Trump keeps Biden's last AI hurrah (for now)

The Los Alamos of AI

Biden’s first Executive Order on Advancing United States Leadership in Artificial Intelligence Infrastructure focused on promoting the enormous private-sector investment required to build the infrastructure required to enable development and training of advanced AI models, including computing clusters, data centres and energy infrastructure.

In an echo of the establishment of Los Alamos to develop the atomic bomb, the Executive Order proposes developing on federal land along with the associated clean energy generation and transmission infrastructure, to be funded and built by the private sector. Planning and approvals are to be completed by the end of 2025 and construction by the end of 2027.

The development of neighbouring computing and energy generation infrastructure is intended to ensure that:

No later than 31 March 2025, the defence and energy departments are to invite proposals from the private sector to develop the three selected sites for frontier data centres, with the winning bids to be selected by no later than 30 June 2025. At least one of the sites must be awarded to a group of small or mid-sized businesses.

The selection criteria includes proposals by bidders to:

• Optimise energy efficiency in AI development and training and make that technology available in the market, including the availability of clean energy resources, such as geothermal power generation resources and thermal storage, long-duration storage paired with clean energy, and carbon capture, as well as beneficial uses of waste heat.

• Promote ‘emergence of an interoperable, competitive AI ecosystem’, including available computational resources that are not dedicated to supporting frontier AI training for commercial use by startups and small firms on non-discriminatory terms.

The Executive Order also proposes wider measures to address the energy drain of AI on the US national gird:

• Within six months, energy regulators are to complete a study of the potential effects of AI data centres on electricity prices for consumers and businesses. The report is to include “electricity-rate-structure best practices to promote procurement of clean energy generation resources as components of AI infrastructure without increasing costs for other customers through cost-allocation processes or other mechanisms”.

• Within three months, electricity network operators are to provide the energy department with information regarding surplus interconnection service and available transmission capacity for interconnecting generators and the department is then to publish a prioritised list of locations for potential data centres nearby underutilised electricity infrastructure.

The Executive Order also requires the state department to lead development of “a plan for engaging allies and partners on accelerating the buildout of trusted AI infrastructure around the world”, including to exchange best practice on clean energy technologies powering AI.

Enhancing cyber security

Explicitly naming threats from China, the second Executive Order on Strengthening and Promoting Innovation in the Nation’s Cyber security requires sweeping measures to strengthen the security of the Federal Government’s communications and identity management systems, and to promote innovative developments and the use of emerging technologies for cyber security.

This Executive Order kicks off with a dig at software providers:

Government software providers will be required to deposit with the US Cybersecurity and Infrastructure Security Agency (CISA):

• machine-readable secure software development attestations of compliance

• high-level artifacts to validate those attestations.

CISA is to validate the lodged materials and publish the results, with fails to be referred to the Attorney-General for enforcement action.

However, the Executive Order also acknowledges “secure software development practices are not sufficient to address the potential for cyber incidents from resourced and determined nation-state actors”. To mitigate these risks, software providers must also address how software is delivered and the security of the software itself. Hence, the jumble of additional measures the Executive Order goes onto specify.

All federal agencies are required to:

• Provide unfettered access to their IT systems for CISA to undertake threat-hunting scans.

• Prioritise investments in the innovative identity technologies and phishing-resistant authentication options, such as WebAuthn.

• Use encrypted email messages in transport and where practical use end-to-end encryption in order to protect messages from compromise. Voice and video conferencing and instant messaging are usually encrypted at the link level but often are not encrypted end-to-end. The Executive Order directs the National Institute of Standards and Technology to assist agencies develop and implement end-to-end encryption for voice and video.

However, the Executive Order also observes that all this effort on encryption could be blown away by quantum computing:

Quantum mechanics science is also developing a new form of cryptography which is said to be impossible to decode (at least for now) – post-quantum cryptography – and the Executive Order encourages agencies to move to adopt it.

The Department of Commerce is to assess the most used cyber practices in the business community and issue guidance based on them, which then will become mandatory for suppliers doing business with the US Government.

The Executive Order identifies the escalating risk to the integrity of federal programs from the use of stolen and synthetic identities by criminal syndicates. Agencies, especially those making welfare and grant payments, are strongly encouraged to require clients to provide digital identity documents, such as a digital drivers licence. Digital ID systems must:

• Be interoperable, so the public can use any standards-compliant hardware or software containing an official government-issued digital identity document, regardless of manufacturer or developer.

• Not allow tracking of presentation of the digital identity document, including user device location at the time of presentation.

• Support user privacy by ensuring only the minimum information required for a transaction: for example, using a ‘yes’ or ‘no’ response to a question, such as whether an individual is older than a specific age.

The Executive Order substantially expands enforcement levers against foreign based cyber attackers. All the US-based assets of a foreign party will be frozen if the Secretary of the Treasury, in consultation with the Attorney-General and the Secretary of State, determines that person:

• caused a disruption in a US computer system

• engaged in a ransomware attack

• knowingly commercially gained from hacked data

• provided support to party undertaking a cyber attack

• is a related party of any party undertaking a cyber attack

• is a leader, official, senior executive officer, or member of the board of directors of any party undertaking a cyber attack.

The application of these sanctions to a state actor should prove interesting, as it would allow all the foreign government’s US-based assets to be frozen.

Trump’s own AI Executive Order

Trump’s AI Executive Order says the US, in order to maintain AI global leadership, must “must develop AI systems that are free from ideological bias or engineered social agendas.” The order is short on detail, but some guidance on future direction can be found in Trump’s explanation for revoking the 2023 Executive Order because it “established unnecessarily burdensome requirements for companies developing and deploying AI that would stifle private sector innovation and threaten American technological leadership". The Trump order requires a review of US AI policy to be completed within 180 days, led by a White House team stocked with IT executives, including former PayPal executive David Sacks.

Read more: Administration Actions on AI

Peter Waters

Consultant