WASHINGTON, D.C. — A bipartisan pair of senators moved Wednesday to close what they call a dangerous national security gap, introducing legislation that would extend U.S. export controls to foreign access of sensitive American technology through the cloud.
Sen. Dave McCormick, a Republican from Pennsylvania, and Sen. Ron Wyden, a Democrat from Oregon, unveiled the Remote Access Security Act, which would amend the Export Control Reform Act of 2018 to cover remote access to controlled U.S. technologies, not just their physical export.
The proposal comes as cloud computing allows powerful chips and advanced software to be accessed from virtually anywhere in the world, raising alarms that existing export laws have failed to keep pace with technological change.
“Under current law, bad actors can train AI models by accessing advanced chips under the jurisdiction of the U.S., and the Bureau of Industry and Security has no authority to require a license,” McCormick said. He said the bill would close that loophole by subjecting remote access to the same scrutiny as physical possession when national security risks are involved.
Wyden said adversaries have increasingly sought to bypass U.S. export bans by renting access to American-controlled computing power rather than importing the hardware itself.
“Foreign countries shouldn’t be able to end-run export bans on American technology just by accessing servers over the internet,” Wyden said, arguing the measure is critical to protecting U.S. leadership in artificial intelligence and global competitiveness.
The Export Control Reform Act currently authorizes the executive branch to regulate exports, reexports, and in-country transfers of sensitive items. The new legislation would clarify that those controls also apply when a “foreign person of concern” remotely accesses controlled technology through cloud infrastructure such as servers, processors, or data storage.
The bill defines foreign persons of concern as individuals or entities tied to China, including Hong Kong and Macau, as well as Russia, Iran, and North Korea.
Under the proposal, the Commerce Department could require a license if, for example, a Chinese firm seeks to rent access to clusters of advanced U.S.-controlled chips housed in overseas data centers and that access is deemed a national security risk.
The legislation identifies several high-risk activities it aims to prevent, including training artificial intelligence models that could enable weapons of mass destruction, automated cyberattacks, or systems designed to evade human oversight. It would also restrict access to tools intended for offensive cyber operations and technologies used for surveillance that could undermine human rights through spyware, location tracking, or biometric identification.
Supporters say the measure reflects a broader effort by Congress to adapt national security policy to the realities of cloud computing and artificial intelligence, where control over access can be as consequential as control over hardware.
The Remote Access Security Act was introduced Wednesday and will be taken up by the relevant Senate committees for further consideration.
For the latest news on everything happening in Chester County and the surrounding area, be sure to follow MyChesCo on Google News and MSN.