If agency officials determine that, as a matter of law, the item would not be subject to the ITAR and, as a matter of policy, would not be sufficiently controlled on the EAR’s CCL given its sensitivity, then they can impose the 0Y521 control as a placeholder control until the CCL can be amended accordingly.
So that the 0Y521 process is not used to create unilateral controls that would linger for years, the EAR require the government to submit a proposal to the relevant multilateral export control regime to see if it would agree to identify the item at issue in its multilateral control list. If, after three years of effort, the United States is unable to convince the members of an export control regime to adopt the same control, then BIS is required to abandon the control or determine that the national security concerns nonetheless warrant its remaining a unilateral control. (ECRA section 1758 has the same process and obligations with respect to any technologies identified as emerging under its authority.)
Given that the 0Y521 process was explicitly created in 2012 to identify and control emerging commodities, software and technology that are not controlled but should be, why did BIS use this authority rather than ECRA section 1758 “emerging technology” authority, which has the same scope of authority? We do not know. We suspect, however, that BIS and its interagency partners concluded that the geospatial imagery software at issue warranted an immediate worldwide (minus Canada) control, which is authorized by the 0Y521 process, and that the “notice and comment” requirement in ECRA section 4817(a)(2)(C) requires that an “emerging” technology rule be published first as proposed. Those affected by the control may want to consider asking BIS this question in a public comment.
BIS’s Request for Comments on the New Geospatial Imagery Software
BIS’s choice of an 0Y521 control, in this case, or an ECRA section 1758 control will not, however, matter much to the scope and content of any final control. Both require the government to work to get the control agreed to by the relevant multilateral regime. Similar to the public notice and comment requirement in ECRA section 1758, BIS is seeking public comment on the new control. The EAR do not obligate BIS to seek comments on 0Y521 controls, which means that BIS is going a step further than the EAR require to get industry input. So as not to waste this opportunity, those affected or potentially affected by the control, particularly those in the machine learning industry, should consider commenting on the control before the March 6, 2020 deadline.
As described above, the control is only for software that has been specially designed to train a deep convolutional neural network to automate analysis of geospatial imagery or point clouds and that has the four distinct capabilities set forth above. The new rule does not impose controls on any type of technology, commodities or services. That is, the new control only applies to the software described above, not on the technology necessary to develop, produce or use it. The rule also does not apply to any commodities that benefit from, or use, such software.
One may comment on any aspect of the new control. The quality of final rules generally benefits from well-supported industry input regarding whether the item under control is or is not widely available outside the United States. Thus, if one has such information, the commenter and the process would benefit from the submission of such information to BIS, with a particular emphasis in explaining whether the quality of such software outside the United States is comparable. Rules also benefit from information about whether a new, unilateral control would help or harm the industry or academics in the United States involved in developing, producing or using the item, given that no other country controls the same item. Comments can be in favor of the control, opposed to the control or just technical comments to improve it.
In particular, rules benefit from thoughtful input from industry experts regarding industry-standard definitions that could reduce ambiguity and help tailor the control to the policy issue to be addressed without unintended impacts on other types of items. For example, the EAR does not define “geospatial.” Some may conclude that it relates to any data associated with a particular location. Others may limit it only to imagery or light detection and ranging (LIDAR) point clouds from a satellite or surveillance aircraft. Some may conclude that it also applies to terrestrial imagery and LIDAR point clouds, including automotive LIDAR and certain synthetic aperture radar (SAR). Others may wonder whether it also includes hyperspectral tracking used in agriculture and pollution monitoring, mapping created from 5G telecommunications signals, standard building top security cameras or even a panoramic cell phone video, especially if GPS data are embedded.
Some may also wonder, for example, what “rotational patterns” means in this context. Does it mean that the algorithm can compare imagery of the same object from different angles? If so, then a potential topic to describe to BIS in a comment would be whether that is a common feature of most image recognition machine learning algorithms (and thus does not warrant such controls). Other comments might suggest for BIS ways to differentiate software with a significant military utility from standard commercial and even open source algorithms that are not sensitive or capable of being controlled.
The new ECCN 0Y521 entry is the first dual-use export control explicitly for a kind of AI software. It is limited to specific machine learning software that meet all of the control parameters but, depending upon how they are defined, could be quite broad. BIS is accepting public comments on the control, and is interested in controlling those items of national security concern without unnecessary collateral impacts on the industry. Comments arguing generally that controls over the export of artificial intelligence or machine learning items are per se unnecessary or imprudent are unlikely to be successful. Comments that help specify the control or clarify unclear terminology are more likely to be accepted and generate positive changes to the control.