For decades, the United States has led the world in the development and application of new technologies—some well-known examples include electronics like the transistor, microprocessors, the personal computer, and the internet. This leadership has been a significant contributor to maintaining our global standing. Today, although the US continues to lead in many areas, we cannot be complacent. There are too many up-and-coming competitors—both allies and strategic adversaries—looking to leverage US technology to build their own capabilities.
China’s “Made in China 2025” industrial policy, for example, includes plans to use government subsidies and foreign acquisition to challenge US leadership in many areas. The long-term implications of this plan include loss of US global influence and a long-term economic dependence on foreign countries. While the US economy and technical leadership has benefitted greatly from open trade policies, we still need to protect our most valuable innovations. The question becomes: how do we ensure US-developed technology benefits US national security?
How the DoD defines critical technology
The US has many tools available to protect its critical technologies from being diverted. These include export controls (International Traffic in Arms Regulations (ITAR) and Export Administration Regulations (EAR)), and review of merger and acquisitions (the Hart-Scott-Rodino Antitrust Improvements Act and the Committee on Foreign Investment in the United States (CFIUS)). Before these tools can be deployed, however, we have to define which technologies qualify as critical.
Given the rapid pace at which technology evolves, the US government must be careful to focus protection on areas that relate to national security—especially where the technology is emerging, or the US holds an advantage over adversary nations. The 2018 National Defense Strategy (NDS) took a cut at this, highlighting these new technologies of concern:
- Advanced computing
- Big data analytics
- Artificial intelligence
- Directed energy
This list is problematic for groups focused on technology protection. Take big data analytics, for instance. Rather than being one single product with a single use, it is a set of techniques and algorithms that can be used across multiple fields. It could become a national security concern depending on the application and data set, but there are also far-reaching commercial uses. Both Wal-Mart and Target have large research efforts in big data; is this something we want to protect? Maybe.
Tagging autonomy is also problematic with the various applications of artificial intelligence (AI). AI, robotics, and advanced computing are all extremely broad technologies with many benign commercial uses. As the public becomes aware of these technologies, they can become buzzwords, and the government cannot try to protect everything.
U.Group subject matter experts (SMEs) working with the DoD are often asked to discern whether an application is critical technology—or whether it’s completely benign, like Domino’s AI-based Piedentifier. This is what I call the “World’s Greatest Coffee” problem, where seemingly every US company says they are a leader in a critical technology area. Simply put, they can’t all be justified in making that claim.
The Department of Commerce’s take on critical technology
To be fair, the NDS was never intended to be used as a guide to critical technology. That task currently belongs to the Department of Commerce (DOC) Bureau of Industry and Security (BIS). Late last year, BIS published an advanced notice of rulemaking, Review of Controls for Certain Emerging Technologies, and solicited feedback from the public. This notice distinguishes between emerging and foundational technologies and proposes 14 emerging technology areas.
Once an emerging technology is defined, DOC is authorized “to establish controls, including interim controls, on the export, re-export, or transfer (in-country) of that technology.” The technology areas include the areas from the NDS but with more detail. For example, biotechnology has five subcategories, while AI has 11. New areas include microprocessor technology, quantum information, and brain computer interfaces. Despite the added detail, however, the list runs into some of the same issues as the NDS: some protected terms point to broad techniques while some are very specific.
This, of course, is only the first step of the process. Going forward, the DOC must consider the wide array of public comments from universities, companies, foreign governments, and groups like IEEE, the Cybersecurity Coalition, and the Consumer Technology Association. Even with this more detailed list, SMEs must still evaluate specific items for criticality.
U.Group is uniquely capable of helping with this task, as our teams possess both deep industry knowledge and data science and AI capabilities. We work closely with our clients to parse the data to help them make informed decisions on which technologies need to be protected, and how.