A bipartisan effort in the U.S. Senate aims to address national security concerns related to cloud computing and sensitive technology. On March 6, 2024, Senators Dave McCormick, a Republican from Pennsylvania, and Ron Wyden, a Democrat from Oregon, introduced the Remote Access Security Act. This legislation seeks to amend the Export Control Reform Act of 2018, expanding U.S. export controls to include remote access to sensitive technologies, not just their direct export.
The initiative responds to the evolving landscape of cloud computing, which enables powerful chips and advanced software to be accessed from virtually any location worldwide. This raised concerns that existing export regulations have not kept pace with technological advancements. McCormick highlighted the legislation’s importance, stating, “Under current law, bad actors can train AI models by accessing advanced chips under the jurisdiction of the U.S., and the Bureau of Industry and Security has no authority to require a license.” By introducing this bill, he aims to tighten control over remote access to U.S. technology that poses national security risks.
Strong concerns have been voiced regarding foreign adversaries attempting to circumvent U.S. export restrictions. Wyden noted that many have sought to avoid direct importation of hardware by renting access to American-controlled computing power. “Foreign countries shouldn’t be able to end-run export bans on American technology just by accessing servers over the internet,” he asserted, emphasizing the need for this legislation to safeguard U.S. leadership in artificial intelligence and its global competitiveness.
The current framework of the Export Control Reform Act empowers the executive branch to regulate the export, reexport, and in-country transfer of sensitive items. The proposed act clarifies that these controls also apply when a “foreign person of concern” remotely accesses controlled technology via cloud infrastructure, such as servers or data storage. The act identifies “foreign persons of concern” as individuals or entities connected to countries like China, Russia, Iran, and North Korea.
Under the new legislation, the Commerce Department could require licenses for foreign entities seeking to rent access to advanced U.S.-controlled chips located in data centers overseas, particularly if such access poses a national security risk. Specific high-risk activities targeted by the bill include the training of artificial intelligence models that could be used for developing weapons of mass destruction, automated cyberattacks, or systems that evade human oversight.
Moreover, the legislation aims to restrict access to tools designed for offensive cyber operations and technologies that may infringe on human rights, such as spyware, location tracking, or biometric identification systems. Supporters assert that this measure reflects a broader congressional effort to adapt national security policy to contemporary realities, where controlling access to technology can be as crucial as managing the physical hardware itself.
The Remote Access Security Act was officially introduced on March 6, 2024, and is expected to undergo further consideration by relevant Senate committees. As the global landscape of technology continues to evolve, lawmakers are keenly aware of the need to ensure national security measures remain effective and relevant.
